Merge remote-tracking branch 'upstream/main' into process

LICENSE-software-only.md

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<http://www.gnu.org/licenses/>.

LICENSE.md

@@ -0,0 +1,36 @@
+The MISP objects (JSON files) are dual-licensed under:
+
+- [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication.
+
+or
+
+~~~~
+ Copyright (c) 2016-2020 Alexandre Dulaunoy - a@foo.be
+ Copyright (c) 2016-2020 CIRCL - Computer Incident Response Center Luxembourg
+ Copyright (c) 2016-2020 Andras Iklody
+ Copyright (c) 2016-2020 Raphael Vinot
+ Copyright (c) 2016-2020 Various contributors to MISP Project
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+    2. Redistributions in binary form must reproduce the above copyright notice,
+       this list of conditions and the following disclaimer in the documentation
+       and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+~~~~~
+
+If a specific author of a taxonomy wants to license it under a different license, a pull request can be requested.
+

README.md

@@ -8,40 +8,78 @@ and their associated attributes are based on real cyber security use-cases and e
 
 Feel free to propose your own MISP objects to be included in MISP. The system is similar to the [misp-taxonomies](https://github.com/MISP/misp-taxonomies) where anyone can contribute their own objects to be included in MISP without modifying software.
 
-## Format of MISP objects
+## Format of MISP object template
+
+### An example with 'domain-ip' of MISP object template
 
 ~~~~json
 {
-        "name": "domain|ip",
-        "meta-category": "network",
-        "description": "A domain and IP address seen as a tuple in a specific time frame.",
-        "version": 1,
-        "uuid": "f47559d7-6c16-40e8-a6b0-eda4a008376f",
-        "attributes" :
-        {
-                "ip": {
-                        "misp-attribute": "ip-dst",
-                        "ui-priority": 1,
-                        "categories": ["Network activity","External analysis"]
-                },
-                "domain": {
-                        "misp-attribute": "domain",
-                        "ui-priority": 1,
-                        "categories": ["Network activity","External analysis"]
-                },
-                "first-seen": {
-                        "misp-attribute": "datetime",
-                        "disable_correlation": true,
-                        "ui-priority": 0
-                },
-                "last-seen": {
-                        "misp-attribute": "datetime",
-                        "disable_correlation": true,
-                        "ui-priority": 0
-                }
-
-        },
-        "required": ["ip","domain"]
+  "attributes": {
+    "domain": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain name",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "first-seen": {
+      "description": "First time the tuple has been seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "ip": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IP Address",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "last-seen": {
+      "description": "Last time the tuple has been seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "port": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Associated TCP port with the domain",
+      "misp-attribute": "port",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "registration-date": {
+      "description": "Registration date of domain",
+      "disable_correlation": false,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "A description of the tuple",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
+    }
+  },
+  "description": "A domain and IP address seen as a tuple in a specific time frame.",
+  "meta-category": "network",
+  "name": "domain-ip",
+  "required": [
+    "ip",
+    "domain"
+  ],
+  "uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
+  "version": 8
 }
 ~~~~
 
@@ -66,108 +104,258 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 
 ## Existing MISP objects
 
-* [objects/ail-leak](objects/ail-leak/definition.json) - Information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework).
-* [objects/ais-info](objects/ais-info/definition.json) - Object describing Automated Indicator Sharing (AIS) information source markings.
-* [objects/android-permission](objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. file).
-* [objects/asn](objects/asn/definition.json) - Autonomous system object describing a BGP autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
-* [objects/attack-pattern](objects/attack-pattern/definition.json) - Attack Pattern object describing a common attack pattern enumeration and classification.
-* [objects/authenticode-signerinfo](objects/authenticode-signerinfo/definition.json) - Authenticode signer info.
-* [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature.
-* [objects/bank-account](objects/bank-account/definition.json) - Object describing bank account information based on account description from goAML 4.0.
-* [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com
-* [objects/btc-transaction](objects/btc-transaction/definition.json) - Object describing BTC transaction (often attached to a btc-wallet object.
-* [objects/btc-wallet](objects/btc-wallet/definition.json) - Object describing a BTC wallet.
-* [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
-* [objects/cap-info](objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
-* [objects/cap-resource](objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.
-* [objects/coin-address](objects/coin-address/definition.json) - An address used in a cryptocurrency.
-* [objects/cookie](objects/cookie/definition.json) - A cookie object describes an HTTP cookie including its use in malicious cases.
-* [objects/course-of-action](objects/course-of-action/definition.json) - An object describing a Course of Action such as a specific measure taken to prevent or respond to an attack.
-* [objects/cowrie](objects/cowrie/definition.json) - A cowrie object describes cowrie honeypot sessions.
-* [objects/credential](objects/credential/definition.json) - A credential object describes one or more credential(s) including password(s), api key(s) or decryption key(s).
-* [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
-* [objects/device](objects/device/definition.json) - An object to describe a device such as a computer, laptop or alike.
-* [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
-* [objects/dns-record](objects/dns-record/definition.json) - A DNS record object to describe the associated records for a domain.
-* [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
-* [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).
-* [objects/elf-section](objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format (ELF).
-* [objects/email](objects/email/definition.json) - An email object.
-* [objects/employee](objects/employee/definition.json) - An employee object.
-* [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.
-* [objects/facial-composite](objects/facial-composite/definition.json) A facial composite object.
-* [objects/fail2ban](objects/fail2ban/definition.json) - A fail2ban object.
-* [objects/file](objects/file/definition.json) - File object describing a file with meta-information.
-* [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
-* [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
-* [objects/geolocation](objects/geolocation/definition.json) - A geolocation object to describe a location.
-* [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
-* [objects/http-request](objects/http-request/definition.json) - A single HTTP request header object.
-* [objects/imsi-catcher](objects/imsi-catcher/definition.json) - Object describing IMSI catcher associated event.
-* [objects/interpol-notice](objects/interpol-notice/definition.json) - Object used to represent an Interpol notice
-* [objects/ip-api-address](objects/ip-api-address/definition.json) - Object describing IP Address information, as defined in [ip-api.com](http://ip-api.com).
-* [objects/ip-port](objects/ip-port/definition.json) - An IP address and a port seen as a tuple (or as a triple) in a specific time frame.
-* [objects/ja3](objects/ja3/definition.json) - A ja3 object which describes an SSL client fingerprint in an easy to produce and shareable way.
-* [objects/legal-entity](objects/legal-entity/definition.json) - Object describing a legal entity, such as an organisation.
-* [objects/lnk](objects/lnk/definition.json) - Object describing a Windows LNK (Windows Shortcut) file.
-* [objects/macho](objects/macho/definition.json) - Object describing a Mach object file format.
-* [objects/macho-section](objects/macho-section/definition.json) - Object describing a section of a Mach object file format.
-* [objects/mactime-timeline-analysis](objects/mactime-timeline-analysis/definition.json) - Mactime template, used in forensic investigations to describe the timeline of a file activity.
-* [objects/malware-config](objects/malware-config/definition.json) - Object describing a malware configuration recovered or extracted from a malicious binary.
-* [objects/microblog](objects/microblog/definition.json) - Object describing microblog post like Twitter or Facebook.
-* [objects/mutex](objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
-* [objects/netflow](objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
-* [objects/network-connection](objects/network-connection/definition.json) - Network object describes a local or remote network connection.
-* [objects/network-socket](objects/network-socket/definition.json) - Object to describe a local or remote network connections based on the socket data structure.
-* [objects/original-imported-file](objects/original-imported-file/definition.json) - Object to describe the original files used to import data in MISP.
-* [objects/organization](objects/organization/definition.json) - An object which describes an organization.
-* [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in [draft-dulaunoy-dnsop-passive-dns-cof-01](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01).
-* [objects/paste](objects/paste/definition.json) - Object describing a paste or similar post from a website allowing to share privately or publicly posts.
-* [objects/pe](objects/pe/definition.json) - Portable Executable (PE) object.
-* [objects/pe-section](objects/pe-section/definition.json)  - Portable Executable (PE) object - section description.
-* [objects/person](objects/person/definition.json) - A person object which describes a person or an identity.
-* [objects/phishing](objects/phishing/definition.json) - Phishing template to describe a phishing website and its analysis.
-* [objects/phishing-kit](objects/phishing-kit/definition.json) - Object to describe a phishing kit.
-* [objects/phone](objects/phone/definition.json) - A phone or mobile phone object.
-* [objects/process](objects/process/definition.json) - A process object.
-* [objects/regexp](objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.
-* [objects/registry-key](objects/registry-key/definition.json) - A registry-key object.
-* [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from binary files using radare2 and graphml.
-* [objects/report](objects/report/definition.json) - Object to describe metadata used to generate an executive level report.
-* [objects/research-scanner](objects/research-scanner/definition.json) - Information related to known scanning activity (e.g. from research projects)
-* [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response.
-* [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report object.
-* [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature object.
-* [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
-* [objects/shell-commands](objects/shell-commands/definition.json) - Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
-* [objects/shodan](objects/shodan/definition.json) - A shodan object to describe a shodan report.
-* [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target.
-* [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message(s).
-* [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
-* [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
-* [objects/ssh-authorized-keys](objects/ssh-authorized-keys/definition.json) - SSH authorized keys object to store keys and option from SSH authorized_keys file.
-* [objects/suricata](objects/suricata/definition.json) - Suricata rule with context.
-* [objects/target-system](objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromised internal system.
-* [objects/threatgrid-report](objects/threatgrid-report/definition.json) - A threatgrid report object.
-* [objects/timecode](objects/timecode/definition.json) - Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
-* [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) - A timesketch timeline object based on mandatory field in timesketch to describe a log entry.
-* [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.
-* [objects/tor-hiddenservice](objects/tor-hiddenservice/definition.json) - Tor hidden service (Onion Service) object to describe a Tor hidden service.
-* [objects/tor-node](objects/tor-node/definition.json) - Tor node description which are part of the Tor network at a time.
-* [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
-* [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction.
-* [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
-* [objects/user-account](objects/user-account/definition.json) - Object describing a user account (UNIX, Windows, etc).
-* [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
-* [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused.
-* [objects/virustotal-graph](objects/virustotal-graph/definition.json) - VirusTotal graph.
-* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
-* [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE.
-* [objects/weakness](objects/weakness/definition.json) - Weakness object as described in a CWE.
-* [objects/whois](objects/whois/definition.json) - Whois records information for a domain name.
-* [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate.
-* [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: [yabin](https://github.com/AlienVault-OTX/yabin).
-* [objects/yara](objects/yara/definition.json) - YARA object describing a YARA rule along with the version supported and context (such as memory, network, disk).
+- [objects/ail-leak](objects/ail-leak/definition.json) - An information leak as defined by the AIL Analysis Information Leak framework.
+- [objects/ais-info](objects/ais-info/definition.json) - Automated Indicator Sharing (AIS) Information Source Markings.
+- [objects/android-app](objects/android-app/definition.json) - Indicators related to an Android app.
+- [objects/android-permission](objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app).
+- [objects/annotation](objects/annotation/definition.json) - An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.
+- [objects/anonymisation](objects/anonymisation/definition.json) - Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml.
+- [objects/asn](objects/asn/definition.json) - Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
+- [objects/attack-pattern](objects/attack-pattern/definition.json) - Attack pattern describing a common attack pattern enumeration and classification.
+- [objects/authentication-failure-report](objects/authentication-failure-report/definition.json) - Authentication Failure Report.
+- [objects/authenticode-signerinfo](objects/authenticode-signerinfo/definition.json) - Authenticode Signer Info.
+- [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature.
+- [objects/bank-account](objects/bank-account/definition.json) - An object describing bank account information based on account description from goAML 4.0.
+- [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com.
+- [objects/bgp-ranking](objects/bgp-ranking/definition.json) - BGP Ranking object describing the ranking of an ASN for a given day, along with its position, 1 being the most malicious ASN of the day, with the highest ranking. This object is meant to have a relationship with the corresponding ASN object and represents its ranking for a specific date.
+- [objects/blog](objects/blog/definition.json) - Blog post like Medium or WordPress.
+- [objects/boleto](objects/boleto/definition.json) - A common form of payment used in Brazil.
+- [objects/btc-transaction](objects/btc-transaction/definition.json) - An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.
+- [objects/btc-wallet](objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with bitcoin-transactions.
+- [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
+- [objects/cap-info](objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
+- [objects/cap-resource](objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.
+- [objects/coin-address](objects/coin-address/definition.json) - An address used in a cryptocurrency.
+- [objects/command](objects/command/definition.json) - Command functionalities related to specific commands executed by a program, whether it is malicious or not. Command-line are attached to this object for the related commands.
+- [objects/command-line](objects/command-line/definition.json) - Command line and options related to a specific command executed by a program, whether it is malicious or not.
+- [objects/cookie](objects/cookie/definition.json) - An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.
+- [objects/cortex](objects/cortex/definition.json) - Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object.
+- [objects/cortex-taxonomy](objects/cortex-taxonomy/definition.json) - Cortex object describing an Cortex Taxonomy (or mini report).
+- [objects/course-of-action](objects/course-of-action/definition.json) - An object describing a specific measure taken to prevent or respond to an attack.
+- [objects/covid19-csse-daily-report](objects/covid19-csse-daily-report/definition.json) - CSSE COVID-19 Daily report.
+- [objects/covid19-dxy-live-city](objects/covid19-dxy-live-city/definition.json) - COVID 19 from dxy.cn - Aggregation by city.
+- [objects/covid19-dxy-live-province](objects/covid19-dxy-live-province/definition.json) - COVID 19 from dxy.cn - Aggregation by province.
+- [objects/cowrie](objects/cowrie/definition.json) - Cowrie honeypot object template.
+- [objects/credential](objects/credential/definition.json) - Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).
+- [objects/credit-card](objects/credit-card/definition.json) - A payment card like credit card, debit card or any similar cards which can be used for financial transactions.
+- [objects/crypto-material](objects/crypto-material/definition.json) - Cryptographic materials such as public or/and private keys.
+- [objects/cytomic-orion-file](objects/cytomic-orion-file/definition.json) - Cytomic Orion File Detection.
+- [objects/cytomic-orion-machine](objects/cytomic-orion-machine/definition.json) - Cytomic Orion File at Machine Detection.
+- [objects/dark-pattern-item](objects/dark-pattern-item/definition.json) - An Item whose User Interface implements a dark pattern.
+- [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy.
+- [objects/device](objects/device/definition.json) - An object to define a device.
+- [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
+- [objects/dns-record](objects/dns-record/definition.json) - A set of DNS records observed for a specific domain.
+- [objects/domain-crawled](objects/domain-crawled/definition.json) - A domain crawled over time.
+- [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
+- [objects/elf](objects/elf/definition.json) - Object describing a Executable and Linkable Format.
+- [objects/elf-section](objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format.
+- [objects/email](objects/email/definition.json) - Email object describing an email with meta-information.
+- [objects/employee](objects/employee/definition.json) - An employee and related data points.
+- [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.
+- [objects/facebook-account](objects/facebook-account/definition.json) - Facebook account.
+- [objects/facebook-group](objects/facebook-group/definition.json) - Public or private facebook group.
+- [objects/facebook-page](objects/facebook-page/definition.json) - Facebook page.
+- [objects/facebook-post](objects/facebook-post/definition.json) - Post on a Facebook wall.
+- [objects/facial-composite](objects/facial-composite/definition.json) - An object which describes a facial composite.
+- [objects/fail2ban](objects/fail2ban/definition.json) - Fail2ban event.
+- [objects/file](objects/file/definition.json) - File object describing a file with meta-information.
+- [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
+- [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
