From 39dd150e2a85b2b5a041a202343ecefa4d34b43a Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 18 Nov 2018 10:28:18 +0100
Subject: [PATCH] add: [cortex] new object based on a discussion with Jerome L.
 from TheHive (thanks to SNCF)

---
 objects/cortex/definition.json | 48 ++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 objects/cortex/definition.json

diff --git a/objects/cortex/definition.json b/objects/cortex/definition.json
new file mode 100644
index 0000000..1d6679c
--- /dev/null
+++ b/objects/cortex/definition.json
@@ -0,0 +1,48 @@
+{
+  "requiredOneOf": [
+    "full"
+  ],
+  "attributes": {
+    "summary": {
+      "description": "Cortex summary object (summary) in JSON",
+      "disable_correlation": false,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "full": {
+      "description": "Cortex report object (full report) in JSON",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "start-date": {
+      "description": "When the Cortex analyser was started",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "name": {
+      "description": "Cortex analyser/worker name",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "server-name": {
+      "description": "Name of the cortex server",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "success": {
+      "description": "Result of the cortex job",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "boolean"
+    }
+  },
+  "version": 1,
+  "description": "Cortex object describing a complete cortex analysis",
+  "meta-category": "misc",
+  "uuid": "144988f3-fa00-4374-8015-c1a32092f451",
+  "name": "cortex"
+}