From 34ac927065150611203c9d9dd89ff4c42c9527ac Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 3 Dec 2019 07:33:33 +0100
Subject: [PATCH] new: [virustotal-graph] VirusTotal graph object added

Based on the discussion with VT, virustotal-graph object has been added which will
be used with the expansion modules and also to trigger the specific
quick-tab in MISP to display the VT graph result in an iframe if this
object is present.
---
 README.md                                |  1 +
 objects/virustotal-graph/definition.json | 52 ++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 objects/virustotal-graph/definition.json

diff --git a/README.md b/README.md
index 9c83ff0..a6107ee 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 * [objects/user-account](objects/user-account/definition.json) - Object describing a user account (UNIX, Windows, etc).
 * [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
 * [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused.
+* [objects/virustotal-graph](objects/virustotal-graph/definition.json) - VirusTotal graph.
 * [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
 * [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE.
 * [objects/weakness](objects/weakness/definition.json) - Weakness object as described in a CWE.
diff --git a/objects/virustotal-graph/definition.json b/objects/virustotal-graph/definition.json
new file mode 100644
index 0000000..22ed6a5
--- /dev/null
+++ b/objects/virustotal-graph/definition.json
@@ -0,0 +1,52 @@
+{
+  "required": [
+    "permalink"
+  ],
+  "attributes": {
+    "access": {
+      "description": "Access to the VirusTotal graph",
+      "disable_correlation": true,
+      "categories": [
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "values_list": [
+        "Private",
+        "Public"
+      ]
+    },
+    "permalink": {
+      "description": "Permalink Reference to the VirusTotal graph",
+      "categories": [
+        "External analysis"
+      ],
+      "ui-priority": 2,
+      "misp-attribute": "link"
+    },
+    "comment": {
+      "description": "Comment related to this VirusTotal graph",
+      "categories": [
+        "External analysis"
+      ],
+      "misp-attribute": "text",
+      "ui-priority": 2,
+      "multiple": true,
+      "disable_correlation": true
+    },
+    "screenshot": {
+      "description": "Screenshot of the VirusTotal graph",
+      "misp-attribute": "attachment",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "categories": [
+        "External analysis"
+      ]
+    }
+  },
+  "version": 1,
+  "description": "VirusTotal graph",
+  "meta-category": "misc",
+  "uuid": "9b421055-b1bb-4c33-9ead-7fa3f39e2232",
+  "name": "virustotal-graph"
+}