+- [objects/forged-document](objects/forged-document/definition.json) - Object describing a forged document.
+- [objects/ftm-Airplane](objects/ftm-Airplane/definition.json) - .
+- [objects/ftm-Assessment](objects/ftm-Assessment/definition.json) - .
+- [objects/ftm-Asset](objects/ftm-Asset/definition.json) - .
+- [objects/ftm-Associate](objects/ftm-Associate/definition.json) - Non-family association between two people.
+- [objects/ftm-Audio](objects/ftm-Audio/definition.json) - .
+- [objects/ftm-BankAccount](objects/ftm-BankAccount/definition.json) - .
+- [objects/ftm-Call](objects/ftm-Call/definition.json) - .
+- [objects/ftm-Company](objects/ftm-Company/definition.json) - .
+- [objects/ftm-Contract](objects/ftm-Contract/definition.json) - An contract or contract lot issued by an authority. Multiple lots may be awarded to different suppliers (see ContractAward).
+.
+- [objects/ftm-ContractAward](objects/ftm-ContractAward/definition.json) - A contract or contract lot as awarded to a supplier.
+- [objects/ftm-CourtCase](objects/ftm-CourtCase/definition.json) - .
+- [objects/ftm-CourtCaseParty](objects/ftm-CourtCaseParty/definition.json) - .
+- [objects/ftm-Debt](objects/ftm-Debt/definition.json) - A monetary debt between two parties.
+- [objects/ftm-Directorship](objects/ftm-Directorship/definition.json) - .
+- [objects/ftm-Document](objects/ftm-Document/definition.json) - .
+- [objects/ftm-Documentation](objects/ftm-Documentation/definition.json) - .
+- [objects/ftm-EconomicActivity](objects/ftm-EconomicActivity/definition.json) - A foreign economic activity.
+- [objects/ftm-Email](objects/ftm-Email/definition.json) - .
+- [objects/ftm-Event](objects/ftm-Event/definition.json) - .
+- [objects/ftm-Family](objects/ftm-Family/definition.json) - Family relationship between two people.
+- [objects/ftm-Folder](objects/ftm-Folder/definition.json) - .
+- [objects/ftm-HyperText](objects/ftm-HyperText/definition.json) - .
+- [objects/ftm-Image](objects/ftm-Image/definition.json) - .
+- [objects/ftm-Land](objects/ftm-Land/definition.json) - .
+- [objects/ftm-LegalEntity](objects/ftm-LegalEntity/definition.json) - A legal entity may be a person or a company.
+- [objects/ftm-License](objects/ftm-License/definition.json) - A grant of land, rights or property. A type of Contract.
+- [objects/ftm-Membership](objects/ftm-Membership/definition.json) - .
+- [objects/ftm-Message](objects/ftm-Message/definition.json) - .
+- [objects/ftm-Organization](objects/ftm-Organization/definition.json) - .
+- [objects/ftm-Ownership](objects/ftm-Ownership/definition.json) - .
+- [objects/ftm-Package](objects/ftm-Package/definition.json) - .
+- [objects/ftm-Page](objects/ftm-Page/definition.json) - .
+- [objects/ftm-Pages](objects/ftm-Pages/definition.json) - .
+- [objects/ftm-Passport](objects/ftm-Passport/definition.json) - Passport.
+- [objects/ftm-Payment](objects/ftm-Payment/definition.json) - A monetary payment between two parties.
+- [objects/ftm-Person](objects/ftm-Person/definition.json) - An individual.
+- [objects/ftm-PlainText](objects/ftm-PlainText/definition.json) - .
+- [objects/ftm-PublicBody](objects/ftm-PublicBody/definition.json) - A public body, such as a ministry, department or state company.
+- [objects/ftm-RealEstate](objects/ftm-RealEstate/definition.json) - A piece of land or property.
+- [objects/ftm-Representation](objects/ftm-Representation/definition.json) - A mediatory, intermediary, middleman, or broker acting on behalf of a legal entity.
+- [objects/ftm-Row](objects/ftm-Row/definition.json) - .
+- [objects/ftm-Sanction](objects/ftm-Sanction/definition.json) - A sanction designation.
+- [objects/ftm-Succession](objects/ftm-Succession/definition.json) - Two entities that legally succeed each other.
+- [objects/ftm-Table](objects/ftm-Table/definition.json) - .
+- [objects/ftm-TaxRoll](objects/ftm-TaxRoll/definition.json) - A tax declaration of an individual.
+- [objects/ftm-UnknownLink](objects/ftm-UnknownLink/definition.json) - .
+- [objects/ftm-UserAccount](objects/ftm-UserAccount/definition.json) - .
+- [objects/ftm-Vehicle](objects/ftm-Vehicle/definition.json) - .
+- [objects/ftm-Vessel](objects/ftm-Vessel/definition.json) - A boat or ship.
+- [objects/ftm-Video](objects/ftm-Video/definition.json) - .
+- [objects/ftm-Workbook](objects/ftm-Workbook/definition.json) - .
+- [objects/geolocation](objects/geolocation/definition.json) - An object to describe a geographic location.
+- [objects/git-vuln-finder](objects/git-vuln-finder/definition.json) - Export from git-vuln-finder.
+- [objects/github-user](objects/github-user/definition.json) - GitHub user.
+- [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
+- [objects/http-request](objects/http-request/definition.json) - A single HTTP request header.
+- [objects/ilr-impact](objects/ilr-impact/definition.json) - Institut Luxembourgeois de Regulation - Impact.
+- [objects/ilr-notification-incident](objects/ilr-notification-incident/definition.json) - Institut Luxembourgeois de Regulation - Notification d'incident.
+- [objects/image](objects/image/definition.json) - Object describing an image file.
+- [objects/impersonation](objects/impersonation/definition.json) - Represent an impersonating account.
+- [objects/imsi-catcher](objects/imsi-catcher/definition.json) - IMSI Catcher entry object based on the open source IMSI cather.
+- [objects/instant-message](objects/instant-message/definition.json) - Instant Message (IM) object template describing one or more IM message.
+- [objects/instant-message-group](objects/instant-message-group/definition.json) - Instant Message (IM) group object template describing a public or private IM group, channel or conversation.
+- [objects/intel471-vulnerability-intelligence](objects/intel471-vulnerability-intelligence/definition.json) - Intel 471 vulnerability intelligence object.
+- [objects/intelmq_event](objects/intelmq_event/definition.json) - IntelMQ Event.
+- [objects/intelmq_report](objects/intelmq_report/definition.json) - IntelMQ Report.
+- [objects/internal-reference](objects/internal-reference/definition.json) - Internal reference.
+- [objects/interpol-notice](objects/interpol-notice/definition.json) - An object which describes a Interpol notice.
+- [objects/iot-device](objects/iot-device/definition.json) - An IoT device.
+- [objects/iot-firmware](objects/iot-firmware/definition.json) - A firmware for an IoT device.
+- [objects/ip-api-address](objects/ip-api-address/definition.json) - IP Address information. Useful if you are pulling your ip information from ip-api.com.
+- [objects/ip-port](objects/ip-port/definition.json) - An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.
+- [objects/irc](objects/irc/definition.json) - An IRC object to describe an IRC server and the associated channels.
+- [objects/ja3](objects/ja3/definition.json) - JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3.
+- [objects/keybase-account](objects/keybase-account/definition.json) - Information related to a keybase account, from API Users Object.
+- [objects/leaked-document](objects/leaked-document/definition.json) - Object describing a leaked document.
+- [objects/legal-entity](objects/legal-entity/definition.json) - An object to describe a legal entity.
+- [objects/lnk](objects/lnk/definition.json) - LNK object describing a Windows LNK binary file (aka Windows shortcut).
+- [objects/macho](objects/macho/definition.json) - Object describing a file in Mach-O format.
+- [objects/macho-section](objects/macho-section/definition.json) - Object describing a section of a file in Mach-O format.
+- [objects/mactime-timeline-analysis](objects/mactime-timeline-analysis/definition.json) - Mactime template, used in forensic investigations to describe the timeline of a file activity.
+- [objects/malware-config](objects/malware-config/definition.json) - Malware configuration recovered or extracted from a malicious binary.
+- [objects/meme-image](objects/meme-image/definition.json) - Object describing a meme (image).
+- [objects/microblog](objects/microblog/definition.json) - Microblog post like a Twitter tweet or a post on a Facebook wall.
+- [objects/mutex](objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
+- [objects/narrative](objects/narrative/definition.json) - Object describing a narrative.
+- [objects/netflow](objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
+- [objects/network-connection](objects/network-connection/definition.json) - A local or remote network connection.
+- [objects/network-socket](objects/network-socket/definition.json) - Network socket object describes a local or remote network connections based on the socket data structure.
+- [objects/news-agency](objects/news-agency/definition.json) - News agencies compile news and disseminate news in bulk.
+- [objects/news-media](objects/news-media/definition.json) - News media are forms of mass media delivering news to the general public.
+- [objects/organization](objects/organization/definition.json) - An object which describes an organization.
+- [objects/original-imported-file](objects/original-imported-file/definition.json) - Object describing the original file used to import data in MISP.
+- [objects/parler-account](objects/parler-account/definition.json) - Parler account.
+- [objects/parler-comment](objects/parler-comment/definition.json) - Parler comment.
+- [objects/parler-post](objects/parler-post/definition.json) - Parler post (parley).
+- [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.
+- [objects/paste](objects/paste/definition.json) - Paste or similar post from a website allowing to share privately or publicly posts.
+- [objects/pcap-metadata](objects/pcap-metadata/definition.json) - Network packet capture metadata.
+- [objects/pe](objects/pe/definition.json) - Object describing a Portable Executable.
+- [objects/pe-section](objects/pe-section/definition.json) - Object describing a section of a Portable Executable.
+- [objects/person](objects/person/definition.json) - An object which describes a person or an identity.
+- [objects/pgp-meta](objects/pgp-meta/definition.json) - Metadata extracted from a PGP keyblock, message or signature.
+- [objects/phishing](objects/phishing/definition.json) - Phishing template to describe a phishing website and its analysis.
+- [objects/phishing-kit](objects/phishing-kit/definition.json) - Object to describe a phishing-kit.
+- [objects/phone](objects/phone/definition.json) - A phone or mobile phone object which describe a phone.
+- [objects/process](objects/process/definition.json) - Object describing a system process.
+- [objects/publication](objects/publication/definition.json) - An object to describe a book, journal, or academic publication.
+- [objects/python-etvx-event-log](objects/python-etvx-event-log/definition.json) - Event log object template to share information of the activities conducted on a system. .
+- [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml.
+- [objects/reddit-account](objects/reddit-account/definition.json) - Reddit account.
+- [objects/reddit-comment](objects/reddit-comment/definition.json) - A Reddit post comment.
+- [objects/reddit-post](objects/reddit-post/definition.json) - A Reddit post.
+- [objects/reddit-subreddit](objects/reddit-subreddit/definition.json) - Public or private subreddit.
+- [objects/regexp](objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.
+- [objects/registry-key](objects/registry-key/definition.json) - Registry key object describing a Windows registry key with value and last-modified timestamp.
+- [objects/regripper-NTUser](objects/regripper-NTUser/definition.json) - Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.
+- [objects/regripper-sam-hive-single-user](objects/regripper-sam-hive-single-user/definition.json) - Regripper Object template designed to present user profile details extracted from the SAM hive.
+- [objects/regripper-sam-hive-user-group](objects/regripper-sam-hive-user-group/definition.json) - Regripper Object template designed to present group profile details extracted from the SAM hive.
+- [objects/regripper-software-hive-BHO](objects/regripper-software-hive-BHO/definition.json) - Regripper Object template designed to gather information of the browser helper objects installed on the system.
+- [objects/regripper-software-hive-appInit-DLLS](objects/regripper-software-hive-appInit-DLLS/definition.json) - Regripper Object template designed to gather information of the DLL files installed on the system.
+- [objects/regripper-software-hive-application-paths](objects/regripper-software-hive-application-paths/definition.json) - Regripper Object template designed to gather information of the application paths.
+- [objects/regripper-software-hive-applications-installed](objects/regripper-software-hive-applications-installed/definition.json) - Regripper Object template designed to gather information of the applications installed on the system.
+- [objects/regripper-software-hive-command-shell](objects/regripper-software-hive-command-shell/definition.json) - Regripper Object template designed to gather information of the shell commands executed on the system.
+- [objects/regripper-software-hive-software-run](objects/regripper-software-hive-software-run/definition.json) - Regripper Object template designed to gather information of the applications set to run on the system.
+- [objects/regripper-software-hive-userprofile-winlogon](objects/regripper-software-hive-userprofile-winlogon/definition.json) - Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.
+- [objects/regripper-software-hive-windows-general-info](objects/regripper-software-hive-windows-general-info/definition.json) - Regripper Object template designed to gather general windows information extracted from the software-hive.
+- [objects/regripper-system-hive-firewall-configuration](objects/regripper-system-hive-firewall-configuration/definition.json) - Regripper Object template designed to present firewall configuration information extracted from the system-hive.
+- [objects/regripper-system-hive-general-configuration](objects/regripper-system-hive-general-configuration/definition.json) - Regripper Object template designed to present general system properties extracted from the system-hive.
+- [objects/regripper-system-hive-network-information](objects/regripper-system-hive-network-information/definition.json) - Regripper object template designed to gather network information from the system-hive.
+- [objects/regripper-system-hive-services-drivers](objects/regripper-system-hive-services-drivers/definition.json) - Regripper Object template designed to gather information regarding the services/drivers from the system-hive.
+- [objects/report](objects/report/definition.json) - Metadata used to generate an executive level report.
+- [objects/research-scanner](objects/research-scanner/definition.json) - Information related to known scanning activity (e.g. from research projects).
+- [objects/rogue-dns](objects/rogue-dns/definition.json) - Rogue DNS as defined by CERT.br.
+- [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response.
+- [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report.
+- [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature.
+- [objects/scheduled-event](objects/scheduled-event/definition.json) - Event object template describing a gathering of individuals in meatspace.
+- [objects/scrippsco2-c13-daily](objects/scrippsco2-c13-daily/definition.json) - Daily average C13 concentrations (ppm) derived from flask air samples.
+- [objects/scrippsco2-c13-monthly](objects/scrippsco2-c13-monthly/definition.json) - Monthly average C13 concentrations (ppm) derived from flask air samples.
+- [objects/scrippsco2-co2-daily](objects/scrippsco2-co2-daily/definition.json) - Daily average CO2 concentrations (ppm) derived from flask air samples.
+- [objects/scrippsco2-co2-monthly](objects/scrippsco2-co2-monthly/definition.json) - Monthly average CO2 concentrations (ppm) derived from flask air samples.
+- [objects/scrippsco2-o18-daily](objects/scrippsco2-o18-daily/definition.json) - Daily average O18 concentrations (ppm) derived from flask air samples.
+- [objects/scrippsco2-o18-monthly](objects/scrippsco2-o18-monthly/definition.json) - Monthly average O18 concentrations (ppm) derived from flask air samples.
+- [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
+- [objects/shell-commands](objects/shell-commands/definition.json) - Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
+- [objects/shodan-report](objects/shodan-report/definition.json) - Shodan Report for a given IP.
+- [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message. Restriction of the initial format 3GPP 23.038 GSM character set doesn't apply.
+- [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target.
+- [objects/social-media-group](objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel.
+- [objects/splunk](objects/splunk/definition.json) - Splunk / Splunk ES object.
+- [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
+- [objects/ssh-authorized-keys](objects/ssh-authorized-keys/definition.json) - An object to store ssh authorized keys file.
+- [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
+- [objects/suricata](objects/suricata/definition.json) - An object describing one or more Suricata rule(s) along with version and contextual information.
+- [objects/target-system](objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromissed internal system.
+- [objects/threatgrid-report](objects/threatgrid-report/definition.json) - ThreatGrid report.
+- [objects/timecode](objects/timecode/definition.json) - Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
+- [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) - A timesketch timeline object based on mandatory field in timesketch to describe a log entry.
+- [objects/timesketch_message](objects/timesketch_message/definition.json) - A timesketch message entry.
+- [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.
+- [objects/tor-hiddenservice](objects/tor-hiddenservice/definition.json) - Tor hidden service (onion service) object.
+- [objects/tor-node](objects/tor-node/definition.json) - Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.
+- [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
+- [objects/transaction](objects/transaction/definition.json) - An object to describe a financial transaction.
+- [objects/translation](objects/translation/definition.json) - Used to keep a text and its translation.
+- [objects/trustar_report](objects/trustar_report/definition.json) - TruStar Report.
+- [objects/tsk-chats](objects/tsk-chats/definition.json) - An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.
+- [objects/tsk-web-bookmark](objects/tsk-web-bookmark/definition.json) - An Object Template to add evidential bookmarks identified during a digital forensic investigation.
+- [objects/tsk-web-cookie](objects/tsk-web-cookie/definition.json) - An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.
+- [objects/tsk-web-downloads](objects/tsk-web-downloads/definition.json) - An Object Template to add web-downloads.
+- [objects/tsk-web-history](objects/tsk-web-history/definition.json) - An Object Template to share web history information.
+- [objects/tsk-web-search-query](objects/tsk-web-search-query/definition.json) - An Object Template to share web search query information.
+- [objects/twitter-account](objects/twitter-account/definition.json) - Twitter account.
+- [objects/twitter-list](objects/twitter-list/definition.json) - Twitter list.
+- [objects/twitter-post](objects/twitter-post/definition.json) - Twitter post (tweet).
+- [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.
+- [objects/user-account](objects/user-account/definition.json) - .
+- [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
+- [objects/victim](objects/victim/definition.json) - Victim object describes the target of an attack or abuse.
+- [objects/virustotal-graph](objects/virustotal-graph/definition.json) - VirusTotal graph.
+- [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
+- [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.
+- [objects/weakness](objects/weakness/definition.json) - Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.
+- [objects/whois](objects/whois/definition.json) - Whois records information for a domain name or an IP address.
+- [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate.
+- [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: https://github.com/AlienVault-OTX/yabin.
+- [objects/yara](objects/yara/definition.json) - An object describing a YARA rule (or a YARA rule name) along with its version.
+- [objects/youtube-channel](objects/youtube-channel/definition.json) - A YouTube channel.
+- [objects/youtube-comment](objects/youtube-comment/definition.json) - A YouTube video comment.
+- [objects/youtube-playlist](objects/youtube-playlist/definition.json) - A YouTube playlist.
+- [objects/youtube-video](objects/youtube-video/definition.json) - A YouTube video.
 
