From 30512f69af184282d8009325ada9e193e91d0949 Mon Sep 17 00:00:00 2001
From: Michael Kerscher <michael.kerscher@siemens.com>
Date: Wed, 7 Dec 2016 16:39:31 +0100
Subject: [PATCH] registry key object added

---
 objects/registry-key/definition.json | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 objects/registry-key/definition.json

diff --git a/objects/registry-key/definition.json b/objects/registry-key/definition.json
new file mode 100644
index 0000000..2739f35
--- /dev/null
+++ b/objects/registry-key/definition.json
@@ -0,0 +1,40 @@
+{
+        "name": "registry-key",
+        "meta-category": "file",
+        "description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
+        "version": 1,
+        "attributes" :
+        {
+		"hive": {
+			"misp-attribute": "reg-hive",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"key": {
+			"misp-attribute": "reg-key",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"name": {
+			"misp-attribute": "reg-name",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"data": {
+			"misp-attribute": "reg-data",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"data-type": {
+			"misp-attribute": "reg-datatype",
+			"misp-usage-frequency": 0,
+			"categories": ["Persistence mechanism"]
+		},
+		"last-modified": {
+			"misp-attribute": "datetime",
+			"misp-usage-frequency": 0,
+			"categories": ["Other"]
+		}
+        },
+	"required": ["key", "name"]
+}