MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Add: Web artefacts objects

pull/118/head
aksha 2018-10-22 09:35:21 +01:00
parent 711abb094a
commit 478dc899f2
6 changed files with 407 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
objects/TSK-Chats/definition.json Normal file
View File

@ -0,0 +1,84 @@
{
"required": [
"message-type",
"message"
],
"attributes": {
"message-type": {
"description": "the type of message extracted from the forensic-evidence.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default":[
"SMS",
"MMS",
"Instant Message (IM)",
"Voice Message"
],
"disable_correlation": true
},
"datetime-sent": {
"description": "date and the time when the message was sent.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"datetime-received": {
"description": "date and time when the message was received.",
"multiple": true,
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"Source": {
"description": "Source of the message.(Contact details)",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"destination": {
"description": "Destination of the message.(Contact details)",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"app-used": {
"description": "Application used to send the message.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"subject": {
"description": "Subject of the message if any.",
"ui-priority": 0,
"misp-attribute": "text"
},
"message": {
"description": "Message exchanged.",
"ui-priority": 0,
"misp-attribute": "text"
},
"attachments": {
"description": "External references",
"multiple": true,
"ui-priority": 0,
"categories": [
"External analysis"
],
"misp-attribute": "link"
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.",
"meta-category": "misc",
"uuid": "6b71f231-c502-467f-bc67-1423cd5bf800",
"name": "TSK-Chats"
}

67
objects/TSK-Web-Bookmark/definition.json Normal file
View File

@ -0,0 +1,67 @@
{
"required": [
"URL"
],
"attributes": {
"URL": {
"description": "The URL saved as bookmark.",
"ui-priority": 0,
"misp-attribute": "link"
},
"datetime-bookmarked": {
"description": "date and time when the URL was added to favorites.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"name": {
"description": "Book mark name. ",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"title": {
"description": "Title of the web page",
"ui-priority": 0,
"misp-attribute": "text"
},
"browser": {
"description": "Browser used to access the URL.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default": [
"IE",
"Safari",
"Chrome",
"Firefox",
"Opera mini",
"Chromium"
],
"disable_correlation": true
},
"domain-name": {
"description": "Domain of the URL.",
"ui-priority": 0,
"misp-attribute": "text"
},
"domain-ip": {
"description": "IP of the URL domain.",
"ui-priority": 0,
"misp-attribute": "ip-src"
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.",
"meta-category": "misc",
"uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373",
"name": "TSK-Web-Bookmark"
}

67
objects/TSK-Web-Cookie/definition.json Normal file
View File

@ -0,0 +1,67 @@
{
"required": [
"URL",
"name",
"value"
],
"attributes": {
"URL": {
"description": "The website URL that created the cookie.",
"ui-priority": 0,
"misp-attribute": "link"
},
"datetime-created": {
"description": "date and time when the cookie was created.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"name": {
"description": "Name of the cookie ",
"ui-priority": 0,
"misp-attribute": "text"
},
"value": {
"description": "Value assigned to the cookie.",
"ui-priority": 0,
"misp-attribute": "text"
},
"browser": {
"description": "Browser on which the cookie was created.",
"ui-priority": 0,
"sane_default": [
"IE",
"Safari",
"Chrome",
"Firefox",
"Opera mini",
"Chromium"
],
"misp-attribute": "text"
},
"domain-name": {
"description": "Domain of the URL that created the cookie.",
"ui-priority": 0,
"misp-attribute": "text"
},
"domain-ip": {
"description": "IP of the domain that created the URL.",
"ui-priority": 0,
"misp-attribute": "ip-src"
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.",
"meta-category": "misc",
"uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d",
"name": "TSK-Web-Cookie"
}

55
objects/TSK-Web-Downloads/definition.json Normal file
View File

@ -0,0 +1,55 @@
{
"required": [
"URL",
"name"
],
"attributes": {
"URL": {
"description": "The URL used to download the file.",
"ui-priority": 0,
"misp-attribute": "link"
},
"datetime-accessed": {
"description": "date and time when the file was downloaded.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"name": {
"description": "Name of the file downloaded.",
"ui-priority": 0,
"misp-attribute": "text"
},
"path-downloadedTo": {
"description": "Location the file was downloaded to.",
"ui-priority": 0,
"misp-attribute": "text"
},
"pathID": {
"description": "Id of the attribute file where the information is gathered from.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"attachment": {
"description": "The downloaded file itself.",
"ui-priority": 1,
"misp-attribute": "attachment",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An Object Template to add web-downloads",
"meta-category": "File",
"uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26",
"name": "TSK-Web-Downloads"
}

68
objects/TSK-Web-History/definition.json Normal file
View File

@ -0,0 +1,68 @@
{
"required": [
"URL",
"datetime-accessed"
],
"attributes": {
"URL": {
"description": "The URL accessed.",
"ui-priority": 0,
"misp-attribute": "link"
},
"datetime-accessed": {
"description": "date and the time when the URL was accessed.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"referrer": {
"description": "where the URL was referred from ",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"title": {
"description": "Title of the web page",
"ui-priority": 0,
"misp-attribute": "text"
},
"domain-name": {
"description": "Domain of the URL.",
"ui-priority": 0,
"misp-attribute": "text"
},
"domain-ip": {
"description": "IP of the URL domain.",
"ui-priority": 0,
"misp-attribute": "ip-src"
},
"browser": {
"description": "Browser used to access the URL.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default": [
"IE",
"Safari",
"Chrome",
"Firefox",
"Opera mini",
"Chromium"
],
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An Object Template to share web history information",
"meta-category": "misc",
"uuid": "e1325e52-e52e-49b1-89ad-d503c127c698",
"name": "TSK-Web-History"
}

66
objects/TSK-Web-Search-Query/definition.json Normal file
View File

@ -0,0 +1,66 @@
{
"required": [
"domain",
"text"
],
"attributes": {
"domain": {
"description": "The domain of the search engine.",
"ui-priority": 0,
"misp-attribute": "link",
"sane_default": [
"Google",
"Yahoo",
"Bing",
"Alta Vista",
"MSN"
],
"disable_correlation": true
},
"text": {
"description": "the search word or sentence.",
"ui-priority": 0,
"misp-attribute": "text"
},
"datetime-searched": {
"description": "date and time when the search was conducted.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"browser": {
"description": "Browser used.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default": [
"IE",
"Safari",
"Chrome",
"Firefox",
"Opera mini",
"Chromium"
],
"disable_correlation": true
},
"username": {
"description": "User name or ID associated with the search.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"categories": [
"External analysis"
],
"disable_correlation": true
}
},
"version": 1,
"description": "An Object Template to share web search query information",
"meta-category": "misc",
"uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e",
"name": "TSK-Web-Search-Query"
}