 ## MISP objects relationships
 
@@ -186,7 +374,7 @@ If the unparsed object can be included, a **raw-base64** attribute can be used i
 
 Every object needs a **uuid** which can be created using **uuidgen -r** on a linux command line.
 
-When the object is created, pull a request on this project. We usually merge the objects if it fits existing use-cases.
+When the object is created, the `validate_all.sh` and `jq_all_the_things.sh` is run for validation, pull a request on this project. We usually merge the objects if it fits existing use-cases.
 
 ## MISP objects documentation
 
@@ -204,11 +392,52 @@ The MISP objects model allows to add new combined indicators format based on the
 
 ## License
 
+### MISP Object JSON files
+
+The MISP objects (JSON files) are dual-licensed under:
+
+- [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication.
+
+or
+
+~~~~
+ Copyright (c) 2016-2020 Alexandre Dulaunoy - a@foo.be
+ Copyright (c) 2016-2020 CIRCL - Computer Incident Response Center Luxembourg
+ Copyright (c) 2016-2020 Andras Iklody
+ Copyright (c) 2016-2020 Raphael Vinot
+ Copyright (c) 2016-2020 Various contributors to MISP Project
+
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+    2. Redistributions in binary form must reproduce the above copyright notice,
+       this list of conditions and the following disclaimer in the documentation
+       and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+~~~~~
+
+If a specific author of a taxonomy wants to license it under a different license, a pull request can be requested.
+
+
+### Software
+
 ~~~~
 
-Copyright (C) 2016-2019 Andras Iklody
-Copyright (C) 2016-2019 Alexandre Dulaunoy
-Copyright (C) 2016-2019 CIRCL - Computer Incident Response Center Luxembourg
+Copyright (C) 2016-2020 Andras Iklody
+Copyright (C) 2016-2020 Alexandre Dulaunoy
+Copyright (C) 2016-2020 CIRCL - Computer Incident Response Center Luxembourg
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by

jq_all_the_things.sh

@@ -19,10 +19,10 @@ set -x
 
 for dir in objects/*/definition.json
 do
-    cat ${dir} | jq . | sponge ${dir}
+    cat ${dir} | jq -S -j . | sponge ${dir}
 done
 
-cat relationships/definition.json | jq . | sponge relationships/definition.json
+cat relationships/definition.json | jq -S -j . | sponge relationships/definition.json
 
 cat schema_objects.json | jq . | sponge schema_objects.json
 cat schema_relationships.json | jq . | sponge schema_relationships.json

objects/ail-leak/definition.json

@@ -1,4 +1,65 @@
 {
+  "attributes": {
+    "duplicate": {
+      "description": "Duplicate of the existing leaks.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "duplicate_number": {
+      "description": "Number of known duplicates.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "first-seen": {
+      "description": "When the leak has been accessible or seen for the first time.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "last-seen": {
+      "description": "When the leak has been accessible or seen for the last time.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "origin": {
+      "description": "The link where the leak is (or was) accessible at first-seen.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "original-date": {
+      "description": "When the information available in the leak was created. It's usually before the first-seen.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "raw-data": {
+      "description": "Raw data as received by the AIL sensor compressed and encoded in Base64.",
+      "disable_correlation": true,
+      "misp-attribute": "attachment",
+      "ui-priority": 0
+    },
+    "sensor": {
+      "description": "The AIL sensor uuid where the leak was processed and analysed.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "A description of the leak which could include the potential victim(s) or description of the leak.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "An information leak as defined by the AIL Analysis Information Leak framework.",
+  "meta-category": "misc",
+  "name": "ail-leak",
+  "required": [
+    "sensor"
+  ],
   "requiredOneOf": [
     "text",
     "first-seen",
@@ -6,67 +67,6 @@
     "origin",
     "raw-data"
   ],
-  "required": [
-    "sensor"
-  ],
-  "attributes": {
-    "sensor": {
-      "description": "The AIL sensor uuid where the leak was processed and analysed.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "duplicate": {
-      "description": "Duplicate of the existing leaks.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "multiple": true
-    },
-    "duplicate_number": {
-      "description": "Number of known duplicates.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "counter"
-    },
-    "origin": {
-      "description": "The link where the leak is (or was) accessible at first-seen.",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "text": {
-      "description": "A description of the leak which could include the potential victim(s) or description of the leak.",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "original-date": {
-      "description": "When the information available in the leak was created. It's usually before the first-seen.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "last-seen": {
-      "description": "When the leak has been accessible or seen for the last time.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "first-seen": {
-      "description": "When the leak has been accessible or seen for the first time.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "raw-data": {
-      "description": "Raw data as received by the AIL sensor compressed and encoded in Base64.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "attachment"
-    }
-  },
-  "version": 9,
-  "description": "An information leak as defined by the AIL Analysis Information Leak framework.",
-  "meta-category": "misc",
   "uuid": "dc6a8fa2-0a43-4a0c-a5aa-b1a5336ca80e",
-  "name": "ail-leak"
-}
+  "version": 9
+}

objects/ais-info/definition.json

@@ -1,25 +1,18 @@
 {
-  "requiredOneOf": [
-    "organisation",
-    "administrative-area",
-    "industry",
-    "country"
-  ],
   "attributes": {
-    "organisation": {
-      "description": "AIS Organisation Name.",
+    "administrative-area": {
+      "description": "AIS Administrative Area represented using ISO-3166-2.",
       "misp-attribute": "text",
       "ui-priority": 1
     },
-    "administrative-area": {
-      "description": "AIS Administrative Area represented using ISO-3166-2.",
+    "country": {
+      "description": "AIS Country represented using ISO-3166-1_alpha-2.",
       "misp-attribute": "text",
       "ui-priority": 1
     },
     "industry": {
       "description": "AIS IndustryType.",
       "misp-attribute": "text",
-      "ui-priority": 1,
       "multiple": true,
       "sane_default": [
         "Chemical Sector",
@@ -39,17 +32,24 @@
         "Transportation Systems Sector",
         "Water and Wastewater Systems Sector",
         "Other"
-      ]
+      ],
+      "ui-priority": 1
     },
-    "country": {
-      "description": "AIS Country represented using ISO-3166-1_alpha-2.",
+    "organisation": {
+      "description": "AIS Organisation Name.",
       "misp-attribute": "text",
       "ui-priority": 1
     }
   },
-  "version": 1,
   "description": "Automated Indicator Sharing (AIS) Information Source Markings.",
   "meta-category": "misc",
+  "name": "ais-info",
+  "requiredOneOf": [
+    "organisation",
+    "administrative-area",
+    "industry",
+    "country"
+  ],
   "uuid": "1f3f466d-465f-4c3a-8cce-933642c9ea83",
-  "name": "ais-info"
-}
+  "version": 1
+}

objects/android-app/definition.json

@@ -0,0 +1,43 @@
+{
+  "attributes": {
+    "appid": {
+      "description": "Application ID",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "certificate": {
+      "description": "Android certificate",
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "domain": {
+      "description": "Domain used by the app",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "name": {
+      "description": "Generic name of the application",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "sha256": {
+      "description": "SHA256 of the APK.",
+      "misp-attribute": "sha256",
+      "multiple": true,
+      "ui-priority": 1
+    }
+  },
+  "description": "Indicators related to an Android app",
+  "meta-category": "file",
+  "name": "android-app",
+  "requiredOneOf": [
+    "appid",
+    "name",
+    "sha256"
+  ],
+  "uuid": "92836f23-4730-4eae-82ac-9f00d5299735",
+  "version": 1
+}

objects/android-permission/definition.json

@@ -1,11 +1,12 @@
 {
-  "requiredOneOf": [
-    "permission"
-  ],
   "attributes": {
+    "comment": {
+      "description": "Comment about the set of android permission(s)",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
     "permission": {
       "description": "Android permission",
-      "ui-priority": 0,
       "misp-attribute": "text",
       "multiple": true,
       "sane_default": [
@@ -155,17 +156,16 @@
         "WRITE_SETTINGS",
         "WRITE_SYNC_SETTINGS",
         "WRITE_VOICEMAIL"
-      ]
-    },
-    "comment": {
-      "description": "Comment about the set of android permission(s)",
-      "ui-priority": 0,
-      "misp-attribute": "comment"
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 2,
   "description": "A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app).",
   "meta-category": "misc",
+  "name": "android-permission",
+  "requiredOneOf": [
+    "permission"
+  ],
   "uuid": "d81003b2-5c03-4d96-ae30-e6695de1aea2",
-  "name": "android-permission"
-}
+  "version": 2
+}

objects/annotation/definition.json

@@ -1,24 +1,55 @@
 {
-  "requiredOneOf": [
-    "text"
-  ],
   "attributes": {
-    "text": {
-      "description": "Raw text of the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+    "attachment": {
+      "description": "An attachment to support the annotation",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "creation-date": {
+      "description": "Initial creation of the annotation",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "format": {
+      "description": "Format of the annotation",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "text",
+        "markdown",
+        "asciidoctor",
+        "MultiMarkdown",
+        "GFM",
+        "pandoc",
+        "Fountain",
+        "CommonWork",
+        "kramdown-rfc2629",
+        "rfc7328",
+        "Extra"
+      ],
+      "ui-priority": 0
+    },
+    "modification-date": {
+      "description": "Last update of the annotation",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "ref": {
       "description": "Reference(s) to the annotation",
-      "ui-priority": 0,
       "misp-attribute": "link",
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "Raw text of the annotation",
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "type": {
       "description": "Type of the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Annotation",
         "Executive Summary",
@@ -32,47 +63,16 @@
         "Authors",
         "Logo",
         "Full Report"
-      ]
-    },
-    "format": {
-      "description": "Format of the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "sane_default": [
-        "text",
-        "markdown",
-        "asciidoctor",
-        "MultiMarkdown",
-        "GFM",
-        "pandoc",
-        "Fountain",
-        "CommonWork",
-        "kramdown-rfc2629",
-        "rfc7328",
-        "Extra"
-      ]
-    },
-    "creation-date": {
-      "description": "Initial creation of the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "modification-date": {
-      "description": "Last update of the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "attachment": {
-      "description": "An attachment to support the annotation",
-      "ui-priority": 0,
-      "misp-attribute": "attachment",
-      "multiple": true
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 3,
   "description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",
   "meta-category": "misc",
+  "name": "annotation",
+  "requiredOneOf": [
+    "text"
+  ],
   "uuid": "5d8dc046-15a1-4ca3-a09f-ed4ede7c4487",
-  "name": "annotation"
-}
+  "version": 3
+}

objects/anonymisation/definition.json

@@ -1,62 +1,15 @@
 {
-  "requiredOneOf": [
-    "description",
-    "method",
-    "key",
-    "keyed-hash-function",
-    "encryption-function",
-    "regexp",
-    "iv"
-  ],
   "attributes": {
-    "method": {
-      "description": "Anonymisation (or pseudo-anonymisation) method(s) used",
-      "ui-priority": 1,
+    "description": {
+      "description": "Description of the anonymisation technique or tool used",
       "disable_correlation": true,
-      "sane_default": [
-        "hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
-        "hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
-        "permutation - Maps each original value to a unique new value.",
-        "prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
-        "shift - Adds a fixed offset to each value/attribute.",
-        "enumeration - Map each original value to a new value such that their ordering is preserved.",
-        "partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
-        "updated - Checksums are recalculated to reflect changes made to other fields.",
-        "truncation - Field is shortened, losing data at the end.",
-        "encryption - Attribute is encrypted."
-      ],
       "misp-attribute": "text",
-      "multiple": true
-    },
-    "key": {
-      "description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
-      "ui-priority": 1,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "iv": {
-      "description": "Initialisation vector for the encryption function used to anonymise the attribute",
-      "ui-priority": 1,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "keyed-hash-function": {
-      "description": "Keyed-hash function used to anonymise the attribute",
-      "ui-priority": 1,
-      "disable_correlation": true,
-      "sane_default": [
-        "hmac-sha1",
-        "hmac-md5",
-        "hmac-sha256",
-        "hmac-sha384",
-        "hmac-sha512"
-      ],
-      "misp-attribute": "text"
+      "ui-priority": 1
     },
     "encryption-function": {
       "description": "Encryption function or algorithm used to anonymise the attribute",
-      "ui-priority": 1,
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "aes128",
         "aes-128-cbc",
@@ -165,34 +118,81 @@
         "sm4-ecb",
         "sm4-ofb"
       ],
-      "misp-attribute": "text"
+      "ui-priority": 1
     },
-    "regexp": {
-      "description": "Regular expression to perfom the anonymisation (reversible or not)",
-      "ui-priority": 10,
+    "iv": {
+      "description": "Initialisation vector for the encryption function used to anonymise the attribute",
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
-    "description": {
-      "description": "Description of the anonymisation technique or tool used",
-      "ui-priority": 1,
+    "key": {
+      "description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "keyed-hash-function": {
+      "description": "Keyed-hash function used to anonymise the attribute",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "hmac-sha1",
+        "hmac-md5",
+        "hmac-sha256",
+        "hmac-sha384",
+        "hmac-sha512"
+      ],
+      "ui-priority": 1
     },
     "level-of-knowledge": {
       "description": "Level of knowledge of the organisation who created this object",
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "ui-priority": 10,
       "values_list": [
         "Only the anonymised data is known",
         "Deanonymised data is known"
-      ],
+      ]
+    },
+    "method": {
+      "description": "Anonymisation (or pseudo-anonymisation) method(s) used",
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
+        "hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
+        "permutation - Maps each original value to a unique new value.",
+        "prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
+        "shift - Adds a fixed offset to each value/attribute.",
+        "enumeration - Map each original value to a new value such that their ordering is preserved.",
+        "partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
+        "updated - Checksums are recalculated to reflect changes made to other fields.",
+        "truncation - Field is shortened, losing data at the end.",
+        "encryption - Attribute is encrypted."
+      ],
+      "ui-priority": 1
+    },
+    "regexp": {
+      "description": "Regular expression to perfom the anonymisation (reversible or not)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 10
     }
   },
-  "version": 2,
   "description": "Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
   "meta-category": "misc",
+  "name": "anonymisation",
+  "requiredOneOf": [
+    "description",
+    "method",
+    "key",
+    "keyed-hash-function",
+    "encryption-function",
+    "regexp",
+    "iv"
+  ],
   "uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
-  "name": "anonymisation"
-}
+  "version": 2
+}

objects/asn/definition.json

@@ -1,69 +1,69 @@
 {
-  "requiredOneOf": [
-    "asn"
-  ],
   "attributes": {
     "asn": {
       "description": "Autonomous System Number",
-      "ui-priority": 1,
-      "misp-attribute": "AS"
-    },
-    "description": {
-      "description": "Description of the autonomous system",
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "AS",
+      "ui-priority": 1
     },
     "country": {
       "description": "Country code of the main location of the autonomous system",
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
-    "subnet-announced": {
-      "description": "Subnet announced",
-      "ui-priority": 0,
-      "misp-attribute": "ip-src",
-      "multiple": true
+    "description": {
+      "description": "Description of the autonomous system",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "export": {
+      "description": "The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
     },
     "first-seen": {
       "description": "First time the ASN was seen",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "import": {
+      "description": "The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
     },
     "last-seen": {
       "description": "Last time the ASN was seen",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "import": {
-      "description": "The inbound IPv4 routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "multiple": true
-    },
-    "export": {
-      "description": "The outbound routing policy of the AS in RFC 2622 – Routing Policy Specification Language (RPSL) format",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "multiple": true
-    },
-    "mp-import": {
-      "description": "The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "multiple": true
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "mp-export": {
       "description": "This attribute performs the same function as the export attribute above. The difference is that mp-export allows both IPv4 and IPv6 address families to be specified. The export is described in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format",
-      "ui-priority": 0,
       "misp-attribute": "text",
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mp-import": {
+      "description": "The inbound IPv4 or IPv6 routing policy of the AS in RFC 4012 – Routing Policy Specification Language next generation (RPSLng), section 4.5. format",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "subnet-announced": {
+      "description": "Subnet announced",
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
     }
   },
-  "version": 4,
   "description": "Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.",
   "meta-category": "network",
+  "name": "asn",
+  "requiredOneOf": [
+    "asn"
+  ],
   "uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6587",
-  "name": "asn"
-}
+  "version": 4
+}

objects/attack-pattern/definition.json

@@ -1,45 +1,51 @@
 {
+  "attributes": {
+    "id": {
+      "description": "CAPEC ID.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name of the attack pattern.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "prerequisites": {
+      "description": "Prerequisites for the attack pattern to succeed.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "External references",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "related-weakness": {
+      "description": "Weakness related to the attack pattern.",
+      "misp-attribute": "weakness",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "solutions": {
+      "description": "Solutions for the attack pattern to be countered.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary description of the attack pattern.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "Attack pattern describing a common attack pattern enumeration and classification.",
+  "meta-category": "vulnerability",
+  "name": "attack-pattern",
   "requiredOneOf": [
     "name",
     "id"
   ],
-  "attributes": {
-    "id": {
-      "description": "CAPEC ID.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "name": {
-      "description": "Name of the attack pattern.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "summary": {
-      "description": "Summary description of the attack pattern.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "prerequisites": {
-      "description": "Prerequisites for the attack pattern to succeed.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "solutions": {
-      "description": "Solutions for the attack pattern to be countered.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "related-weakness": {
-      "description": "Weakness related to the attack pattern.",
-      "ui-priority": 0,
-      "multiple": true,
-      "misp-attribute": "weakness"
-    }
-  },
-  "version": 1,
-  "description": "Attack pattern describing a common attack pattern enumeration and classification.",
-  "meta-category": "vulnerability",
   "uuid": "35928348-56be-4d7f-9752-a80927936351",
-  "name": "attack-pattern"
-}
+  "version": 1
+}

objects/authentication-failure-report/definition.json

@@ -0,0 +1,51 @@
+{
+  "attributes": {
+    "ip-dst": {
+      "description": "Destination IP.",
+      "disable_correlation": false,
+      "misp-attribute": "ip-dst",
+      "ui-priority": 1
+    },
+    "ip-src": {
+      "description": "IP address originating the authentication failure.",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "total": {
+      "description": "the number of authentication failures reported.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "the type of authentication failure.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "ssh"
+      ],
+      "ui-priority": 1
+    },
+    "username": {
+      "description": "the username used.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "Authentication Failure Report",
+  "meta-category": "network",
+  "name": "authentication-failure-report",
+  "required": [
+    "total",
+    "type"
+  ],
+  "requiredOneOf": [
+    "ip-src",
+    "ip-dst",
+    "username"
+  ],
+  "uuid": "9b39afe0-9809-4fe0-8a0b-4cec2b140dd2",
+  "version": 4
+}

objects/authenticode-signerinfo/definition.json

@@ -1,34 +1,19 @@
 {
-  "requiredOneOf": [
-    "url",
-    "program-name"
-  ],
   "attributes": {
-    "text": {
-      "description": "Free text description of the signer info",
-      "ui-priority": 1,
-      "misp-attribute": "text"
+    "content-type": {
+      "description": "Content type",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "digest_algorithm": {
+      "description": "Digest algorithm",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "issuer": {
       "description": "Issuer of the certificate",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "version": {
-      "description": "Version of the certificate",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "url": {
-      "description": "Url",
-      "multiple": true,
-      "misp-attribute": "url",
-      "ui-priority": 0
-    },
-    "content-type": {
-      "description": "Content type",
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
     },
@@ -37,26 +22,41 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
-    "digest_algorithm": {
-      "description": "Digest algorithm",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true
-    },
     "signature_algorithm": {
       "description": "Signature algorithm",
-      "misp-attribute": "text",
-      "ui-priority": 0,
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "SHA1_WITH_RSA_ENCRYPTION",
         "SHA256_WITH_RSA_ENCRYPTION"
-      ]
+      ],
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "Free text description of the signer info",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Url",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "version": {
+      "description": "Version of the certificate",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Authenticode Signer Info",
   "meta-category": "file",
+  "name": "authenticode-signerinfo",
+  "requiredOneOf": [
+    "url",
+    "program-name"
+  ],
   "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e",
-  "name": "authenticode-signerinfo"
-}
+  "version": 1
+}

objects/av-signature/definition.json

@@ -1,48 +1,48 @@
 {
+  "attributes": {
+    "datetime": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Datetime",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "signature": {
+      "categories": [
+        "Antivirus detection"
+      ],
+      "description": "Name of detection signature",
+      "misp-attribute": "text",
+      "ui-priority": 2
+    },
+    "software": {
+      "categories": [
+        "Antivirus detection"
+      ],
+      "description": "Name of antivirus software",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "text": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Free text value to attach to the file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "Antivirus detection signature",
+  "meta-category": "misc",
+  "name": "av-signature",
   "required": [
     "software",
     "signature"
   ],
-  "attributes": {
-    "software": {
-      "description": "Name of antivirus software",
-      "disable_correlation": true,
-      "categories": [
-        "Antivirus detection"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "signature": {
-      "description": "Name of detection signature",
-      "categories": [
-        "Antivirus detection"
-      ],
-      "ui-priority": 2,
-      "misp-attribute": "text"
-    },
-    "text": {
-      "description": "Free text value to attach to the file",
-      "disable_correlation": true,
-      "categories": [
-        "Other"
-      ],
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "datetime": {
-      "description": "Datetime",
-      "disable_correlation": true,
-      "categories": [
-        "Other"
-      ],
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    }
-  },
-  "version": 1,
-  "description": "Antivirus detection signature",
-  "meta-category": "misc",
   "uuid": "4dbb56ef-4763-4c97-8696-a2bfc305cf8e",
-  "name": "av-signature"
-}
+  "version": 1
+}

objects/bank-account/definition.json

@@ -1,82 +1,110 @@
 {
-  "requiredOneOf": [
-    "account"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the bank account.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+    "aba-rtn": {
+      "description": " ABA routing transit number",
+      "misp-attribute": "aba-rtn",
+      "ui-priority": 0
     },
-    "institution-name": {
-      "description": "Name of the bank or financial organisation.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+    "account": {
+      "description": "Account number",
+      "misp-attribute": "bank-account-nr",
+      "ui-priority": 0
     },
-    "institution-code": {
-      "description": "Institution code of the bank.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+    "account-name": {
+      "description": "A field to freely describe the bank account details.",
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
-    "swift": {
-      "description": "SWIFT or BIC as defined in ISO 9362.",
+    "balance": {
+      "description": "The balance of the account after the suspicious transaction was processed.",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "bic"
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "beneficiary": {
+      "description": "Final beneficiary of the bank account.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "beneficiary-comment": {
+      "description": "Comment about the final beneficiary.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "branch": {
       "description": "Branch code or name",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
-    "non-banking-institution": {
-      "description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.",
+    "client-number": {
+      "description": "Client number as seen by the bank.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "closed": {
+      "description": "When the account was closed.",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "boolean"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
-    "account": {
-      "description": "Account number",
-      "ui-priority": 0,
-      "misp-attribute": "bank-account-nr"
+    "comments": {
+      "description": "Comments about the bank account.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "currency-code": {
       "description": "Currency of the account.",
-      "ui-priority": 0,
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "USD",
         "EUR"
       ],
+      "ui-priority": 0
+    },
+    "date-balance": {
+      "description": "When the balance was reported.",
       "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "aba-rtn": {
