MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #223 from VVX7/master 

chg: [misinfosec objects] add archive field
pull/227/head
Alexandre Dulaunoy 2020-01-31 06:15:36 +01:00 committed by GitHub
parent a521f9008e e4d217172e
commit 3a7367b8dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 254 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
objects/blog/definition.json
View File

@ -9,7 +9,7 @@
"misp-attribute": "text"
},
"title": {
"description": "Raw post.",
"description": "Title of blog post.",
"ui-priority": 1,
"misp-attribute": "text"
},
@ -23,6 +23,12 @@
"ui-priority": 1,
"misp-attribute": "link"
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"type": {
"description": "Type of blog post.",
"ui-priority": 1,
@ -88,7 +94,7 @@
"misp-attribute": "text"
}
},
"version": 12,
"version": 13,
"description": "Blog post like Medium or WordPress.",
"meta-category": "misc",
"uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1",

11
objects/forged-document/definition.json
View File

@ -29,11 +29,14 @@
"ui-priority": 1,
"misp-attribute": "text",
"disable_correlation": true,
"multiple": true,
"sane_default": [
"email",
"letterhead",
"speech",
"literature",
"blog",
"microblog",
"photo",
"audio",
"invoice",
@ -66,6 +69,12 @@
"ui-priority": 1,
"misp-attribute": "link"
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"objective": {
"description": "Objective of the forged document.",
"ui-priority": 1,
@ -92,7 +101,7 @@
"misp-attribute": "datetime"
}
},
"version": 5,
"version": 7,
"description": "Object describing a forged document.",
"meta-category": "file",
"uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21",

9
objects/leaked-document/definition.json
View File

@ -34,6 +34,7 @@
"ui-priority": 1,
"misp-attribute": "text",
"disable_correlation": true,
"multiple": true,
"sane_default": [
"email",
"letterhead",
@ -71,6 +72,12 @@
"ui-priority": 1,
"misp-attribute": "link"
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"objective": {
"description": "Reason for leaking the document.",
"ui-priority": 1,
@ -98,7 +105,7 @@
"misp-attribute": "datetime"
}
},
"version": 5,
"version": 6,
"description": "Object describing a leaked document.",
"meta-category": "file",
"uuid": "ea145ecd-b3c2-4f57-ac11-c16e883c4247",

8
objects/meme-image/definition.json
View File

@ -66,6 +66,12 @@
"ui-priority": 1,
"misp-attribute": "link"
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"objective": {
"description": "Objective of the meme.",
"ui-priority": 1,
@ -92,7 +98,7 @@
"misp-attribute": "datetime"
}
},
"version": 5,
"version": 6,
"description": "Object describing a meme (image).",
"meta-category": "file",
"uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6",

16
objects/microblog/definition.json
View File

@ -19,6 +19,18 @@
"misp-attribute": "link",
"to_ids": false
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"attachment": {
"description": "The microblog post file or screen capture.",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "attachment"
},
"type": {
"description": "Type of the microblog post",
"ui-priority": 1,
@ -43,6 +55,8 @@
"values_list": [
"Informative",
"Malicious",
"Misinformation",
"Disinformation",
"Unknown"
]
},
@ -103,7 +117,7 @@
"multiple": true
}
},
"version": 12,
"version": 16,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",

73
objects/news-agency/definition.json Normal file
View File

@ -0,0 +1,73 @@
{
"requiredOneOf": [
"name",
"alias"
],
"attributes": {
"name": {
"description": "Name of the news agency.",
"disable_correlation": false,
"ui-priority": 100,
"misp-attribute": "text"
},
"alias": {
"description": "Alias of the news agency.",
"ui-priority": 99,
"misp-attribute": "text",
"multiple": true
},
"archive": {
"description": "Archive of the original document (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"attachment": {
"description": "The news file, screen capture, audio, etc.",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "attachment"
},
"url": {
"description": "Original URL location of the news agency (potentially malicious).",
"ui-priority": 1,
"misp-attribute": "url",
"multiple": true
},
"link": {
"description": "Original link to the news agency (Supposed harmless).",
"ui-priority": 1,
"misp-attribute": "link",
"multiple": true
},
"phone-number": {
"description": "Phone number of the news agency.",
"ui-priority": 10,
"misp-attribute": "phone-number",
"multiple": true
},
"fax-number": {
"description": "Fax number of the news agency.",
"ui-priority": 10,
"misp-attribute": "phone-number",
"multiple": true
},
"address": {
"description": "Postal address of the news agency.",
"ui-priority": 10,
"misp-attribute": "text",
"multiple": true
},
"e-mail": {
"description": "Email address of the organization.",
"ui-priority": 10,
"misp-attribute": "email-src",
"multiple": true
}
},
"version": 1,
"description": "News agencies compile news and disseminate news in bulk.",
"meta-category": "misc",
"uuid": "92b3f7fd-c4bc-42af-a73b-033ace439622",
"name": "news-agency"
}

