MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

wip: [impacts] New template for different types of impacts as described in STIX 2.1 Incident object extensions

pull/396/head
Christian Studer 2023-06-22 15:16:48 +02:00
parent c5c8f35fb4
commit 3c17729f0e
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
7 changed files with 797 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
objects/availability-impact/definition.json Normal file
View File

@ -0,0 +1,96 @@
{
"attributes": {
"availability_impact": {
"description": "The availability impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"None",
"Minimal",
"Significant",
"Denial",
"Loss of Control"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Availability Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "availability-impact",
"required": [
"availability_impact"
],
"uuid": "19b4394a-46a9-4196-a30c-080eaed06273",
"version": 1
}

125
objects/confidentiality-impact/definition.json Normal file
View File

@ -0,0 +1,125 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"information_type": {
"description": "Type of information that had its confidentiality compromised.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"classified-material",
"communication",
"credentials-admin",
"credentials-user",
"financial",
"leval",
"payment",
"phi",
"pii",
"proprietary"
],
"ui-priority": 0
},
"loss_type": {
"description": "The type of loss that occurred to the relevant information.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"confirmed-loss",
"contained",
"exploited-loss",
"none",
"suspected-loss"
],
"ui-priority": 0
},
"record_count":{
"description": "The number of records of this type that were compromised.",
"disable_correlation": true,
"misp_attribute": "counter",
"ui-priority": 0
},
"record_size":{
"description": "The amount of data that was compromised in bytes.",
"disable_correlation": true,
"misp_attribute": "size-in-bytes",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Confidentiality Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "confidentiality-impact",
"required": [
"loss_type"
],
"uuid": "b0027f13-56e4-4c85-9632-3cf81208429b",
"version": 1
}

97
objects/external-impact/definition.json Normal file
View File

@ -0,0 +1,97 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"impact_type": {
"description": "Type of impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"economic",
"emergency-services",
"foreign-relations",
"national-secuirty",
"public-confidence",
"public-health",
"public-safety"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "External Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "external-impact",
"required": [
"impact_type"
],
"uuid": "4ac36991-9333-4ada-8e17-bcbeb988160a",
"version": 1
}

127
objects/integrity-impact/definition.json Normal file
View File

@ -0,0 +1,127 @@
{
"attributes": {
"alteration": {
"description": "",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"potential-destruction",
"potential-modification",
"partial-destruction",
"partial-modification",
"full-destruction",
"full-modification",
"none"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"information_type": {
"description": "Type of information that had its confidentiality compromised.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"classified-material",
"communication",
"credentials-admin",
"credentials-user",
"financial",
"leval",
"payment",
"phi",
"pii",
"proprietary"
],
"ui-priority": 0
},
"record_count": {
"description": "The number of records of this type that were compromised.",
"disable_correlation": true,
"misp_attribute": "counter",
"ui-priority": 0
},
"record_size": {
"description": "The amount of data that was compromised in bytes.",
"disable_correlation": true,
"misp_attribute": "size-in-bytes",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Integrity Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "integrity-impact",
"required": [
"alteration"
],
"uuid": "604830f2-8035-4454-aa32-7f6eee1f04c6",
"version": 1
}

135
objects/monetary-impact/definition.json Normal file
View File

@ -0,0 +1,135 @@
{
"attributes": {
"conversion_rate": {
"description": "Conversion rate between currency and currency_actual (if needed).",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"conversion_time": {
"description": "Timestamp when the conversion rate was queried.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"currency": {
"description": "Currency used to describe the max and min amount of the impact.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"currency_actual": {
"description": "Currency that the impact actually used.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"max_amount": {
"description": "Maximum damage estimate.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"min_amount": {
"description": "Minimum damage estimate.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"variety": {
"description": "Variety of the moneraty impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"asset-and-fraud",
"brand-damage",
"business-disruption",
"competitive-advantage",
"legal-and-regulatory",
"operating-costs",
"ransom-demand",
"ransom-payment",
"response-and-recovery",
"uncategorized"
],
"ui-priority": 0
}
},
"description": "Monetary Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "monetary-impact",
"required": [
"variety"
],
"uuid": "3376296c-c1ef-4847-979f-2bfc49aa983e",
"version": 1
}

124
objects/physical-impact/definition.json Normal file
View File

@ -0,0 +1,124 @@
{
"attributes": {
"asset_type": {
"description": "The type or property or system that was affected by this impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"building-doors",
"building-windows",
"buildings",
"computers-mobile",
"computers-personal",
"computers-server",
"environment",
"ics-actuator",
"ics-engineering-workstation",
"ics-historian",
"ics-hmi",
"ics-other",
"ics-plc",
"ics-safety-system",
"ics-sensor",
"inventory",
"network-device",
"private-infrastructure",
"public-infrastructure",
"security-containers",
"vehicles"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"impact_type": {
"description": "Type of physical impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"damaged-functional",
"damaged-nonfunctional",
"destruction",
"none",
"unknown"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Physical Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "physical-impact",
"required": [
"impact_type"
],
"uuid": "ae979b91-5896-46f7-ad70-4f3036d79251",
"version": 1
}

93
objects/traceability-impact/definition.json Normal file
View File

@ -0,0 +1,93 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"traceability_impact": {
"description": "Impact on a system or organization's ability to perform audits or provvide non-repudiation.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"accountability-lost",
"partial-accountability",
"provable-accountability"
],
"ui-priority": 0
}
},
"description": "Traceability Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "traceability-impact",
"required": [
"traceability_impact"
],
"uuid": "1dd26500-6246-4750-ad47-94ae4e200d8f",
"version": 1
}