-      "description": " ABA routing transit number",
-      "ui-priority": 0,
-      "misp-attribute": "aba-rtn"
-    },
-    "account-name": {
-      "description": "A field to freely describe the bank account details.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "iban": {
       "description": "IBAN of the bank account.",
-      "ui-priority": 0,
-      "misp-attribute": "iban"
+      "misp-attribute": "iban",
+      "ui-priority": 0
     },
-    "client-number": {
-      "description": "Client number as seen by the bank.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+    "institution-code": {
+      "description": "Institution code of the bank.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "institution-name": {
+      "description": "Name of the bank or financial organisation.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "non-banking-institution": {
+      "description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "opened": {
+      "description": "When the account was opened.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "personal-account-type": {
       "description": "Account type.",
-      "ui-priority": 0,
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "A - Business",
         "B - Personal Current",
@@ -85,67 +113,12 @@
         "E - Trading Account",
         "O - Other"
       ],
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "opened": {
-      "description": "When the account was opened.",
-      "ui-priority": 0,
-      "misp-attribute": "datetime",
-      "disable_correlation": true
-    },
-    "closed": {
-      "description": "When the account was closed.",
-      "ui-priority": 0,
-      "misp-attribute": "datetime",
-      "disable_correlation": true
-    },
-    "balance": {
-      "description": "The balance of the account after the suspicious transaction was processed.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "date-balance": {
-      "description": "When the balance was reported.",
-      "ui-priority": 0,
-      "misp-attribute": "datetime",
-      "disable_correlation": true
-    },
-    "status-code": {
-      "description": "Account status at the time of the transaction processed.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "sane_default": [
-        "A - Active",
-        "B - Inactive",
-        "C - Dormant"
-      ]
-    },
-    "beneficiary": {
-      "description": "Final beneficiary of the bank account.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "beneficiary-comment": {
-      "description": "Comment about the final beneficiary.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "comments": {
-      "description": "Comments about the bank account.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
     },
     "report-code": {
       "description": "Report code of the bank account.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "CTR Cash Transaction Report",
         "STR Suspicious Transaction Report",
@@ -159,12 +132,40 @@
         "ORI Outgoing Request for Information – International",
         "IRD Incoming Request for Information – Domestic",
         "ORD Outgoing Request for Information – Domestic"
-      ]
+      ],
+      "ui-priority": 0
+    },
+    "status-code": {
+      "description": "Account status at the time of the transaction processed.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "A - Active",
+        "B - Inactive",
+        "C - Dormant"
+      ],
+      "ui-priority": 0
+    },
+    "swift": {
+      "description": "SWIFT or BIC as defined in ISO 9362.",
+      "disable_correlation": true,
+      "misp-attribute": "bic",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "A description of the bank account.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "An object describing bank account information based on account description from goAML 4.0.",
   "meta-category": "financial",
+  "name": "bank-account",
+  "requiredOneOf": [
+    "account",
+    "iban"
+  ],
   "uuid": "b4712203-95a8-4883-80e9-b566f5df11c9",
-  "name": "bank-account"
-}
+  "version": 2
+}

objects/bgp-hijack/definition.json

@@ -1,53 +1,53 @@
 {
+  "attributes": {
+    "country": {
+      "description": "Country code of the main location of the attacking autonomous system",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "BGP Hijack details",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "detected-asn": {
+      "description": "Detected Autonomous System Number",
+      "misp-attribute": "AS",
+      "ui-priority": 1
+    },
+    "end": {
+      "description": "Last time the Prefix hijack was seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "expected-asn": {
+      "description": "Expected Autonomous System Number",
+      "misp-attribute": "AS",
+      "ui-priority": 1
+    },
+    "start": {
+      "description": "First time the Prefix hijack was seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "subnet-announced": {
+      "description": "Subnet announced",
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com",
+  "meta-category": "network",
+  "name": "bgp-hijack",
   "required": [
     "expected-asn",
     "detected-asn",
     "start",
     "subnet-announced"
   ],
-  "attributes": {
-    "expected-asn": {
-      "description": "Expected Autonomous System Number",
-      "ui-priority": 1,
-      "misp-attribute": "AS"
-    },
-    "detected-asn": {
-      "description": "Detected Autonomous System Number",
-      "ui-priority": 1,
-      "misp-attribute": "AS"
-    },
-    "description": {
-      "description": "BGP Hijack details",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "country": {
-      "description": "Country code of the main location of the attacking autonomous system",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "subnet-announced": {
-      "description": "Subnet announced",
-      "ui-priority": 0,
-      "misp-attribute": "ip-src",
-      "multiple": true
-    },
-    "start": {
-      "description": "First time the Prefix hijack was seen",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "end": {
-      "description": "Last time the Prefix hijack was seen",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    }
-  },
-  "version": 1,
-  "description": "Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com",
-  "meta-category": "network",
   "uuid": "42355673-1fab-4908-8045-00bebd91c389",
-  "name": "bgp-hijack"
-}
+  "version": 1
+}

objects/bgp-ranking/definition.json

@@ -0,0 +1,41 @@
+{
+  "attributes": {
+    "address-family": {
+      "description": "The IP address family concerned by the ranking.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "v4",
+        "v6"
+      ],
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date fo the ranking.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "position": {
+      "description": "Position of the ASN for a given day.",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "ranking": {
+      "description": "Ranking of the Autonomous System number.",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 1
+    }
+  },
+  "description": "BGP Ranking object describing the ranking of an ASN for a given day, along with its position, 1 being the most malicious ASN of the day, with the highest ranking. This object is meant to have a relationship with the corresponding ASN object and represents its ranking for a specific date.",
+  "meta-category": "network",
+  "name": "bgp-ranking",
+  "required": [
+    "date",
+    "ranking"
+  ],
+  "uuid": "0cf87909-e44a-4426-8ebc-a250f932ce00",
+  "version": 1
+}

objects/blog/definition.json

@@ -0,0 +1,105 @@
+{
+  "attributes": {
+    "archive": {
+      "description": "Archive of the original document (Internet Archive, Archive.is, etc).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "creation-date": {
+      "description": "Initial creation of the blog post.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "embedded-link": {
+      "description": "Site linked by the blog post.",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "embedded-safe-link": {
+      "description": "Safe site linked by the blog post.",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "link": {
+      "description": "Original link into the blog post (Supposed harmless).",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "modification-date": {
+      "description": "Last update of the blog post.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "post": {
+      "description": "Raw post.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "removal-date": {
+      "description": "When the blog post was removed.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title of blog post.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "Type of blog post.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Medium",
+        "WordPress",
+        "Blogger",
+        "Tumbler",
+        "LiveJournal",
+        "Forum",
+        "Other"
+      ],
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Original URL location of the blog post (potentially malicious).",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    },
+    "username": {
+      "description": "Username who posted the blog post.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "username-quoted": {
+      "description": "Username who are quoted into the blog post.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "verified-username": {
+      "description": "Is the username account verified by the operator of the blog platform.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "values_list": [
+        "Verified",
+        "Unverified",
+        "Unknown"
+      ]
+    }
+  },
+  "description": "Blog post like Medium or WordPress.",
+  "meta-category": "misc",
+  "name": "blog",
+  "requiredOneOf": [
+    "post",
+    "archive",
+    "url",
+    "link"
+  ],
+  "uuid": "1f165fc0-b158-498f-8bc8-6dc3d2822bb1",
+  "version": 14
+}

objects/boleto/definition.json

@@ -0,0 +1,90 @@
+{
+  "attributes": {
+    "beneficiary": {
+      "description": "Final beneficiary of the boleto.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "beneficiary-bank-account": {
+      "categories": [
+        "Financial fraud"
+      ],
+      "description": "Recipient bank account number",
+      "misp-attribute": "bank-account-nr",
+      "ui-priority": 0
+    },
+    "beneficiary-bank-agency": {
+      "categories": [
+        "Financial fraud"
+      ],
+      "description": "Recipient bank agency number",
+      "misp-attribute": "bank-account-nr",
+      "ui-priority": 0
+    },
+    "boleto-number": {
+      "categories": [
+        "Financial fraud"
+      ],
+      "description": "Boleto code numbers",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "creation-date": {
+      "description": "Date the boleto was created",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "febraban-code": {
+      "description": "Financial institution code in Brazil that created the boleto.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "generator-financial-institution": {
+      "description": "Name of the bank or financial organisation that created the boleto.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "payment-due-date": {
+      "description": "Boleto payment date",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "payment-status": {
+      "description": "Inform if boleto was as paid or not",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0,
+      "values_list": [
+        "Not Paid",
+        "Paid"
+      ]
+    },
+    "payment-value": {
+      "categories": [
+        "Other"
+      ],
+      "description": "The payment boleto value in Brazilian Reais",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "to_ids": false,
+      "ui-priority": 1
+    },
+    "requester": {
+      "description": "Organisation, service or affiliated person that requested creation of the boleto.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "A common form of payment used in Brazil.",
+  "meta-category": "financial",
+  "name": "boleto",
+  "requiredOneOf": [
+    "boleto-number"
+  ],
+  "uuid": "24979ac7-d413-4345-9c8b-69b43a739fd1",
+  "version": 1
+}

objects/btc-transaction/definition.json

@@ -1,51 +1,51 @@
 {
+  "attributes": {
+    "btc-address": {
+      "description": "A Bitcoin transactional address",
+      "disable_correlation": true,
+      "misp-attribute": "btc",
+      "ui-priority": 0
+    },
+    "time": {
+      "description": "Date and time of transaction",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "transaction-number": {
+      "description": "A Bitcoin transaction number in a sequence of transactions",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "value_BTC": {
+      "description": "Value in BTC at date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "value_EUR": {
+      "description": "Value in EUR with conversion rate as of date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "value_USD": {
+      "description": "Value in USD with conversion rate as of date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    }
+  },
+  "description": "An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.",
+  "meta-category": "financial",
+  "name": "btc-transaction",
   "requiredOneOf": [
     "transaction-number",
     "time",
     "value_BTC"
   ],
-  "attributes": {
-    "transaction-number": {
-      "description": "A Bitcoin transaction number in a sequence of transactions",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "multiple": true,
-      "misp-attribute": "text"
-    },
-    "time": {
-      "description": "Date and time of transaction",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "datetime"
-    },
-    "value_BTC": {
-      "description": "Value in BTC at date/time displayed in field 'time'",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "float"
-    },
-    "value_EUR": {
-      "description": "Value in EUR with conversion rate as of date/time displayed in field 'time'",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "float"
-    },
-    "value_USD": {
-      "description": "Value in USD with conversion rate as of date/time displayed in field 'time'",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "float"
-    },
-    "btc-address": {
-      "description": "A Bitcoin transactional address",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "btc"
-    }
-  },
-  "version": 4,
-  "description": "An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.",
-  "meta-category": "financial",
   "uuid": "B7341729-5A8A-439F-A775-6D814DA3C7B5",
-  "name": "btc-transaction"
-}
+  "version": 4
+}

objects/btc-wallet/definition.json

@@ -1,41 +1,41 @@
 {
-  "requiredOneOf": [
-    "wallet-address"
-  ],
   "attributes": {
-    "wallet-address": {
-      "description": "A Bitcoin wallet address",
-      "ui-priority": 0,
-      "misp-attribute": "btc"
-    },
-    "balance_BTC": {
-      "description": "Value in BTC at date/time displayed in field 'time'",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "float"
-    },
     "BTC_received": {
       "description": "Value of received BTC",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "float"
+      "misp-attribute": "float",
+      "ui-priority": 0
     },
     "BTC_sent": {
       "description": "Value of sent BTC",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "float"
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "balance_BTC": {
+      "description": "Value in BTC at date/time displayed in field 'time'",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
     },
     "time": {
       "description": "Date and time of lookup/conversion",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "wallet-address": {
+      "description": "A Bitcoin wallet address",
+      "misp-attribute": "btc",
+      "ui-priority": 0
     }
   },
-  "version": 2,
   "description": "An object to describe a Bitcoin wallet. Best to be used with bitcoin-transactions.",
   "meta-category": "financial",
+  "name": "btc-wallet",
+  "requiredOneOf": [
+    "wallet-address"
+  ],
   "uuid": "22910C83-DD0E-4ED2-9823-45F8CAD562A4",
-  "name": "btc-wallet"
-}
+  "version": 2
+}

objects/cap-alert/definition.json

@@ -1,41 +1,31 @@
 {
-  "requiredOneOf": [
-    "msgType"
-  ],
   "attributes": {
+    "addresses": {
+      "description": "The group listing of intended recipients of the alert message. (1)   Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”.  (2)   Each recipient SHALL be identified by an identifier or an address.  (3)   Multiple space-delimited addresses MAY be included.  Addresses including whitespace MUST be enclosed in double-quotes. ",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "code": {
+      "description": "The code denoting the special handling of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "identifier": {
       "description": "The identifier of the alert message in a number or string uniquely identifying this message, assigned by the sender.",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "sender": {
-      "description": "The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "sent": {
-      "description": "The time and date of the origination of the alert message.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "status": {
-      "description": "The code denoting the appropriate handling of the alert message.",
-      "ui-priority": 0,
       "misp-attribute": "text",
-      "sane_default": [
-        "Actual",
-        "Exercise",
-        "System",
-        "Test",
-        "Draft"
-      ]
+      "ui-priority": 1
+    },
+    "incident": {
+      "description": "The group listing naming the referent incident(s) of the alert message. (1)   Used to collate multiple messages referring to different aspects of the same incident.  (2)   If multiple incident identifiers are referenced, they SHALL be separated by whitespace.  Incident names including whitespace SHALL be surrounded by double-quotes.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "msgType": {
       "description": "The code denoting the nature of the alert message.",
-      "ui-priority": 0,
       "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
@@ -44,65 +34,75 @@
         "Cancel",
         "Ack",
         "Error"
-      ]
+      ],
+      "ui-priority": 0
     },
-    "source": {
-      "description": "The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.",
-      "ui-priority": 0,
+    "note": {
+      "description": "The text describing the purpose or significance of the alert message.",
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "The group listing identifying earlier message(s) referenced by the alert message. (1)   The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one.  (2)   If multiple messages are referenced, they SHALL be separated by whitespace.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "restriction": {
+      "description": "The text describing the rule for limiting distribution of the restricted alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "scope": {
       "description": "The code denoting the intended distribution of the alert message. ",
-      "ui-priority": 0,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Public",
         "Restricted",
         "Private"
-      ]
+      ],
+      "ui-priority": 0
     },
-    "restriction": {
-      "description": "The text describing the rule for limiting distribution of the restricted alert message.",
-      "ui-priority": 0,
+    "sender": {
+      "description": "The identifier of the sender of the alert message which identifies the originator of this alert. Guaranteed by assigner to be unique globally; e.g., may be based on an Internet domain name.",
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
     },
-    "addresses": {
-      "description": "The group listing of intended recipients of the alert message. (1)   Required when <scope> is “Private”, optional when <scope> is “Public” or “Restricted”.  (2)   Each recipient SHALL be identified by an identifier or an address.  (3)   Multiple space-delimited addresses MAY be included.  Addresses including whitespace MUST be enclosed in double-quotes. ",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
+    "sent": {
+      "description": "The time and date of the origination of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
-    "code": {
-      "description": "The code denoting the special handling of the alert message.",
-      "ui-priority": 0,
+    "source": {
+      "description": "The text identifying the source of the alert message. The particular source of this alert; e.g., an operator or a specific device.",
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
     },
-    "note": {
-      "description": "The text describing the purpose or significance of the alert message.",
-      "ui-priority": 0,
+    "status": {
+      "description": "The code denoting the appropriate handling of the alert message.",
       "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "references": {
-      "description": "The group listing identifying earlier message(s) referenced by the alert message. (1)   The extended message identifier(s) (in the form sender,identifier,sent) of an earlier CAP message or messages referenced by this one.  (2)   If multiple messages are referenced, they SHALL be separated by whitespace.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "incident": {
-      "description": "The group listing naming the referent incident(s) of the alert message. (1)   Used to collate multiple messages referring to different aspects of the same incident.  (2)   If multiple incident identifiers are referenced, they SHALL be separated by whitespace.  Incident names including whitespace SHALL be surrounded by double-quotes.",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
+      "sane_default": [
+        "Actual",
+        "Exercise",
+        "System",
+        "Test",
+        "Draft"
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Common Alerting Protocol Version (CAP) alert object",
   "meta-category": "misc",
+  "name": "cap-alert",
+  "requiredOneOf": [
+    "msgType"
+  ],
   "uuid": "03b107bb-133d-4180-87ff-e3dbe731f828",
-  "name": "cap-alert"
-}
+  "version": 1
+}

objects/cap-info/definition.json

@@ -1,17 +1,14 @@
 {
-  "requiredOneOf": [
-    "category"
-  ],
   "attributes": {
-    "language": {
-      "description": "The code denoting the language of the info sub-element of the alert message. ",
-      "ui-priority": 0,
+    "audience": {
+      "description": "The text describing the intended audience of the alert message.",
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "category": {
       "description": "The code denoting the category of the subject event of the alert message.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
         "Geo",
@@ -27,17 +24,88 @@
         "CBRNE",
         "Other"
       ],
-      "disable_correlation": true
+      "ui-priority": 0
+    },
+    "certainty": {
+      "description": "The code denoting the certainty of the subject event of the alert message.  For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Likely",
+        "Possible",
+        "Unlikely",
+        "Unknown"
+      ],
+      "ui-priority": 0
+    },
+    "contact": {
+      "description": "The text describing the contact for follow-up and confirmation of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "The text describing the subject event of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "effective": {
+      "description": "The effective time of the information of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "event": {
       "description": "The text denoting the type of the subject event of the alert message.",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "eventCode": {
+      "description": "A system-specific code identifying the event type of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "expires": {
+      "description": "The expiry time of the information of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "headline": {
+      "description": "The text headline of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "instruction": {
+      "description": "The text describing the recommended action to be taken by recipients of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "The code denoting the language of the info sub-element of the alert message. ",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "onset": {
+      "description": "The expected time of the beginning of the subject event of the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "parameter": {
+      "description": "A system-specific additional parameter associated with the alert message.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "responseType": {
       "description": "The code denoting the type of action recommended for the target audience.",
-      "ui-priority": 0,
       "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
@@ -50,24 +118,17 @@
         "Assess",
         "AllClear",
         "None"
-      ]
+      ],
+      "ui-priority": 0
     },
-    "urgency": {
-      "description": "The code denoting the urgency of the subject event of the alert message.",
-      "ui-priority": 0,
+    "senderName": {
+      "description": "The text naming the originator of the alert message.",
       "disable_correlation": true,
       "misp-attribute": "text",
-      "sane_default": [
-        "Immediate",
-        "Expected",
-        "Future",
-        "Past",
-        "Unknown"
-      ]
+      "ui-priority": 0
     },
     "severity": {
       "description": "The code denoting the severity of the subject event of the alert message.",
-      "ui-priority": 0,
       "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
@@ -76,96 +137,35 @@
         "Moderate",
         "Minor",
         "Unknown"
-      ]
+      ],
+      "ui-priority": 0
     },
-    "certainty": {
-      "description": "The code denoting the certainty of the subject event of the alert message.  For backward compatibility with CAP 1.0, the deprecated value of “Very Likely” SHOULD be treated as equivalent to “Likely”.",
-      "ui-priority": 0,
+    "urgency": {
+      "description": "The code denoting the urgency of the subject event of the alert message.",
       "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
-        "Likely",
-        "Possible",
-        "Unlikely",
+        "Immediate",
+        "Expected",
+        "Future",
+        "Past",
         "Unknown"
-      ]
-    },
-    "audience": {
-      "description": "The text describing the intended audience of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "eventCode": {
-      "description": "A system-specific code identifying the event type of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "effective": {
-      "description": "The effective time of the information of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "datetime"
-    },
-    "onset": {
-      "description": "The expected time of the beginning of the subject event of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "datetime"
-    },
-    "expires": {
-      "description": "The expiry time of the information of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "datetime"
-    },
-    "senderName": {
-      "description": "The text naming the originator of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "headline": {
-      "description": "The text headline of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "description": {
-      "description": "The text describing the subject event of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "instruction": {
-      "description": "The text describing the recommended action to be taken by recipients of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
+      ],
+      "ui-priority": 0
     },
     "web": {
       "description": "The identifier of the hyperlink associating additional information with the alert message.",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "link"
-    },
-    "contact": {
-      "description": "The text describing the contact for follow-up and confirmation of the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "parameter": {
-      "description": "A system-specific additional parameter associated with the alert message.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "link",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Common Alerting Protocol Version (CAP) info object",
   "meta-category": "misc",
+  "name": "cap-info",
+  "requiredOneOf": [
+    "category"
+  ],
   "uuid": "826c25e6-fdd5-4e4a-b081-be5ba3ac2c3d",
-  "name": "cap-info"
-}
+  "version": 1
+}

objects/cap-resource/definition.json

@@ -1,46 +1,46 @@
 {
-  "requiredOneOf": [
-    "resourceDesc"
-  ],
   "attributes": {
-    "resourceDesc": {
-      "description": "The text describing the type and content of the resource file.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "mimeType": {
-      "description": "The identifier of the MIME content type and sub-type describing the resource file.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "mime-type"
-    },
-    "size": {
-      "description": "The integer indicating the size of the resource file.",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "uri": {
-      "description": "The identifier of the hyperlink for the resource file.",
-      "ui-priority": 0,
-      "misp-attribute": "link"
-    },
     "derefUri": {
       "description": "The base-64 encoded data content of the resource file.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "attachment",
-      "disable_correlation": true
+      "ui-priority": 0
     },
     "digest": {
       "description": "The code representing the digital digest (“hash”) computed from the resource file (OPTIONAL).",
-      "ui-priority": 0,
-      "misp-attribute": "sha1"
+      "misp-attribute": "sha1",