127
objects/news-media/definition.json Normal file
View File

@ -0,0 +1,127 @@
{
"requiredOneOf": [
"source",
"alias"
],
"attributes": {
"source": {
"description": "Name of the news source.",
"disable_correlation": false,
"ui-priority": 100,
"misp-attribute": "text"
},
"alias": {
"description": "Alias of the news source.",
"ui-priority": 99,
"misp-attribute": "text",
"multiple": true
},
"content": {
"description": "Raw content of the news.",
"ui-priority": 1,
"misp-attribute": "text"
},
"transcription": {
"description": "Transcribed audio/visual content.",
"ui-priority": 1,
"misp-attribute": "text"
},
"title": {
"description": "Title of the post.",
"ui-priority": 1,
"misp-attribute": "text"
},
"archive": {
"description": "Archive of the news (Internet Archive, Archive.is, etc).",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "link"
},
"attachment": {
"description": "The news file, screen capture, audio, etc.",
"ui-priority": 1,
"multiple": true,
"misp-attribute": "attachment"
},
"type": {
"description": "Type of news media (newspaper, TV, podcast, etc).",
"ui-priority": 1,
"misp-attribute": "text",
"disable_correlation": true,
"multiple": true,
"sane_default": [
"Newspaper",
"Newspaper (Online)",
"Magazine",
"Magazine (Online)",
"TV",
"Tube",
"Radio",
"Radio (Online)",
"Podcast",
"Alternative Media",
"Other"
]
},
"sub-type": {
"misp-attribute": "text",
"ui-priority": 0,
"description": "Format of the news post (business daily, local news, metasite, etc).",
"disable_correlation": true,
"values_list": [
"Business Daily",
"Local News",
"State News",
"National News",
"Metasite",
"Political Commentary",
"Clipper",
"Pressure Group",
"Staging",
"Trade Site",
"Other"
]
},
"url": {
"description": "Original URL location of news (potentially malicious).",
"ui-priority": 1,
"misp-attribute": "url",
"multiple": true
},
"link": {
"description": "Original link to news (Supposed harmless).",
"ui-priority": 1,
"misp-attribute": "link",
"multiple": true
},
"phone-number": {
"description": "Phone number of the news source.",
"ui-priority": 10,
"misp-attribute": "phone-number",
"multiple": true
},
"fax-number": {
"description": "Fax number of the news source.",
"ui-priority": 10,
"misp-attribute": "phone-number",
"multiple": true
},
"address": {
"description": "Postal address of the news source.",
"ui-priority": 10,
"misp-attribute": "text",
"multiple": true
},
"e-mail": {
"description": "Email address of the news source.",
"ui-priority": 10,
"misp-attribute": "email-src",
"multiple": true
}
},
"version": 1,
"description": "News media are forms of mass media deliverings news to the general public.",
"meta-category": "misc",
"uuid": "691463c5-5302-4847-9bec-4c56ccfec677",
"name": "news-media"
}

7
objects/user-account/definition.json
View File

@ -3,7 +3,7 @@
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
"meta-category": "misc",
"description": "",
"version": 1,
"version": 2,
"requiredOneOf": [
"password",
"username",
@ -54,6 +54,11 @@
"windows-domain"
]
},
"link": {
"description": "Original link into the account page (Supposed harmless)",
"ui-priority": 1,
"misp-attribute": "link"
},
"is_service_account": {
"description": "Specifies if the account is associated with a network service.",
"disable_correlation": true,