From 40209922861f5786d6cd9031b257ada9328d7393 Mon Sep 17 00:00:00 2001 From: Daniel Pascual Date: Tue, 6 Aug 2024 18:10:00 +0200 Subject: [PATCH] Add Google Threat Intelligence report --- .../definition.json | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 objects/google-threat-intelligence-report/definition.json diff --git a/objects/google-threat-intelligence-report/definition.json b/objects/google-threat-intelligence-report/definition.json new file mode 100644 index 0000000..70ad679 --- /dev/null +++ b/objects/google-threat-intelligence-report/definition.json @@ -0,0 +1,75 @@ +{ + "attributes": { + "severity": { + "categories": [ + "External analysis" + ], + "description": "GTI Severity", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "verdict": { + "categories": [ + "External analysis" + ], + "description": "GTI Verdict", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "threat-score": { + "categories": [ + "External analysis" + ], + "description": "GTI Threat Score", + "disable_correlation": true, + "misp-attribute": "integer", + "ui-priority": 1 + }, + "detection-ratio": { + "categories": [ + "External analysis" + ], + "description": "Detection Ratio", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "first-submission": { + "categories": [ + "Other" + ], + "description": "First Submission", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "last-submission": { + "categories": [ + "Other" + ], + "description": "Last Submission", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "permalink": { + "categories": [ + "External analysis" + ], + "description": "Permalink Reference", + "disable_correlation": true, + "misp-attribute": "link", + "ui-priority": 2 + } + }, + "description": "Google Threat Intelligence report that provides an assessment (verdict, severity and scoring) and combined information from VirusTotal and Mandiant", + "meta-category": "misc", + "name": "google-threat-intelligence-report", + "required": [ + "permalink" + ], + "uuid": "e288e533-2736-438a-8136-26cac06be1e7", + "version": 1 +}