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "The identifier of the MIME content type and sub-type describing the resource file.",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "ui-priority": 0
+    },
+    "resourceDesc": {
+      "description": "The text describing the type and content of the resource file.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "size": {
+      "description": "The integer indicating the size of the resource file.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "uri": {
+      "description": "The identifier of the hyperlink for the resource file.",
+      "misp-attribute": "link",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Common Alerting Protocol Version (CAP) resource object",
   "meta-category": "misc",
+  "name": "cap-resource",
+  "requiredOneOf": [
+    "resourceDesc"
+  ],
   "uuid": "6fddc76b-59fc-49f6-a673-52f8d15149c4",
-  "name": "cap-resource"
-}
+  "version": 1
+}

objects/coin-address/definition.json

@@ -1,24 +1,44 @@
 {
-  "requiredOneOf": [
-    "address",
-    "address-xmr"
-  ],
   "attributes": {
     "address": {
       "description": "Bitcoin address used as a payment destination in a cryptocurrency",
-      "ui-priority": 1,
-      "misp-attribute": "btc"
+      "misp-attribute": "btc",
+      "ui-priority": 1
     },
     "address-xmr": {
       "description": "Monero address used as a payment destination in a cryptocurrency",
-      "ui-priority": 1,
-      "misp-attribute": "xmr"
+      "misp-attribute": "xmr",
+      "ui-priority": 1
+    },
+    "current-balance": {
+      "description": "Current balance of address",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "first-seen": {
+      "description": "First time this payment destination address has been seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "last-seen": {
+      "description": "Last time this payment destination address has been seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "last-updated": {
+      "description": "Last time the balances and totals have been updated",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "symbol": {
       "description": "The (uppercase) symbol of the cryptocurrency used. Symbol should be from https://coinmarketcap.com/all/views/all/",
-      "misp-attribute": "text",
       "disable_correlation": true,
-      "ui-priority": 1,
+      "misp-attribute": "text",
       "sane_default": [
         "BTC",
         "ETH",
@@ -46,65 +66,45 @@
         "WAVES",
         "PPT",
         "ETN"
-      ]
-    },
-    "last-seen": {
-      "description": "Last time this payment destination address has been seen",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "first-seen": {
-      "description": "First time this payment destination address has been seen",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "last-updated": {
-      "description": "Last time the balances and totals have been updated",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "current-balance": {
-      "description": "Current balance of address",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "float",
-      "recommended": false
-    },
-    "total-transactions": {
-      "description": "Total transactions performed",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "recommended": false
-    },
-    "total-received": {
-      "description": "Total balance received",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "float",
-      "recommended": false
-    },
-    "total-sent": {
-      "description": "Total balance sent",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "float",
-      "recommended": false
+      ],
+      "ui-priority": 1
     },
     "text": {
       "description": "Free text value",
       "disable_correlation": true,
-      "ui-priority": 1,
       "misp-attribute": "text",
-      "recommended": false
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "total-received": {
+      "description": "Total balance received",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "total-sent": {
+      "description": "Total balance sent",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "total-transactions": {
+      "description": "Total transactions performed",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
     }
   },
-  "version": 5,
   "description": "An address used in a cryptocurrency",
   "meta-category": "financial",
+  "name": "coin-address",
+  "requiredOneOf": [
+    "address",
+    "address-xmr"
+  ],
   "uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
-  "name": "coin-address"
-}
+  "version": 5
+}

objects/command-line/definition.json

@@ -1,20 +1,20 @@
 {
   "attributes": {
-    "value": {
-      "description": "command code",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "multiple": true
-    },
     "description": {
       "description": "description of the command",
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "value": {
+      "description": "command code",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
     }
   },
-  "version": 1,
   "description": "Command line and options related to a specific command executed by a program, whether it is malicious or not.",
   "meta-category": "misc",
+  "name": "command-line",
   "uuid": "88ebe222-d3cc-11e9-875d-7f13f460adaf",
-  "name": "command-line"
-}
+  "version": 1
+}

objects/command/definition.json

@@ -1,37 +1,37 @@
 {
   "attributes": {
+    "description": {
+      "description": "Description of the command functionalities",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "location": {
       "description": "Location of the command functionality",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Bundled",
         "Module",
         "Libraries",
         "Unknown"
-      ]
+      ],
+      "ui-priority": 1
     },
     "trigger": {
       "description": "How the commands are triggered",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Local",
         "Network",
         "Unknown"
-      ]
-    },
-    "description": {
-      "description": "Description of the command functionalities",
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      ],
+      "ui-priority": 1
     }
   },
-  "version": 1,
   "description": "Command functionalities related to specific commands executed by a program, whether it is malicious or not. Command-line are attached to this object for the related commands.",
   "meta-category": "misc",
+  "name": "command",
   "uuid": "21ad70d8-d397-11e9-9ea7-43b2d5f6a6e3",
-  "name": "command"
-}
+  "version": 1
+}

objects/cookie/definition.json

@@ -1,30 +1,53 @@
 {
-  "required": [
-    "cookie"
-  ],
   "attributes": {
     "cookie": {
       "description": "Full cookie",
-      "ui-priority": 1,
-      "misp-attribute": "cookie"
+      "misp-attribute": "cookie",
+      "ui-priority": 1
     },
     "cookie-name": {
       "description": "Name of the cookie (if splitted)",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "cookie-value": {
       "description": "Value of the cookie (if splitted)",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "expires": {
+      "description": "Expiration date/time of the cookie",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "http-only": {
+      "description": "True if send only through HTTP",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "path": {
+      "description": "Path defined in the cookie",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "secure": {
+      "description": "True if cookie is sent over TLS",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
     },
     "text": {
       "description": "A description of the cookie.",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "type": {
+      "description": "Type of cookie and how it's used in this specific object.",
+      "misp-attribute": "text",
       "sane_default": [
         "Session management",
         "Personalization",
@@ -33,14 +56,15 @@
         "Malicious Payload",
         "Beaconing"
       ],
-      "description": "Type of cookie and how it's used in this specific object.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "ui-priority": 0
     }
   },
-  "version": 2,
   "description": "An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.",
   "meta-category": "network",
+  "name": "cookie",
+  "required": [
+    "cookie"
+  ],
   "uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
-  "name": "cookie"
-}
+  "version": 3
+}

objects/cortex-taxonomy/definition.json

@@ -1,40 +1,10 @@
 {
-  "required": [
-    "level",
-    "predicate",
-    "value",
-    "namespace"
-  ],
   "attributes": {
-    "namespace": {
-      "categories": [
-        "External analysis"
-      ],
-      "description": "Cortex Taxonomy Namespace",
+    "cortex_url": {
+      "description": "URL to the Cortex job",
       "disable_correlation": true,
-      "multiple": false,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "predicate": {
-      "categories": [
-        "External analysis"
-      ],
-      "description": "Cortex Taxonomy Predicate",
-      "disable_correlation": true,
-      "multiple": false,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "value": {
-      "categories": [
-        "External analysis"
-      ],
-      "description": "Cortex Taxonomy Value",
-      "disable_correlation": true,
-      "multiple": false,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "link",
+      "ui-priority": 0
     },
     "level": {
       "categories": [
@@ -42,9 +12,9 @@
       ],
       "description": "Cortex Taxonomy Level",
       "disable_correlation": true,
-      "multiple": false,
       "misp-attribute": "text",
-      "ui-priority": 0,
+      "multiple": false,
+      "ui-priority": 1,
       "values_list": [
         "info",
         "safe",
@@ -52,16 +22,46 @@
         "malicious"
       ]
     },
-    "cortex_url": {
-      "description": "URL to the Cortex job",
+    "namespace": {
+      "categories": [
+        "External analysis"
+      ],
+      "description": "Cortex Taxonomy Namespace",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "link"
+      "misp-attribute": "text",
+      "multiple": false,
+      "ui-priority": 4
+    },
+    "predicate": {
+      "categories": [
+        "External analysis"
+      ],
+      "description": "Cortex Taxonomy Predicate",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": false,
+      "ui-priority": 3
+    },
+    "value": {
+      "categories": [
+        "External analysis"
+      ],
+      "description": "Cortex Taxonomy Value",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": false,
+      "ui-priority": 2
     }
   },
-  "version": 4,
   "description": "Cortex object describing an Cortex Taxonomy (or mini report)",
   "meta-category": "misc",
+  "name": "cortex-taxonomy",
+  "required": [
+    "namespace",
+    "predicate",
+    "value",
+    "level"
+  ],
   "uuid": "bef7d23b-e796-4d46-803a-32e317896894",
-  "name": "cortex-taxonomy"
-}
+  "version": 5
+}

objects/cortex/definition.json

@@ -1,48 +1,48 @@
 {
-  "requiredOneOf": [
-    "full"
-  ],
   "attributes": {
-    "summary": {
-      "description": "Cortex summary object (summary) in JSON",
-      "disable_correlation": false,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
     "full": {
       "description": "Cortex report object (full report) in JSON",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "start-date": {
-      "description": "When the Cortex analyser was started",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "name": {
       "description": "Cortex analyser/worker name",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "server-name": {
       "description": "Name of the cortex server",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "start-date": {
+      "description": "When the Cortex analyser was started",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "success": {
       "description": "Result of the cortex job",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "boolean"
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Cortex summary object (summary) in JSON",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object.",
   "meta-category": "misc",
+  "name": "cortex",
+  "requiredOneOf": [
+    "full"
+  ],
   "uuid": "144988f3-fa00-4374-8015-c1a32092f451",
-  "name": "cortex"
-}
+  "version": 1
+}

objects/course-of-action/definition.json

@@ -1,20 +1,77 @@
 {
-  "requiredOneOf": [
-    "name",
-    "type"
-  ],
   "attributes": {
+    "cost": {
+      "description": "The estimated cost of applying the course of action.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "High",
+        "Medium",
+        "Low",
+        "None",
+        "Unknown"
+      ],
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "A description of the course of action.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "efficacy": {
+      "description": "The estimated efficacy of applying the course of action.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "High",
+        "Medium",
+        "Low",
+        "None",
+        "Unknown"
+      ],
+      "ui-priority": 0
+    },
+    "impact": {
+      "description": "The estimated impact of applying the course of action.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "High",
+        "Medium",
+        "Low",
+        "None",
+        "Unknown"
+      ],
+      "ui-priority": 0
+    },
     "name": {
       "description": "The name used to identify the course of action.",
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true
+      "ui-priority": 0
+    },
+    "objective": {
+      "description": "The objective of the course of action.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "stage": {
+      "description": "The stage of the threat management lifecycle that the course of action is applicable to.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Remedy",
+        "Response",
+        "Further Analysis Required"
+      ],
+      "ui-priority": 0
     },
     "type": {
       "description": "The type of the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Perimeter Blocking",
         "Internal Blocking",
@@ -32,74 +89,17 @@
         "Diplomatic Actions",
         "Policy Actions",
         "Other"
-      ]
-    },
-    "description": {
-      "description": "A description of the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true
-    },
-    "objective": {
-      "description": "The objective of the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true
-    },
-    "stage": {
-      "description": "The stage of the threat management lifecycle that the course of action is applicable to.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "sane_default": [
-        "Remedy",
-        "Response",
-        "Further Analysis Required"
-      ]
-    },
-    "cost": {
-      "description": "The estimated cost of applying the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "sane_default": [
-        "High",
-        "Medium",
-        "Low",
-        "None",
-        "Unknown"
-      ]
-    },
-    "impact": {
-      "description": "The estimated impact of applying the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "sane_default": [
-        "High",
-        "Medium",
-        "Low",
-        "None",
-        "Unknown"
-      ]
-    },
-    "efficacy": {
-      "description": "The estimated efficacy of applying the course of action.",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "sane_default": [
-        "High",
-        "Medium",
-        "Low",
-        "None",
-        "Unknown"
-      ]
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "An object describing a specific measure taken to prevent or respond to an attack.",
   "meta-category": "misc",
+  "name": "course-of-action",
+  "requiredOneOf": [
+    "name",
+    "type"
+  ],
   "uuid": "3d1c2c06-68a9-4394-8c8d-258d115f796f",
-  "name": "course-of-action"
-}
+  "version": 1
+}

objects/covid19-csse-daily-report/definition.json

@@ -0,0 +1,79 @@
+{
+  "attributes": {
+    "active": {
+      "description": "the number of active cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "confirmed": {
+      "description": "the number of confirmed cases. For Hubei Province: from Feb 13 (GMT +8), we report both clinically diagnosed and lab-confirmed cases. For lab-confirmed cases only (Before Feb 17), please refer to https://github.com/CSSEGISandData/COVID-19/tree/master/who_covid_19_situation_reports.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "country-region": {
+      "description": "country/region name conforming to WHO (will be updated).",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "county": {
+      "description": "US County (US Only)",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "death": {
+      "description": "the number of deaths.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "fips": {
+      "description": "Federal Information Processing Standard county code (US Only)",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "latitude": {
+      "description": "Approximate latitude of the entry",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "longitude": {
+      "description": "Approximate longitude of the entry",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "province-state": {
+      "description": "province name; US/Canada/Australia/ - city name, state/province name; Others - name of the event (e.g., \"Diamond Princess\" cruise ship); other countries - blank.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "recovered": {
+      "description": "the number of recovered cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "update": {
+      "description": "Time of the last update that day (UTC)",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    }
+  },
+  "description": "CSSE COVID-19 Daily report",
+  "meta-category": "health",
+  "name": "covid19-csse-daily-report",
+  "required": [
+    "country-region",
+    "update"
+  ],
+  "uuid": "9458bf83-2e29-4ff3-9996-0564f2d954c8",
+  "version": 2
+}

objects/covid19-dxy-live-city/definition.json

@@ -0,0 +1,49 @@
+{
+  "attributes": {
+    "city": {
+      "description": "Name of the Chinese city, in Chinese.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "current-confirmed": {
+      "description": "Current number of confirmed cases",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "total-confirmed": {
+      "description": "Total number of confirmed cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "total-cured": {
+      "description": "Total number of cured cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "total-death": {
+      "description": "Total number of deaths.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "update": {
+      "description": "Approximate time of the update (~hour)",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    }
+  },
+  "description": "COVID 19 from dxy.cn - Aggregation by city",
+  "meta-category": "health",
+  "name": "covid19-dxy-live-city",
+  "required": [
+    "city",
+    "update"
+  ],
+  "uuid": "9132452b-f60a-41ac-a3b9-62701b85621b",
+  "version": 1
+}

objects/covid19-dxy-live-province/definition.json

@@ -0,0 +1,55 @@
+{
+  "attributes": {
+    "comment": {
+      "description": "Comment, in chinese",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "current-confirmed": {
+      "description": "Current number of confirmed cases",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "province": {
+      "description": "Name of the Chinese province, in Chinese.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "total-confirmed": {
+      "description": "Total number of confirmed cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "total-cured": {
+      "description": "Total number of cured cases.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "total-death": {
+      "description": "Total number of deaths.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "update": {
+      "description": "Approximate time of the update (~hour)",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    }
+  },
+  "description": "COVID 19 from dxy.cn - Aggregation by province",
+  "meta-category": "health",
+  "name": "covid19-dxy-live-province",
+  "required": [
+    "province",
+    "update"
+  ],
+  "uuid": "40b49502-088b-44a5-80a7-0e55653f3ed4",
+  "version": 1
+}

objects/cowrie/definition.json

@@ -1,131 +1,131 @@
 {
-  "requiredOneOf": [
-    "session"
-  ],
   "attributes": {
-    "eventid": {
-      "description": "Eventid of the session in the cowrie honeypot",
+    "compCS": {
+      "description": "SSH compression algorithm supported in the session",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "system": {
-      "description": "System origin in cowrie honeypot",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "username": {
-      "description": "Username related to the password(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "password": {
-      "description": "Password",
+      "misp-attribute": "text",
       "multiple": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "session": {
-      "description": "Session id",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "timestamp": {
-      "description": "When the event happened",
-      "ui-priority": 1,
-      "misp-attribute": "datetime",
-      "disable_correlation": true
-    },
-    "message": {
-      "description": "Message of the cowrie honeypot",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "protocol": {
-      "description": "Protocol used in the cowrie honeypot",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "sensor": {
-      "description": "Cowrie sensor name",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "src_ip": {
-      "description": "Source IP address of the session",
-      "ui-priority": 1,
-      "misp-attribute": "ip-src"
+      "ui-priority": 1
     },
     "dst_ip": {
       "description": "Destination IP address of the session",
-      "ui-priority": 1,
+      "disable_correlation": true,
       "misp-attribute": "ip-dst",
-      "disable_correlation": true
-    },
-    "src_port": {
-      "description": "Source port of the session",
-      "ui-priority": 1,
-      "misp-attribute": "port",
-      "disable_correlation": true
+      "ui-priority": 1
     },
     "dst_port": {
       "description": "Destination port of the session",
-      "ui-priority": 1,
+      "disable_correlation": true,
       "misp-attribute": "port",
-      "disable_correlation": true
-    },
-    "isError": {
-      "description": "isError",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "input": {
-      "description": "Input of the session",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "macCS": {
-      "description": "SSH MAC supported in the sesssion",
-      "multiple": true,
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "keyAlgs": {
-      "description": "SSH public-key algorithm supported in the session",
-      "multiple": true,
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "ui-priority": 1
     },
     "encCS": {
       "description": "SSH symmetric encryption algorithm supported in the session",
-      "multiple": true,
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "compCS": {
-      "description": "SSH compression algorithm supported in the session",
-      "multiple": true,
-      "ui-priority": 1,
       "misp-attribute": "text",
-      "disable_correlation": true
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "eventid": {
+      "description": "Eventid of the session in the cowrie honeypot",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
     "hassh": {
       "description": "HASSH of the client SSH session following Salesforce algorithm",
       "misp-attribute": "hassh-md5",
       "ui-priority": 1
+    },
+    "input": {
+      "description": "Input of the session",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "isError": {
+      "description": "isError",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "keyAlgs": {
+      "description": "SSH public-key algorithm supported in the session",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "macCS": {
+      "description": "SSH MAC supported in the sesssion",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "message": {
+      "description": "Message of the cowrie honeypot",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "password": {
+      "description": "Password",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "protocol": {
+      "description": "Protocol used in the cowrie honeypot",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "sensor": {
+      "description": "Cowrie sensor name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "session": {
+      "description": "Session id",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "src_ip": {
+      "description": "Source IP address of the session",
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "src_port": {
+      "description": "Source port of the session",
+      "disable_correlation": true,
+      "misp-attribute": "port",
+      "ui-priority": 1
+    },
+    "system": {
+      "description": "System origin in cowrie honeypot",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "timestamp": {
+      "description": "When the event happened",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "username": {
+      "description": "Username related to the password(s)",
+      "misp-attribute": "text",
+      "ui-priority": 1
     }
   },
-  "version": 3,
   "description": "Cowrie honeypot object template",
   "meta-category": "network",
+  "name": "cowrie",
+  "requiredOneOf": [
+    "session"
+  ],
   "uuid": "ae085d32-6534-4d52-b3eb-063fccb753e7",
-  "name": "cowrie"
-}
+  "version": 3
+}

objects/cpe-asset/definition.json

@@ -0,0 +1,94 @@
+{
+  "attributes": {
+    "cpe": {
+      "description": "CPE—the well-formed CPE name(WFN). WFNs can be used to describe a set of products or to identify an individual product.",
+      "misp-attribute": "cpe",
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Complementary description of the asset",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "edition": {
+      "description": "The edition attribute is considered deprecated in this specification, and it SHOULD be assigned the logical value ANY except where required for backward compatibility with version 2.2 of the CPE specification.This attribute is referred to as the “legacyedition”attribute.If this attribute is used,values for this attribute SHOULD capture edition-related terms applied by the vendor to the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Values for thisattribute SHALL be valid language tags as defined by [RFC5646], and SHOULD be used to define the language supported in the user interface of the product being described.Although any valid language tag MAY be used, only tags containing language and region codesSHOULD be used.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "other": {
+      "description": "Values for this attribute SHOULD capture any other general descriptive or identifying information which is vendor-or product-specific and which does not logically fit in any other attribute value. Values SHOULD NOT be used for storing instance-specific data (e.g., globally-unique identifiers or Internet Protocol addresses).Values for this attribute SHOULD be selected from a valid-values list that is refined over time; this list MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "part": {
+      "description": "Part - application, operating systems or hardware devices",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "a",
+        "o",
+        "h"
+      ],
+      "ui-priority": 0
+    },
+    "product": {
+      "description": "Values for this attribute SHOULD describe or identify the most common and recognizable title or name of the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAY be specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "sw_edition": {
+      "description": "Values for this attribute SHOULD characterize how the product is tailored to a particular market or class of end users. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "target_hw": {
+      "description": "Values for this attribute SHOULD characterize the instruction set architecture (e.g., x86) on which the product being described or identified by the WFN operates. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, SHALL be considered instruction set architectures. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "target_sw": {
+      "description": "Values for this attribute SHOULDi characterize the software computing environment within which the product operates.Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs(cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "update": {
+      "description": "Values for this attribute SHOULD be vendor-specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "vendor": {
+      "description": "Values for this attribute SHOULD describe or identify the person or organization that manufactured or created the product. Values for this attribute SHOULD be selected from an attribute-specific valid-values list, which MAYbe defined by other specifications that utilize this specification. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAY be specified as the value of the attribute",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "version": {
+      "description": "Values for this attribute SHOULD be vendor-specific alphanumeric strings characterizing the particular release version of the product.Version information SHOULD be copied directly (with escaping of printable non-alphanumeric characters as required) from discoverable data and SHOULD NOTbe truncated or otherwise modified. Any character string meeting the requirements for WFNs (cf. 5.3.2) MAYbe specified as the value of the attribute.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "An asset which can be defined by a CPE. This can be a generic asset. CPE is a structured naming scheme for information technology systems, software, and packages.",
+  "meta-category": "misc",
+  "name": "cpe-asset",
+  "requiredOneOf": [
+    "cpe"
+  ],
+  "uuid": "8ea002c4-172d-45ae-8d91-1cdea825e6a9",
+  "version": 1
+}

objects/credential/definition.json

@@ -1,57 +1,10 @@
 {
-  "requiredOneOf": [
-    "password",
-    "username"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the credential(s)",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "username": {
-      "description": "Username related to the password(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "password": {
-      "description": "Password",
-      "multiple": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "type": {
-      "description": "Type of password(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "values_list": [
-        "password",
-        "api-key",
-        "encryption-key",
-        "unknown"
-      ]
-    },
-    "origin": {
-      "description": "Origin of the credential(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "sane_default": [
-        "bruteforce-scanning",
-        "malware-analysis",
-        "memory-analysis",
-        "network-analysis",
-        "leak",
-        "unknown"
-      ]
-    },
     "format": {
       "description": "Format of the password(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1,
       "values_list": [
         "clear-text",
         "hashed",
@@ -61,20 +14,67 @@
     },
     "notification": {
       "description": "Mention of any notification(s) towards the potential owner(s) of the credential(s)",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "multiple": true,
+      "ui-priority": 1,
       "values_list": [
         "victim-notified",
         "service-notified",
         "none"
       ]
+    },
+    "origin": {
+      "description": "Origin of the credential(s)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "bruteforce-scanning",
+        "malware-analysis",
+        "memory-analysis",
+        "network-analysis",
+        "leak",
+        "unknown"
+      ],
+      "ui-priority": 1
+    },
+    "password": {
+      "description": "Password",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "text": {
+      "description": "A description of the credential(s)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "Type of password(s)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1,
+      "values_list": [
+        "password",
+        "api-key",
+        "encryption-key",
+        "unknown"
+      ]
+    },
+    "username": {
+      "description": "Username related to the password(s)",
+      "misp-attribute": "text",
+      "ui-priority": 1
     }
   },
-  "version": 4,
   "description": "Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).",
   "meta-category": "misc",
+  "name": "credential",
+  "requiredOneOf": [
+    "password",
+    "username"
+  ],
   "uuid": "a27e98c9-9b0e-414c-8076-d201e039ca09",
-  "name": "credential"
-}
+  "version": 4
+}

objects/credit-card/definition.json

@@ -1,57 +1,57 @@
 {
-  "requiredOneOf": [
-    "cc-number"
-  ],
   "attributes": {
-    "iin": {
-      "description": "International Issuer Number (First eight digits of the credit card number",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
     "bank_name": {
       "description": "Name of the bank which have issued the card",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "version": {
-      "description": "Version of the card.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "comment": {
-      "description": "A description of the card.",
-      "ui-priority": 0,
-      "misp-attribute": "comment"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "card-security-code": {
       "description": "Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "name": {
-      "description": "Name of the card owner.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "issued": {
-      "description": "Initial date of validity or issued date.",
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
-    },
-    "expiration": {
-      "description": "Maximum date of validity",
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "cc-number": {
       "description": "credit-card number as encoded on the card.",
-      "ui-priority": 0,
-      "misp-attribute": "cc-number"
+      "misp-attribute": "cc-number",
+      "ui-priority": 0
+    },
+    "comment": {
+      "description": "A description of the card.",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "expiration": {
+      "description": "Maximum date of validity",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "iin": {
+      "description": "International Issuer Number (First eight digits of the credit card number",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "issued": {
+      "description": "Initial date of validity or issued date.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name of the card owner.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "version": {
+      "description": "Version of the card.",
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 3,
   "description": "A payment card like credit card, debit card or any similar cards which can be used for financial transactions.",
   "meta-category": "financial",
+  "name": "credit-card",
+  "requiredOneOf": [
+    "cc-number"
+  ],
   "uuid": "2b9c57aa-daba-4330-a738-56f18743b0c7",
-  "name": "credit-card"
-}
+  "version": 3
+}

objects/crypto-material/definition.json

@@ -1,118 +1,40 @@
 {
-  "requiredOneOf": [
-    "text",
-    "private",
-    "p",
-    "q",
-    "modulus"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the cryptographic materials.",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "rsa-modulus-size": {
-      "description": "RSA modulus size in bits",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "modulus": {
-      "description": "Modulus Parameter - in hexadecimal - no 0x, no :",
-      "disable_correlation": false,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "e": {
-      "description": "RSA public exponent",
-      "disable_correlation": false,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "p": {
-      "description": "Prime Parameter - P in decimal",
-      "disable_correlation": false,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "q": {
-      "description": "Prime Parameter - Q in decimal",
-      "disable_correlation": false,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "g": {
-      "description": "Curve Parameter - G in decimal",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "y": {
-      "description": "Curve Parameter - Y in decimal",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "x": {
-      "description": "Curve Parameter - X in decimal",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "n": {
-      "description": "Curve Parameter - N in decimal",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "b": {
-      "description": "Curve Parameter - B in decimal",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "curve-length": {
-      "description": "Length of the Curve in bits",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
     "Gx": {
       "description": "Curve Parameter - Gx in decimal",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
     "Gy": {
       "description": "Curve Parameter - Gy in decimal",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "private": {
-      "description": "Private part of the cryptographic materials in PEM format",
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "type": {
-      "description": "Type of crytographic materials",
-      "ui-priority": 1,
       "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "b": {
+      "description": "Curve Parameter - B in decimal",
       "disable_correlation": true,
-      "values_list": [
-        "RSA",
-        "DSA",
-        "ECDSA",
-        "unknown"
-      ]
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "curve-length": {
+      "description": "Length of the Curve in bits",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "e": {
+      "description": "RSA public exponent",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 1
     },
     "ecdsa-type": {
       "description": "Curve type of the ECDSA cryptographic materials",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1,
       "values_list": [
         "Anomalous",
         "M-221",
@@ -136,11 +58,33 @@
         "E-521"
       ]
     },
+    "g": {
+      "description": "Curve Parameter - G in decimal",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "generic-symmetric-key": {
+      "description": "Generic symmetric key (please precise the type)",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "modulus": {
+      "description": "Modulus Parameter - in hexadecimal - no 0x, no :",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "n": {
+      "description": "Curve Parameter - N in decimal",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "origin": {
       "description": "Origin of the cryptographic materials",
-      "ui-priority": 1,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "mathematical-attack",
         "exhaustive-search",
@@ -150,12 +94,76 @@
         "network-interception",
         "leak",
         "unknown"
+      ],
+      "ui-priority": 1
+    },
+    "p": {
+      "description": "Prime Parameter - P in decimal",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "private": {
+      "description": "Private part of the cryptographic materials in PEM format",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "q": {
+      "description": "Prime Parameter - Q in decimal",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "rsa-modulus-size": {
+      "description": "RSA modulus size in bits",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "text": {
+      "description": "A description of the cryptographic materials.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "Type of crytographic materials",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1,
+      "values_list": [
+        "RSA",
+        "DSA",
+        "ECDSA",
+        "RC4",
+        "XOR",
+        "unknown"
       ]
+    },
+    "x": {
+      "description": "Curve Parameter - X in decimal",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "y": {
+      "description": "Curve Parameter - Y in decimal",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
     }
   },
-  "version": 3,
   "description": "Cryptographic materials such as public or/and private keys.",
   "meta-category": "misc",
+  "name": "crypto-material",
+  "requiredOneOf": [
+    "generic-symmetric-key",
+    "text",
+    "private",
+    "p",
+    "q",
+    "modulus"
+  ],
   "uuid": "50677f82-ec9c-4484-bb29-2519cfe56823",
-  "name": "crypto-material"
-}
+  "version": 3
+}

objects/cytomic-orion-file/definition.json

@@ -0,0 +1,63 @@
+{
+  "attributes": {
+    "classification": {
+      "categories": [
+        "Other"
+      ],
+      "description": "File classification - number",
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 2
+    },
+    "classificationName": {
+      "categories": [
+        "Other"
+      ],
+      "description": "File classification",
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 1
+    },
+    "fileName": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Original filename",
+      "misp-attribute": "filename",
+      "ui-priority": 9
+    },
+    "fileSize": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Size of the file",
+      "misp-attribute": "size-in-bytes",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "first-seen": {
+      "categories": [
+        "Other"
+      ],
+      "description": "First seen timestamp of the file",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 3
+    },
+    "last-seen": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Last seen timestamp of the file",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 4
+    }
+  },
+  "description": "Cytomic Orion File Detection",
+  "meta-category": "misc",
+  "name": "cytomic-orion-file",
+  "required": [],
+  "uuid": "0ad86572-ba38-4baf-9fed-1926e9ecc916",
+  "version": 7
+}

objects/cytomic-orion-machine/definition.json

@@ -0,0 +1,101 @@
+{
+  "attributes": {
+    "clientCreationDateUTC": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Client creation date UTC",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "clientId": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Client id",
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "clientName": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Client name",
+      "misp-attribute": "target-org",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "creationDate": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Client creation date",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "first-seen": {
+      "categories": [
+        "Other"
+      ],
+      "description": "First seen on machine",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 3
+    },
+    "last-seen": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Last seen on machine",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 4
+    },
+    "lastSeenUtc": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Client last seen UTC",
+      "misp-attribute": "datetime",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "machineMuid": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Machine UID",
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "machineName": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Machine name",
+      "misp-attribute": "target-machine",
+      "ui-priority": 9
+    },
+    "machinePath": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Path of observable",
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 2
+    }
+  },
+  "description": "Cytomic Orion File at Machine Detection",
+  "meta-category": "misc",
+  "name": "cytomic-orion-machine",
+  "required": [
+    "machineName"
+  ],
+  "uuid": "e0e46343-43fd-4ce7-b447-51381402c774",
+  "version": 4
+}

objects/dark-pattern-item/definition.json

@@ -1,63 +1,63 @@
 {
-  "requiredOneOf": [
-    "location",
-    "screenshot"
-  ],
   "attributes": {
-    "location": {
-      "description": "Location where to find the item",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "multiple": true,
-      "misp-attribute": "text"
-    },
-    "time": {
-      "description": "Date and time when first-seen",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "datetime"
-    },
-    "implementer": {
-      "description": "Who is the vendor / holder of the item",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
-    "user": {
-      "description": "who are the user of the item",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text"
-    },
     "comment": {
       "description": "textual comment about the item",
-      "ui-priority": 0,
       "disable_correlation": true,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "gain": {
       "description": "What is the implementer is gaining by deceiving the user",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
+      "ui-priority": 0,
       "values_list": [
         "registration",
         "personal data",
         "money",
         "contacts",
         "audience"
-      ],
-      "disable_correlation": true
+      ]
+    },
+    "implementer": {
+      "description": "Who is the vendor / holder of the item",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "location": {
+      "description": "Location where to find the item",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
     },
     "screenshot": {
       "description": "A screencapture or a screengrab of the item at work",
-      "ui-priority": 1,
       "disable_correlation": true,
-      "misp-attribute": "attachment"
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "time": {
+      "description": "Date and time when first-seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "user": {
+      "description": "who are the user of the item",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 2,
   "description": "An Item whose User Interface implements a dark pattern.",
   "meta-category": "misc",
+  "name": "dark-pattern-item",
+  "requiredOneOf": [
+    "location",
+    "screenshot"
+  ],
   "uuid": "05755e29-8f5f-464d-bcff-2b4686472769",
-  "name": "dark-pattern-item"
-}
+  "version": 2
+}

objects/ddos/definition.json

@@ -1,65 +1,22 @@
 {
-  "name": "ddos",
-  "uuid": "e2f124d6-f57c-4f93-99e6-8450545fa05d",
-  "meta-category": "network",
-  "description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy",
-  "version": 6,
   "attributes": {
-    "total-bps": {
-      "description": "Bits per second",
-      "misp-attribute": "counter",
-      "ui-priority": 0
-    },
-    "text": {
-      "description": "Description of the DDoS",
-      "disable_correlation": true,
-      "misp-attribute": "text",
-      "ui-priority": 0
-    },
     "domain-dst": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
       "description": "Destination domain (victim)",
       "misp-attribute": "domain",
-      "ui-priority": 1,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
-    },
-    "ip-dst": {
-      "description": "Destination IP (victim)",
-      "misp-attribute": "ip-dst",
-      "ui-priority": 1,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
-    },
-    "ip-src": {
-      "description": "IP address originating the attack",
-      "misp-attribute": "ip-src",
-      "ui-priority": 1,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
+      "ui-priority": 1
     },
     "dst-port": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
       "description": "Destination port of the attack",
       "misp-attribute": "port",
-      "ui-priority": 0,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
-    },
-    "src-port": {
-      "description": "Port originating the attack",
-      "misp-attribute": "port",
-      "ui-priority": 0,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
+      "ui-priority": 0
     },
     "first-seen": {
       "description": "Beginning of the attack",
@@ -67,6 +24,30 @@
       "misp-attribute": "datetime",
       "ui-priority": 0
     },
+    "ip-dst": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Destination IP (victim)",
+      "misp-attribute": "ip-dst",
+      "ui-priority": 1
+    },
+    "ip-src": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IP address originating the attack",
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "last-seen": {
+      "description": "End of the attack",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
     "protocol": {
       "description": "Protocol used for the attack",
       "misp-attribute": "text",
@@ -78,21 +59,40 @@
         "IP"
       ]
     },
+    "src-port": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Port originating the attack",
+      "misp-attribute": "port",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "Description of the DDoS",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "total-bps": {
+      "description": "Bits per second",
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
     "total-pps": {
       "description": "Packets per second",
       "misp-attribute": "counter",
       "ui-priority": 0
-    },
-    "last-seen": {
-      "description": "End of the attack",
-      "disable_correlation": true,
-      "misp-attribute": "datetime",
-      "ui-priority": 0
     }
   },
+  "description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy",
+  "meta-category": "network",
+  "name": "ddos",
   "requiredOneOf": [
     "ip-dst",
     "ip-src",
     "domain-dst"
-  ]
-}
+  ],
+  "uuid": "e2f124d6-f57c-4f93-99e6-8450545fa05d",
+  "version": 6
+}

objects/device/definition.json

@@ -1,31 +1,44 @@
 {
-  "requiredOneOf": [
-    "name",
-    "alias"
-  ],
   "attributes": {
-    "description": {
-      "description": "Description of the Device",
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
+    "MAC-address": {
+      "description": "Device MAC address",
+      "misp-attribute": "mac-address",
+      "ui-priority": 0
     },
-    "name": {
-      "description": "Name of the Device",
-      "ui-priority": 101,
-      "misp-attribute": "text"
+    "OS": {
+      "description": "OS of the device",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 98
     },
     "alias": {
       "description": "Alias of the Device",
-      "ui-priority": 100,
       "misp-attribute": "text",
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 100
+    },
+    "analysis-date": {
+      "description": "Date of device analysis",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "attachment": {
+      "description": "An attachment",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description of the Device",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
     },
     "device-type": {
       "description": "Type of the device",
-      "ui-priority": 99,
-      "misp-attribute": "text",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "PC",
         "Mobile",
@@ -35,53 +48,40 @@
         "IoT",
         "Hardware",
         "Other"
-      ]
-    },
-    "OS": {
-      "description": "OS of the device",
-      "ui-priority": 98,
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "multiple": true
-    },
-    "version": {
-      "description": "Version of the device/ OS",
-      "ui-priority": 97,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "ip-address": {
-      "description": "Device IP address",
-      "ui-priority": 0,
-      "misp-attribute": "ip-src",
-      "multiple": true
+      ],
+      "ui-priority": 99
     },
     "dns-name": {
       "description": "Device DNS Name",
-      "ui-priority": 0,
       "misp-attribute": "text",
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 0
     },
-    "MAC-address": {
-      "description": "Device MAC address",
-      "ui-priority": 0,
-      "misp-attribute": "mac-address"
+    "ip-address": {
+      "description": "Device IP address",
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
     },
-    "analysis-date": {
-      "description": "Date of device analysis",
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+    "name": {
+      "description": "Name of the Device",
+      "misp-attribute": "text",
+      "ui-priority": 101
     },
-    "attachment": {
-      "description": "An attachment",
-      "ui-priority": 0,
-      "misp-attribute": "attachment",
-      "multiple": true
+    "version": {
+      "description": "Version of the device/ OS",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 97
     }
   },
-  "version": 7,
   "description": "An object to define a device",
   "meta-category": "misc",
+  "name": "device",
+  "requiredOneOf": [
+    "name",
+    "alias"
+  ],
   "uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52",
-  "name": "device"
-}
+  "version": 7
+}

objects/diameter-attack/definition.json

@@ -1,89 +1,89 @@
 {
-  "requiredOneOf": [
-    "text"
-  ],
   "attributes": {
-    "category": {
-      "description": "Category.",
-      "sane_default": [
-        "Cat0",
-        "Cat1",
-        "Cat2",
-        "Cat3",
-        "CatSMS"
-      ],
-      "misp-attribute": "text",
-      "disable_correlation": true,
-      "ui-priority": 0
-    },
     "ApplicationId": {
       "description": "Application-ID is used to identify for which Diameter application the message is applicable. Application-ID is a decimal representation.",
       "misp-attribute": "text",
       "ui-priority": 0
     },
-    "SessionId": {
-      "description": "Session-ID.",
-      "misp-attribute": "text",
-      "ui-priority": 0
-    },
     "CmdCode": {
       "description": "A decimal representation of the diameter Command Code.",
       "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
     },
-    "Origin-Host": {
-      "description": "Origin-Host.",
-      "misp-attribute": "text",
-      "multiple": true,
-      "ui-priority": 0
-    },
     "Destination-Host": {
       "description": "Destination-Host.",
       "misp-attribute": "text",
       "multiple": true,
       "ui-priority": 0
     },
-    "Origin-Realm": {
-      "description": "Origin-Realm.",
-      "misp-attribute": "text",
-      "multiple": true,
-      "ui-priority": 0
-    },
     "Destination-Realm": {
       "description": "Destination-Realm.",
       "misp-attribute": "text",
       "multiple": true,
       "ui-priority": 0
     },
+    "IdrFlags": {
+      "description": "IDR-Flags.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "Origin-Host": {
+      "description": "Origin-Host.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "Origin-Realm": {
+      "description": "Origin-Realm.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "SessionId": {
+      "description": "Session-ID.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "Username": {
       "description": "Username (in this case, usually the IMSI).",
       "misp-attribute": "text",
       "multiple": true,
       "ui-priority": 0
     },
-    "IdrFlags": {
-      "description": "IDR-Flags.",
-      "misp-attribute": "text",
+    "category": {
+      "description": "Category.",
       "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Cat0",
+        "Cat1",
+        "Cat2",
+        "Cat3",
+        "CatSMS"
+      ],
+      "ui-priority": 0
+    },
+    "first-seen": {
+      "description": "When the attack has been seen for the first time.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
       "ui-priority": 0
     },
     "text": {
       "description": "A description of the attack seen.",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "first-seen": {
-      "description": "When the attack has been seen for the first time.",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "Attack as seen on diameter authentication against a GSM, UMTS or LTE network",
   "meta-category": "network",
+  "name": "diameter-attack",
+  "requiredOneOf": [
+    "text"
+  ],
   "uuid": "a3fdce4c-8e21-4acc-ab8e-9976e9165a12",
-  "name": "diameter-attack"
-}
+  "version": 1
+}

objects/dns-record/definition.json

@@ -1,62 +1,139 @@
 {
+  "attributes": {
+    "a-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IPv4 address associated with A record",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "aaaa-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IPv6 address associated with AAAA record",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "cname-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with CNAME record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "mx-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with MX record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "ns-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with NS record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "ptr-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with PTR record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "queried-domain": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain name",
+      "misp-attribute": "domain",
+      "ui-priority": 1
+    },
+    "soa-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with SOA record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "spf-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IP addresses associated with SPF record",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "srv-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain associated with SRV record",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "text": {
+      "description": "A description of the records",
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "txt-record": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Content associated with TXT record",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    }
+  },
+  "description": "A set of DNS records observed for a specific domain.",
+  "meta-category": "network",
+  "name": "dns-record",
   "required": [
     "queried-domain"
   ],
   "requiredOneOf": [
     "a-record",
+    "aaaa-record",
+    "cname-record",
     "mx-record",
-    "ns-record"
+    "ns-record",
+    "ptr-record",
+    "soa-record",
+    "spf-record",
+    "srv-record",
+    "txt-record"
   ],
-  "attributes": {
-    "text": {
-      "description": "A description of the records",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "recommended": false
-    },
-    "queried-domain": {
-      "description": "Domain name",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "domain"
-    },
-    "a-record": {
-      "description": "IP Address sassociated with A Records",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "ip-dst",
-      "multiple": true
-    },
-    "mx-record": {
-      "description": "Domain associated with MX Record",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "domain",
-      "multiple": true
-    },
-    "ns-record": {
-      "description": "Domain associated with NS Records",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "domain",
-      "multiple": true
-    }
-  },
-  "version": 1,
-  "description": "A set of dns records observed for a specific domain.",
-  "meta-category": "network",
   "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9",
-  "name": "dns-record"
-}
+  "version": 2
+}

objects/domain-crawled/definition.json

@@ -0,0 +1,38 @@
+{
+  "attributes": {
+    "domain": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain name",
+      "misp-attribute": "domain",
+      "ui-priority": 1
+    },
+    "text": {
+      "description": "A description of the tuple",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "url": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "domain url",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    }
+  },
+  "description": "A domain crawled over time",
+  "meta-category": "network",
+  "name": "domain-crawled",
+  "required": [
+    "domain"
+  ],
+  "uuid": "bad4888d-c44e-4612-b08f-3d97c1e0014a",
+  "version": 2
+}

objects/domain-ip/definition.json

@@ -1,58 +1,68 @@
 {
-  "required": [
-    "ip",
-    "domain"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the tuple",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "recommended": false
-    },
-    "last-seen": {
-      "description": "Last time the tuple has been seen",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+    "domain": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Domain name",
+      "misp-attribute": "domain",
+      "multiple": true,
+      "ui-priority": 1
     },
     "first-seen": {
       "description": "First time the tuple has been seen",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "ip": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "IP Address",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "last-seen": {
+      "description": "Last time the tuple has been seen",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "port": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "Associated TCP port with the domain",
+      "misp-attribute": "port",
+      "multiple": true,
+      "ui-priority": 1
     },
     "registration-date": {
       "description": "Registration date of domain",
       "disable_correlation": false,
-      "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
-    "domain": {
-      "description": "Domain name",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "domain",
-      "multiple": true
-    },
-    "ip": {
-      "description": "IP Address",
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "ip-dst",
-      "multiple": true
+    "text": {
+      "description": "A description of the tuple",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
     }
   },
-  "version": 6,
   "description": "A domain and IP address seen as a tuple in a specific time frame.",
   "meta-category": "network",
+  "name": "domain-ip",
+  "required": [
+    "ip",
+    "domain"
+  ],
   "uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
-  "name": "domain-ip"
-}
+  "version": 8
+}

objects/elf-section/definition.json

@@ -1,95 +1,116 @@
 {
-  "requiredOneOf": [
-    "text",
-    "name",
-    "md5",
-    "sha1",
-    "sha224",
-    "sha256",
-    "sha384",
-    "sha512",
-    "sha512/224",
-    "sha512/256"
-  ],
   "attributes": {
-    "md5": {
-      "description": "[Insecure] MD5 hash (128 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "md5",
-      "recommended": false
-    },
-    "sha1": {
-      "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha1",
-      "recommended": false
-    },
-    "sha224": {
-      "description": "Secure Hash Algorithm 2 (224 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha224",
-      "recommended": false
-    },
-    "sha256": {
-      "description": "Secure Hash Algorithm 2 (256 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha256"
-    },
-    "sha384": {
-      "description": "Secure Hash Algorithm 2 (384 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha384",
-      "recommended": false
-    },
-    "sha512": {
-      "description": "Secure Hash Algorithm 2 (512 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha512"
-    },
-    "sha512/224": {
-      "description": "Secure Hash Algorithm 2 (224 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha512/224",
-      "recommended": false
-    },
-    "sha512/256": {
-      "description": "Secure Hash Algorithm 2 (256 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha512/256",
-      "recommended": false
-    },
-    "ssdeep": {
-      "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
-      "ui-priority": 0,
-      "misp-attribute": "ssdeep"
-    },
     "entropy": {
       "description": "Entropy of the whole section",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "float"
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "flag": {
+      "description": "Flag of the section",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "ALLOC",
+        "EXCLUDE",
+        "EXECINSTR",
+        "GROUP",
+        "HEX_GPREL",
+        "INFO_LINK",
+        "LINK_ORDER",
+        "MASKOS",
+        "MASKPROC",
+        "MERGE",
+        "MIPS_ADDR",
+        "MIPS_LOCAL",
+        "MIPS_MERGE",
+        "MIPS_NAMES",
+        "MIPS_NODUPES",
+        "MIPS_NOSTRIP",
+        "NONE",
+        "OS_NONCONFORMING",
+        "STRINGS",
+        "TLS",
+        "WRITE",
+        "XCORE_SHF_CP_SECTION"
+      ],
+      "ui-priority": 0
+    },
+    "md5": {
+      "description": "[Insecure] MD5 hash (128 bits)",
+      "misp-attribute": "md5",
+      "recommended": false,
+      "ui-priority": 1
     },
     "name": {
       "description": "Name of the section",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "sha1": {
+      "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
+      "misp-attribute": "sha1",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "sha224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha256",
+      "ui-priority": 1
+    },
+    "sha384": {
+      "description": "Secure Hash Algorithm 2 (384 bits)",
+      "misp-attribute": "sha384",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512": {
+      "description": "Secure Hash Algorithm 2 (512 bits)",
+      "misp-attribute": "sha512",
+      "ui-priority": 1
+    },
+    "sha512/224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha512/224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512/256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha512/256",
+      "recommended": false,
+      "ui-priority": 0
     },
     "size-in-bytes": {
       "description": "Size of the section, in bytes",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "size-in-bytes"
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 1
+    },
+    "ssdeep": {
+      "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
+      "misp-attribute": "ssdeep",
+      "ui-priority": 0
     },
     "text": {
       "description": "Free text value to attach to the section",
       "disable_correlation": true,
-      "ui-priority": 1,
       "misp-attribute": "text",
-      "recommended": false
+      "recommended": false,
+      "ui-priority": 1
     },
     "type": {
       "description": "Type of the section",
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "NULL",
         "PROGBITS",
@@ -127,45 +148,24 @@
         "LOUSER",
         "HIUSER"
       ],
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "flag": {
-      "description": "Flag of the section",
-      "sane_default": [
-        "ALLOC",
-        "EXCLUDE",
-        "EXECINSTR",
-        "GROUP",
-        "HEX_GPREL",
-        "INFO_LINK",
-        "LINK_ORDER",
-        "MASKOS",
-        "MASKPROC",
-        "MERGE",
-        "MIPS_ADDR",
-        "MIPS_LOCAL",
-        "MIPS_MERGE",
-        "MIPS_NAMES",
-        "MIPS_NODUPES",
-        "MIPS_NOSTRIP",
-        "NONE",
-        "OS_NONCONFORMING",
-        "STRINGS",
-        "TLS",
-        "WRITE",
-        "XCORE_SHF_CP_SECTION"
-      ],
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "multiple": true
+      "ui-priority": 0
     }
   },
-  "version": 4,
   "description": "Object describing a section of an Executable and Linkable Format",
   "meta-category": "file",
+  "name": "elf-section",
+  "requiredOneOf": [
+    "text",
+    "name",
+    "md5",
+    "sha1",
+    "sha224",
+    "sha256",
+    "sha384",
+    "sha512",
+    "sha512/224",
+    "sha512/256"
+  ],
   "uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
-  "name": "elf-section"
-}
+  "version": 4
+}

objects/elf/definition.json

@@ -1,38 +1,9 @@
 {
-  "requiredOneOf": [
-    "text",
-    "entrypoint-address"
-  ],
   "attributes": {
-    "entrypoint-address": {
-      "description": "Address of the entry point",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "type": {
-      "description": "Type of ELF",
-      "sane_default": [
-        "CORE",
-        "DYNAMIC",
-        "EXECUTABLE",
-        "HIPROC",
-        "LOPROC",
-        "NONE",
-        "RELOCATABLE"
-      ],
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "number-sections": {
-      "description": "Number of sections",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "counter"
-    },
     "arch": {
       "description": "Architecture of the ELF file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "None",
         "M32",
@@ -210,12 +181,24 @@
         "CSR_KALIMBA",
         "AMDGPU"
       ],
-      "ui-priority": 0,
+      "ui-priority": 0
+    },
+    "entrypoint-address": {
+      "description": "Address of the entry point",
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
+    },
+    "number-sections": {
+      "description": "Number of sections",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
     },
     "os_abi": {
       "description": "Header operating system application binary interface (ABI)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "AIX",
         "ARM",
@@ -239,21 +222,38 @@
         "SYSTEMV",
         "TRU64"
       ],
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
     },
     "text": {
       "description": "Free text value to attach to the ELF",
       "disable_correlation": true,
-      "ui-priority": 1,
       "misp-attribute": "text",
-      "recommended": false
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "Type of ELF",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "CORE",
+        "DYNAMIC",
+        "EXECUTABLE",
+        "HIPROC",
+        "LOPROC",
+        "NONE",
+        "RELOCATABLE"
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 5,
   "description": "Object describing a Executable and Linkable Format",
   "meta-category": "file",
+  "name": "elf",
+  "requiredOneOf": [
+    "text",
+    "entrypoint-address"
+  ],
   "uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
-  "name": "elf"
-}
+  "version": 5
+}

objects/email/definition.json

@@ -1,186 +1,193 @@
 {
-  "name": "email",
-  "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
-  "meta-category": "network",
-  "description": "Email object describing an email with meta-information",
-  "version": 13,
   "attributes": {
-    "reply-to": {
-      "description": "Email address the reply will be sent to",
-      "misp-attribute": "email-reply-to",
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ]
-    },
-    "message-id": {
-      "description": "Message ID",
-      "misp-attribute": "email-message-id",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "categories": [
-        "Payload delivery"
-      ]
-    },
-    "to": {
-      "description": "Destination email address",
-      "misp-attribute": "email-dst",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ],
-      "multiple": true
-    },
-    "cc": {
-      "description": "Carbon copy",
-      "misp-attribute": "email-dst",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ],
-      "multiple": true
-    },
-    "to-display-name": {
-      "description": "Display name of the receiver",
-      "misp-attribute": "email-dst-display-name",
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ],
-      "multiple": true
-    },
-    "subject": {
-      "description": "Subject",
-      "misp-attribute": "email-subject",
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ]
-    },
-    "screenshot": {
-      "description": "Screenshot of email",
-      "misp-attribute": "attachment",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "categories": [
-        "External analysis"
-      ]
-    },
     "attachment": {
+      "categories": [
+        "Payload delivery"
+      ],
       "description": "Attachment",
       "misp-attribute": "email-attachment",
-      "ui-priority": 0,
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cc": {
       "categories": [
         "Payload delivery"
       ],
-      "multiple": true
+      "description": "Carbon copy",
+      "disable_correlation": true,
+      "misp-attribute": "email-dst",
+      "multiple": true,
+      "ui-priority": 1
     },
-    "received-header-ip": {
-      "description": "Extracted IP address from parsed headers",
+    "email-body": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Body of the email",
+      "disable_correlation": true,
+      "misp-attribute": "email-body",
+      "ui-priority": 1
+    },
+    "eml": {
+      "description": "Full EML",
+      "disable_correlation": true,
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "from": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Sender email address",
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "from-display-name": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Display name of the sender",
+      "misp-attribute": "email-src-display-name",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "header": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Full headers",
+      "disable_correlation": true,
+      "misp-attribute": "email-header",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ip-src": {
+      "description": "Source IP address of the email sender",
       "misp-attribute": "ip-src",
-      "ui-priority": 0,
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "message-id": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Message ID",
+      "disable_correlation": true,
+      "misp-attribute": "email-message-id",
+      "ui-priority": 0
+    },
+    "mime-boundary": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "MIME Boundary",
+      "disable_correlation": true,
+      "misp-attribute": "email-mime-boundary",
+      "ui-priority": 0
     },
     "received-header-hostname": {
       "description": "Extracted hostname from parsed headers",
       "misp-attribute": "hostname",
-      "ui-priority": 0,
-      "multiple": true
+      "multiple": true,
+      "ui-priority": 0
     },
-    "x-mailer": {
-      "description": "X-Mailer generally tells the program that was used to draft and send the original email",
-      "misp-attribute": "email-x-mailer",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "categories": [
-        "Payload delivery"
-      ]
+    "received-header-ip": {
+      "description": "Extracted IP address from parsed headers",
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
     },
-    "header": {
-      "description": "Full headers",
-      "misp-attribute": "email-header",
-      "disable_correlation": true,
-      "ui-priority": 0,
+    "reply-to": {
       "categories": [
         "Payload delivery"
       ],
-      "multiple": true
-    },
-    "send-date": {
-      "description": "Date the email has been sent",
-      "misp-attribute": "datetime",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "categories": [
-        "Other"
-      ]
-    },
-    "mime-boundary": {
-      "description": "MIME Boundary",
-      "misp-attribute": "email-mime-boundary",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "categories": [
-        "Payload delivery"
-      ]
-    },
-    "thread-index": {
-      "description": "Identifies a particular conversation thread",
-      "misp-attribute": "email-thread-index",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "categories": [
-        "Payload delivery"
-      ]
-    },
-    "from": {
-      "description": "Sender email address",
-      "misp-attribute": "email-src",
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ]
+      "description": "Email address the reply will be sent to",
+      "misp-attribute": "email-reply-to",
+      "ui-priority": 1
     },
     "return-path": {
+      "categories": [
+        "Payload delivery"
+      ],
       "description": "Message return path",
       "misp-attribute": "email-src",
-      "ui-priority": 1,
-      "categories": [
-        "Payload delivery"
-      ]
+      "ui-priority": 1
     },
-    "from-display-name": {
-      "description": "Display name of the sender",
-      "misp-attribute": "email-src-display-name",
-      "ui-priority": 1,
+    "screenshot": {
       "categories": [
-        "Payload delivery"
-      ]
-    },
-    "email-body": {
-      "description": "Body of the email",
-      "misp-attribute": "email-body",
+        "External analysis"
+      ],
+      "description": "Screenshot of email",
       "disable_correlation": true,
-      "ui-priority": 1,
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "send-date": {
+      "categories": [
+        "Other"
+      ],
+      "description": "Date the email has been sent",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "subject": {
       "categories": [
         "Payload delivery"
-      ]
+      ],
+      "description": "Subject",
+      "misp-attribute": "email-subject",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "thread-index": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Identifies a particular conversation thread",
+      "disable_correlation": true,
+      "misp-attribute": "email-thread-index",
+      "ui-priority": 0
+    },
+    "to": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Destination email address",
+      "disable_correlation": true,
+      "misp-attribute": "email-dst",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "to-display-name": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "Display name of the receiver",
+      "misp-attribute": "email-dst-display-name",
+      "multiple": true,
+      "ui-priority": 1
     },
     "user-agent": {
       "description": "User Agent of the sender",
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "disable_correlation": true
-    },
-    "eml": {
-      "description": "Full EML",
-      "misp-attribute": "attachment",
       "disable_correlation": true,
-      "ui-priority": 1
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "x-mailer": {
+      "categories": [
+        "Payload delivery"
+      ],
+      "description": "X-Mailer generally tells the program that was used to draft and send the original email",
+      "disable_correlation": true,
+      "misp-attribute": "email-x-mailer",
+      "ui-priority": 0
     }
   },
+  "description": "Email object describing an email with meta-information",
+  "meta-category": "network",
+  "name": "email",
   "requiredOneOf": [
     "from",
     "from-display-name",
@@ -198,5 +205,7 @@
     "return-path",
     "email-body",
     "eml"
-  ]
-}
+  ],
+  "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
+  "version": 15
+}

objects/employee/definition.json

@@ -1,53 +1,21 @@
 {
-  "required": [
-    "email-address"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the person or identity.",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
-    },
-    "last-name": {
-      "description": "Last name Employee",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "last-name"
-    },
-    "first-name": {
-      "description": "First name of Employee",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "first-name"
-    },
-    "email-address": {
-      "description": "Employee Email Address",
-      "ui-priority": 0,
-      "misp-attribute": "target-email"
-    },
-    "userid": {
-      "description": "EMployee user identification",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "target-user"
-    },
-    "primary-asset": {
-      "description": "Asset tag of the primary asset assigned to employee",
-      "ui-priority": 0,
-      "misp-attribute": "target-machine"
-    },
     "business-unit": {
       "description": "the organizational business unit associated with the employee",
       "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "target-org"
+      "misp-attribute": "target-org",
+      "ui-priority": 0
+    },
+    "email-address": {
+      "description": "Employee Email Address",
+      "misp-attribute": "target-email",
+      "ui-priority": 0
     },
     "employee-type": {
       "description": "type of employee",
       "disable_correlation": true,
-      "ui-priority": 0,
       "misp-attribute": "text",
+      "ui-priority": 0,
       "values_list": [
         "Mid-Level Manager",
         "Senior Manager",
@@ -56,11 +24,43 @@
         "First-Line Manager",
         "Director"
       ]
+    },
+    "first-name": {
+      "description": "First name of Employee",
+      "disable_correlation": true,
+      "misp-attribute": "first-name",
+      "ui-priority": 0
+    },
+    "last-name": {
+      "description": "Last name Employee",
+      "disable_correlation": true,
+      "misp-attribute": "last-name",
+      "ui-priority": 0
+    },
+    "primary-asset": {
+      "description": "Asset tag of the primary asset assigned to employee",
+      "misp-attribute": "target-machine",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "A description of the person or identity.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "userid": {
+      "description": "EMployee user identification",
+      "disable_correlation": true,
+      "misp-attribute": "target-user",
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "An employee and related data points",
   "meta-category": "misc",
+  "name": "employee",
+  "required": [
+    "email-address"
+  ],
   "uuid": "443b2f15-d7c9-4d3d-bfd2-38f099753e83",
-  "name": "employee"
-}
+  "version": 1
+}

objects/exploit-poc/definition.json

@@ -1,45 +1,45 @@
 {
+  "attributes": {
+    "author": {
+      "description": "Author of the exploit - proof of concept",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description of the exploit - proof of concept",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "poc": {
+      "description": "Proof of Concept or exploit (as a script, binary or described process)",
+      "disable_correlation": true,
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "External references",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vulnerable_configuration": {
+      "description": "The vulnerable configuration described in CPE format where the exploit/proof of concept is valid",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.",
+  "meta-category": "vulnerability",
+  "name": "exploit-poc",
   "requiredOneOf": [
     "vulnerable_configuration",
     "description",
     "poc"
   ],
-  "attributes": {
-    "description": {
-      "description": "Description of the exploit - proof of concept",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "vulnerable_configuration": {
-      "description": "The vulnerable configuration described in CPE format where the exploit/proof of concept is valid",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "author": {
-      "description": "Author of the exploit - proof of concept",
-      "ui-priority": 0,
-      "disable_correlation": true,
-      "misp-attribute": "text",
-      "multiple": true
-    },
-    "references": {
-      "description": "External references",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "link"
-    },
-    "poc": {
-      "description": "Proof of Concept or exploit (as a script, binary or described process)",
-      "ui-priority": 0,
-      "misp-attribute": "attachment",
-      "disable_correlation": true,
-      "multiple": true
-    }
-  },
-  "version": 2,
-  "description": "Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.",
-  "meta-category": "vulnerability",
   "uuid": "e3bdeef8-78c3-48d8-9c2f-1be5e5bde93b",
-  "name": "exploit-poc"
-}
+  "version": 2
+}

objects/facebook-account/definition.json

@@ -0,0 +1,60 @@
+{
+  "attributes": {
+    "account-id": {
+      "description": "Account id.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "account-name": {
+      "description": "Account name.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "archive": {
+      "description": "Archive of the account (Internet Archive, Archive.is, etc).",
+      "disable_correlation": true,
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "attachment": {
+      "description": "A screen capture or exported list of contacts etc.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "A description of the user.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "link": {
+      "description": "Original link to the page (supposed harmless).",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Original URL location of the page (potentially malicious).",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    },
+    "user-avatar": {
+      "description": "A user profile picture or avatar.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 1
+    }
+  },
+  "description": "Facebook account.",
+  "meta-category": "misc",
+  "name": "facebook-account",
+  "requiredOneOf": [
+    "account-name",
+    "account-id",
+    "description",
+    "archive",
+    "link"
+  ],
+  "uuid": "b9862b95-7d78-4938-a2b5-13e45c60f25a",
+  "version": 1
+}

objects/facebook-group/definition.json

@@ -0,0 +1,98 @@
+{
+  "attributes": {
+    "administrator": {
+      "description": "A user account who is an owner or admin of the group.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "archive": {
+      "description": "Archive of the original group (Internet Archive, Archive.is, etc).",
+      "disable_correlation": true,
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "attachment": {
+      "description": "A screen capture or exported list of contacts, group members, etc.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "creator": {
+      "description": "The user account that created the group.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "A description of the group, channel or community.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "embedded-link": {
+      "description": "Link embedded in the group description (potentially malicious).",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "embedded-safe-link": {
+      "description": "Link embedded in the group description (supposed safe).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "group-alias": {
+      "description": "Aliases or previous names of group.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "group-name": {
+      "description": "The name of the group, channel or community.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "group-type": {
+      "description": "Facebook group type, e.g. general, buy and sell etc.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "hashtag": {
+      "description": "Hashtag used to identify or promote the group.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "link": {
+      "description": "Original link to the group (supposed harmless).",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "privacy": {
+      "description": "Group privacy: public, closed, secret.",
+      "misp-attribute": "text",
+      "sane_default": [
+        "Public",
+        "Closed",
+        "Secret"
+      ],
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Original URL location of the group (potentially malicious).",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    }
+  },
+  "description": "Public or private facebook group.",
+  "meta-category": "misc",
+  "name": "facebook-group",
+  "requiredOneOf": [
+    "group-name",
+    "description",
+    "archive",
+    "link"
+  ],
+  "uuid": "165c5507-1cba-4cec-9be4-66e21b590ee6",
+  "version": 1
+}

objects/facebook-page/definition.json

@@ -0,0 +1,117 @@
+{
+  "attributes": {
+    "archive": {
+      "description": "Archive of the original page (Internet Archive, Archive.is, etc).",
+      "disable_correlation": true,
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "attachment": {
+      "description": "A screen capture or exported list of contacts, page members, etc.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "contact-detail": {
+      "description": "Contact url listed on about page.",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "creator": {
+      "description": "The user account that created the page.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "A description of the page.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "embedded-link": {
+      "description": "Link embedded in the page description (potentially malicious).",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "embedded-safe-link": {
+      "description": "Link embedded in the page description (supposed safe).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "event": {
+      "description": "Event announcement on page.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "hashtag": {
+      "description": "Hashtag used to identify or promote the page.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "link": {
+      "description": "Original link to the page (supposed harmless).",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "page-alias": {
+      "description": "Aliases or previous names of page.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "page-id": {
+      "description": "Page id (without the @).",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "page-name": {
+      "description": "The name of the page.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "page-type": {
+      "description": "Facebook page type, e.g. community, product etc.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "related-page-id": {
+      "description": "id of a page listed as related to this one (without the @).",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "related-page-name": {
+      "description": "name of a page listed as related to this one.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "team-member": {
+      "description": "A user account who is a member of the page.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Original URL location of the page (potentially malicious).",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    }
+  },
+  "description": "Facebook page.",
+  "meta-category": "misc",
+  "name": "facebook-page",
+  "requiredOneOf": [
+    "page-name",
+    "description",
+    "archive",
+    "link"
+  ],
+  "uuid": "e76892db-c168-4289-b957-56e3021c46b9",
+  "version": 1
+}

objects/facebook-post/definition.json

@@ -0,0 +1,125 @@
+{
+  "attributes": {
+    "archive": {
+      "description": "Archive of the original document (Internet Archive, Archive.is, etc).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "attachment": {
+      "description": "The facebook post file or screen capture.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "embedded-link": {
+      "description": "Link in the facebook post",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "embedded-safe-link": {
+      "description": "Safe link in the facebook post",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "hashtag": {
+      "description": "Hashtag embedded in the facebook post",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "in-reply-to-display-name": {
+      "description": "The user display name of the facebook this post shares.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "in-reply-to-status-id": {
+      "description": "The facebook ID of the post that this post shares.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "in-reply-to-user-id": {
+      "description": "The user ID of the facebook this post shares.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "The language of the post.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "link": {
+      "description": "Original link to the facebook post (supposed harmless).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "post": {
+      "description": "Raw text of the post.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "post-id": {
+      "description": "The facebook post id.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "post-location": {
+      "description": "id of the group, page or wall the post was posted to.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "removal-date": {
+      "description": "When the facebook post was removed.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "url": {
+      "description": "Original URL of the facebook post, e.g. link shortener (potentially malicious).",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "user-id": {
+      "description": "Id of the account who posted.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "user-name": {
+      "description": "Display name of the account who posted.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "username": {
+      "description": "Username who posted the facebook post",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "username-quoted": {
+      "description": "Username who is quoted in the facebook post.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Post on a Facebook wall.",
+  "meta-category": "misc",
+  "name": "facebook-post",
+  "requiredOneOf": [
+    "post",
+    "post-id",
+    "archive",
+    "url",
+    "link",
+    "attachment"
+  ],
+  "uuid": "82c1fd90-85a1-4420-a315-d2a7cfae2f01",
+  "version": 1
+}

objects/facial-composite/definition.json

@@ -1,19 +1,16 @@
 {
-  "requiredOneOf": [
-    "facial-composite",
-    "text"
-  ],
   "attributes": {
-    "text": {
-      "description": "A description of the facial composite.",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text"
+    "facial-composite": {
+      "description": "Facial composite image.",
+      "misp-attribute": "attachment",
+      "multiple": true,
+      "ui-priority": 10
     },
     "technique": {
       "description": "Construction technique of the facial composite.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
+      "ui-priority": 0,
       "values_list": [
         "E-FIT",
         "PROfit",
@@ -21,19 +18,22 @@
         "Photofit",
         "EvoFIT",
         "PortraitPad"
-      ],
-      "disable_correlation": true
+      ]
     },
-    "facial-composite": {
-      "description": "Facial composite image.",
-      "ui-priority": 10,
-      "misp-attribute": "attachment",
-      "multiple": true
+    "text": {
+      "description": "A description of the facial composite.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
     }
   },
-  "version": 1,
   "description": "An object which describes a facial composite.",
   "meta-category": "misc",
+  "name": "facial-composite",
+  "requiredOneOf": [
+    "facial-composite",
+    "text"
+  ],
   "uuid": "d727bc27-d1b9-4754-972c-dea305bd5976",
-  "name": "facial-composite"
-}
+  "version": 1
+}

objects/fail2ban/definition.json

@@ -1,61 +1,61 @@
 {
+  "attributes": {
+    "attack-type": {
+      "description": "Type of the attack",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "banned-ip": {
+      "description": "IP Address banned by fail2ban",
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "failures": {
+      "description": "Amount of failures that lead to the ban.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "logfile": {
+      "description": "Full logfile related to the attack.",
+      "disable_correlation": true,
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "logline": {
+      "description": "Example log line that caused the ban.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "processing-timestamp": {
+      "description": "Timestamp of the report",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "sensor": {
+      "description": "Identifier of the sensor",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "victim": {
+      "description": "Identifier of the victim",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "Fail2ban event",
+  "meta-category": "network",
+  "name": "fail2ban",
   "required": [
     "banned-ip",
     "processing-timestamp",
     "attack-type"
   ],
-  "attributes": {
-    "banned-ip": {
-      "description": "IP Address banned by fail2ban",
-      "ui-priority": 1,
-      "misp-attribute": "ip-src"
-    },
-    "processing-timestamp": {
-      "description": "Timestamp of the report",
-      "ui-priority": 1,
-      "misp-attribute": "datetime",
-      "disable_correlation": true
-    },
-    "attack-type": {
-      "description": "Type of the attack",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "failures": {
-      "description": "Amount of failures that lead to the ban.",
-      "ui-priority": 1,
-      "misp-attribute": "counter",
-      "disable_correlation": true
-    },
-    "sensor": {
-      "description": "Identifier of the sensor",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "victim": {
-      "description": "Identifier of the victim",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "logline": {
-      "description": "Example log line that caused the ban.",
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "logfile": {
-      "description": "Full logfile related to the attack.",
-      "ui-priority": 1,
-      "misp-attribute": "attachment",
-      "disable_correlation": true
-    }
-  },
-  "version": 5,
-  "description": "Fail2ban event",
-  "meta-category": "network",
   "uuid": "8be2271-7326-41a5-a0dd-9b4bec88e1ba",
-  "name": "fail2ban"
-}
+  "version": 5
+}

objects/file/definition.json

@@ -1,185 +1,36 @@
 {
-  "requiredOneOf": [
-    "filename",
-    "size-in-bytes",
-    "authentihash",
-    "ssdeep",
-    "md5",
-    "sha1",
-    "sha224",
-    "sha256",
-    "sha384",
-    "sha512",
-    "sha512/224",
-    "sha512/256",
-    "tlsh",
-    "pattern-in-file",
-    "certificate",
-    "malware-sample",
-    "attachment",
-    "path",
-    "fullpath"
-  ],
   "attributes": {
-    "md5": {
-      "description": "[Insecure] MD5 hash (128 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "md5",
-      "recommended": false
-    },
-    "sha1": {
-      "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha1",
-      "recommended": false
-    },
-    "sha224": {
-      "description": "Secure Hash Algorithm 2 (224 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha224",
-      "recommended": false
-    },
-    "sha256": {
-      "description": "Secure Hash Algorithm 2 (256 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha256"
-    },
-    "sha384": {
-      "description": "Secure Hash Algorithm 2 (384 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha384",
-      "recommended": false
-    },
-    "sha512": {
-      "description": "Secure Hash Algorithm 2 (512 bits)",
-      "ui-priority": 1,
-      "misp-attribute": "sha512"
-    },
-    "sha512/224": {
-      "description": "Secure Hash Algorithm 2 (224 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha512/224",
-      "recommended": false
-    },
-    "sha512/256": {
-      "description": "Secure Hash Algorithm 2 (256 bits)",
-      "ui-priority": 0,
-      "misp-attribute": "sha512/256",
-      "recommended": false
-    },
-    "ssdeep": {
-      "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
-      "ui-priority": 0,
-      "misp-attribute": "ssdeep"
+    "attachment": {
+      "description": "A non-malicious file.",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
     },
     "authentihash": {
       "description": "Authenticode executable signature hash",
-      "ui-priority": 0,
       "misp-attribute": "authentihash",
-      "recommended": false
+      "recommended": false,
+      "ui-priority": 0
     },
-    "size-in-bytes": {
-      "description": "Size of the file, in bytes",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "size-in-bytes"
+    "certificate": {
+      "description": "Certificate value if the binary is signed with another authentication scheme than authenticode",
+      "misp-attribute": "x509-fingerprint-sha1",
+      "ui-priority": 0
+    },
+    "compilation-timestamp": {
+      "description": "Compilation timestamp",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
     },
     "entropy": {
       "description": "Entropy of the whole file",
       "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "float"
-    },
-    "pattern-in-file": {
-      "description": "Pattern that can be found in the file",
-      "categories": [
-        "Artifacts dropped",
-        "Payload installation",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "pattern-in-file",
-      "multiple": true
-    },
-    "text": {
-      "description": "Free text value to attach to the file",
-      "disable_correlation": true,
-      "ui-priority": 1,
-      "misp-attribute": "text",
-      "recommended": false
-    },
-    "malware-sample": {
-      "description": "The file itself (binary)",
-      "ui-priority": 1,
-      "misp-attribute": "malware-sample"
-    },
-    "attachment": {
-      "description": "A non-malicious file.",
-      "ui-priority": 1,
-      "misp-attribute": "attachment"
-    },
-    "filename": {
-      "description": "Filename on disk",
-      "disable_correlation": true,
-      "multiple": true,
-      "categories": [
-        "Payload delivery",
-        "Artifacts dropped",
-        "Payload installation",
-        "External analysis"
-      ],
-      "ui-priority": 1,
-      "misp-attribute": "filename"
-    },
-    "path": {
-      "description": "Path of the filename complete or partial",
-      "disable_correlation": true,
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "fullpath": {
-      "description": "Complete path of the filename including the filename",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "tlsh": {
-      "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
-      "ui-priority": 0,
-      "misp-attribute": "tlsh"
-    },
-    "certificate": {
-      "description": "Certificate value if the binary is signed with another authentication scheme than authenticode",
-      "ui-priority": 0,
-      "misp-attribute": "x509-fingerprint-sha1"
-    },
-    "mimetype": {
-      "description": "Mime type",
-      "disable_correlation": true,
-      "ui-priority": 0,
-      "misp-attribute": "mime-type"
-    },
-    "state": {
-      "misp-attribute": "text",
-      "ui-priority": 0,
-      "description": "State of the file",
-      "multiple": true,
-      "disable_correlation": true,
-      "values_list": [
-        "Malicious",
-        "Harmless",
-        "Signed",
-        "Revoked",
-        "Expired",
-        "Trusted"
-      ]
+      "misp-attribute": "float",
+      "ui-priority": 1
     },
     "file-encoding": {
-      "misp-attribute": "text",
-      "ui-priority": 0,
       "description": "Encoding format of the file",
       "disable_correlation": true,
+      "misp-attribute": "text",
       "sane_default": [
         "Adobe-Standard-Encoding",
         "Adobe-Symbol-Encoding",
@@ -439,17 +290,211 @@
         "windows-1258",
         "Windows-31J",
         "windows-874"
-      ]
+      ],
+      "ui-priority": 0
+    },
+    "filename": {
+      "categories": [
+        "Payload delivery",
+        "Artifacts dropped",
+        "Payload installation",
+        "External analysis"
+      ],
+      "description": "Filename on disk",
+      "disable_correlation": true,
+      "misp-attribute": "filename",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fullpath": {
+      "description": "Complete path of the filename including the filename",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
     },
     "imphash": {
-      "description": "Hash (md5) calculated from the import table",
+      "description": "Hash (md5) calculated from the PE import table",
+      "misp-attribute": "imphash",
+      "ui-priority": 0
+    },
+    "malware-sample": {
+      "description": "The file itself (binary)",
+      "misp-attribute": "malware-sample",
+      "ui-priority": 1
+    },
+    "md5": {
+      "description": "[Insecure] MD5 hash (128 bits)",
+      "misp-attribute": "md5",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "mimetype": {
+      "description": "Mime type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "ui-priority": 0
+    },
+    "path": {
+      "description": "Path of the filename complete or partial",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "pattern-in-file": {
+      "categories": [
+        "Artifacts dropped",
+        "Payload installation",
+        "External analysis"
+      ],
+      "description": "Pattern that can be found in the file",
+      "misp-attribute": "pattern-in-file",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "sha1": {
+      "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
+      "misp-attribute": "sha1",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "sha224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha256",
+      "ui-priority": 1
+    },
+    "sha3-224": {
+      "description": "Secure Hash Algorithm 3 (224 bits)",
+      "misp-attribute": "sha3-224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-256": {
+      "description": "Secure Hash Algorithm 3 (256 bits)",
+      "misp-attribute": "sha3-256",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-384": {
+      "description": "Secure Hash Algorithm 3 (384 bits)",
+      "misp-attribute": "sha3-384",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha3-512": {
+      "description": "Secure Hash Algorithm 3 (512 bits)",
+      "misp-attribute": "sha3-512",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha384": {
+      "description": "Secure Hash Algorithm 2 (384 bits)",
+      "misp-attribute": "sha384",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512": {
+      "description": "Secure Hash Algorithm 2 (512 bits)",
+      "misp-attribute": "sha512",
+      "ui-priority": 1
+    },
+    "sha512/224": {
+      "description": "Secure Hash Algorithm 2 (224 bits)",
+      "misp-attribute": "sha512/224",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "sha512/256": {
+      "description": "Secure Hash Algorithm 2 (256 bits)",
+      "misp-attribute": "sha512/256",
+      "recommended": false,
+      "ui-priority": 0
+    },
+    "size-in-bytes": {
+      "description": "Size of the file, in bytes",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 0
+    },
+    "ssdeep": {
+      "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
+      "misp-attribute": "ssdeep",
+      "ui-priority": 0
+    },
+    "state": {
+      "description": "State of the file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
       "ui-priority": 0,
-      "misp-attribute": "imphash"
+      "values_list": [
+        "Malicious",
+        "Harmless",
+        "Signed",
+        "Revoked",
+        "Expired",
+        "Trusted"
+      ]
+    },
+    "telfhash": {
+      "description": "telfhash - Symbol hash for ELF files.",
+      "misp-attribute": "telfhash",
+      "ui-priority": 0
+    },
+    "text": {
+      "description": "Free text value to attach to the file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "recommended": false,
+      "ui-priority": 1
+    },
+    "tlsh": {
+      "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
+      "misp-attribute": "tlsh",
+      "ui-priority": 0
+    },
+    "vhash": {
+      "description": "vhash by VirusTotal",
+      "misp-attribute": "vhash",
+      "ui-priority": 0
     }
   },
-  "version": 18,
   "description": "File object describing a file with meta-information",
   "meta-category": "file",
+  "name": "file",
+  "requiredOneOf": [
+    "filename",
+    "size-in-bytes",
+    "authentihash",
+    "ssdeep",
+    "md5",
+    "sha1",
+    "sha224",
+    "sha256",
+    "sha384",
+    "sha512",
+    "sha512/224",
+    "sha512/256",
+    "sha3-224",
+    "sha3-256",
+    "sha3-384",
+    "sha3-512",
+    "tlsh",
+    "telfhash",
+    "imphash",
+    "pattern-in-file",
+    "certificate",
+    "malware-sample",
+    "attachment",
+    "path",
+    "fullpath"
+  ],
   "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
-  "name": "file"
-}
+  "version": 23
+}

objects/forensic-case/definition.json

@@ -1,47 +1,47 @@
 {
-  "requiredOneOf": [
-    "case-number"
-  ],
   "attributes": {
-    "case-number": {
-      "description": "Any unique number assigned to the case for unique identification.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "case-name": {
-      "description": "Name to address the case.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "name-of-the-analyst": {
-      "description": "Name(s) of the analyst assigned to the case.",
-      "multiple": true,
-      "ui-priority": 0,
+    "additional-comments": {
+      "description": "Comments.",
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "disable_correlation": true
-    },
-    "references": {
-      "description": "External references",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "link"
+      "ui-priority": 0
     },
     "analysis-start-date": {
       "description": "Date when the analysis began.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "datetime",
-      "disable_correlation": true
+      "ui-priority": 0
     },
-    "additional-comments": {
-      "description": "Comments.",
-      "ui-priority": 0,
+    "case-name": {
+      "description": "Name to address the case.",
       "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
+    },
+    "case-number": {
+      "description": "Any unique number assigned to the case for unique identification.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "name-of-the-analyst": {
+      "description": "Name(s) of the analyst assigned to the case.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "External references",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
     }
   },
-  "version": 1,
   "description": "An object template to describe a digital forensic case.",
   "meta-category": "misc",
+  "name": "forensic-case",
+  "requiredOneOf": [
+    "case-number"
+  ],
   "uuid": "3ea36022-ae93-455e-88b1-d43aca789cac",
-  "name": "forensic-case"
-}
+  "version": 1
+}

objects/forensic-evidence/definition.json

@@ -1,43 +1,8 @@
 {
-  "required": [
-    "case-number",
-    "evidence-number"
-  ],
   "attributes": {
-    "case-number": {
-      "description": "A unique number assigned to the case for unique identification.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "evidence-number": {
-      "description": "A unique number assigned to the evidence for unique identification.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
-    "type": {
-      "description": "Evidence type.",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "text",
-      "sane_default": [
-        "Computer",
-        "Network",
-        "Mobile Device",
-        "Multimedia",
-        "Cloud",
-        "IoT",
-        "Other"
-      ],
-      "disable_correlation": true
-    },
-    "name": {
-      "description": "Name of the evidence acquired.",
-      "ui-priority": 0,
-      "misp-attribute": "text"
-    },
     "acquisition-method": {
       "description": "Method used for acquisition of the evidence.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
       "sane_default": [
         "Live acquisition",
@@ -48,11 +13,11 @@
         "Chip-off",
         "Other"
       ],
-      "disable_correlation": true
+      "ui-priority": 0
     },
     "acquisition-tools": {
       "description": "Tools used for acquisition of the evidence.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
       "multiple": true,
       "sane_default": [
@@ -67,24 +32,59 @@
         "IXimager",
         "Other"
       ],
-      "disable_correlation": true
-    },
-    "references": {
-      "description": "External references",
-      "multiple": true,
-      "ui-priority": 0,
-      "misp-attribute": "link"
+      "ui-priority": 0
     },
     "additional-comments": {
       "description": "Comments.",
-      "ui-priority": 0,
+      "disable_correlation": true,
       "misp-attribute": "text",
-      "disable_correlation": true
+      "ui-priority": 0
+    },
+    "case-number": {
+      "description": "A unique number assigned to the case for unique identification.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "evidence-number": {
+      "description": "A unique number assigned to the evidence for unique identification.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name of the evidence acquired.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "External references",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Evidence type.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "Computer",
+        "Network",
+        "Mobile Device",
+        "Multimedia",
+        "Cloud",
+        "IoT",
+        "Other"
+      ],
+      "ui-priority": 0
     }
   },
-  "version": 2,
   "description": "An object template to describe a digital forensic evidence.",
   "meta-category": "misc",
+  "name": "forensic-evidence",
+  "required": [
+    "case-number",
+    "evidence-number"
+  ],
   "uuid": "fe44c648-63ef-43fc-b3de-af71a2e023e4",
-  "name": "forensic-evidence"
-}
+  "version": 2
+}

objects/forged-document/definition.json

@@ -0,0 +1,109 @@
+{
+  "attributes": {
+    "archive": {
+      "description": "Archive of the original document (Internet Archive, Archive.is, etc).",
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "attachment": {
+      "description": "The forged document file.",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "document-name": {
+      "description": "Title of the document.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "document-text": {
+      "description": "Raw text of document",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "document-type": {
+      "description": "The type of document (not the file type).",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "email",
+        "letterhead",
+        "speech",
+        "literature",
+        "blog",
+        "microblog",
+        "photo",
+        "audio",
+        "invoice",
+        "receipt",
+        "other"
+      ],
+      "ui-priority": 1
+    },
+    "first-seen": {
+      "description": "When the document has been accessible or seen for the first time.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "last-seen": {
+      "description": "When the document has been accessible or seen for the last time.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "link": {
+      "description": "Original link into the document (Supposed harmless)",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "objective": {
+      "description": "Objective of the forged document.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "Disinformation",
+        "Advertising",
+        "Parody",
+        "Other"
+      ],
+      "ui-priority": 1
+    },
+    "purpose-of-document": {
+      "description": "What the document is used for.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "Identification",
+        "Travel",
+        "Health",
+        "Legal",
+        "Financial",
+        "Government",
+        "Military",
+        "Media",
+        "Communication",
+        "Other"
+      ],
+      "ui-priority": 1
+    },
+    "url": {
+      "description": "Original URL location of the document (potentially malicious)",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    }
+  },
+  "description": "Object describing a forged document.",
+  "meta-category": "file",
+  "name": "forged-document",
+  "requiredOneOf": [
+    "document-name",
+    "attachment",
+    "document-text"
+  ],
+  "uuid": "7e927620-b97c-4b00-98c0-8c0184d83d21",
+  "version": 7
+}

objects/ftm-Airplane/definition.json

@@ -0,0 +1,250 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "buildDate": {
+      "description": "Build Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "icaoCode": {
+      "description": "ICAO aircraft type designator",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "manufacturer": {
+      "description": "Manufacturer",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "model": {
+      "description": "Model",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationDate": {
+      "description": "Registration Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Registration Number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "serialNumber": {
+      "description": "Serial Number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Airplane",
+  "required": [
+    "name"
+  ],
+  "uuid": "ea720b4a-8849-44a5-a150-eab87b86de2c",
+  "version": 1
+}

objects/ftm-Assessment/definition.json

@@ -0,0 +1,180 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "assessmentId": {
+      "description": "Assessment ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishDate": {
+      "description": "Date of publishing",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Assessment",
+  "required": [
+    "name"
+  ],
+  "uuid": "25330bcb-d629-4d81-bbb9-51cead65175d",
+  "version": 1
+}

objects/ftm-Asset/definition.json

@@ -0,0 +1,194 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Asset",
+  "required": [
+    "name"
+  ],
+  "uuid": "ece6a00c-2f42-4186-bc96-5254aec002a7",
+  "version": 1
+}

objects/ftm-Associate/definition.json

@@ -0,0 +1,107 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "relationship": {
+      "description": "Nature of the association",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Non-family association between two people",
+  "meta-category": "followthemoney",
+  "name": "ftm-Associate",
+  "uuid": "6119ecb3-dedd-44b6-b88f-174585b0b1bf",
+  "version": 1
+}

objects/ftm-Audio/definition.json

@@ -0,0 +1,369 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "duration": {
+      "description": "Duration of the audio in ms",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "samplingRate": {
+      "description": "Sampling rate of the audio in Hz",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Audio",
+  "required": [
+    "name"
+  ],
+  "uuid": "92acc7f9-cb98-4b60-93c0-06be77843968",
+  "version": 1
+}

objects/ftm-BankAccount/definition.json

@@ -0,0 +1,243 @@
+{
+  "attributes": {
+    "accountNumber": {
+      "description": "Account Number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "accountType": {
+      "description": "Account Type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "balance": {
+      "description": "Balance",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bankAddress": {
+      "description": "Bank Address",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bankName": {
+      "description": "Bank Name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "bic": {
+      "description": "Bank Identifier Code",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "iban": {
+      "description": "IBAN",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-BankAccount",
+  "required": [
+    "name"
+  ],
+  "uuid": "c51ed099-a628-46ee-ad8f-ffed866b6b8d",
+  "version": 1
+}

objects/ftm-Call/definition.json

@@ -0,0 +1,121 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "callerNumber": {
+      "description": "Caller's Number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "duration": {
+      "description": "Call Duration in seconds",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "receiverNumber": {
+      "description": "Receiver's Number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Call",
+  "uuid": "4ad4661a-59bb-4171-a47b-18d9e7b6d6d7",
+  "version": 1
+}

objects/ftm-Company/definition.json

@@ -0,0 +1,488 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bikCode": {
+      "description": "Russian bank account code",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bvdId": {
+      "description": "Bureau van Dijk ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "caemCode": {
+      "description": "(RO) What kind of activity a legal entity is allowed to develop",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "capital": {
+      "description": "Capital",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cikCode": {
+      "description": "US SEC Central Index Key",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "coatoCode": {
+      "description": "COATO / SOATO / OKATO",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dissolutionDate": {
+      "description": "The date the legal entity was dissolved, if applicable",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dunsCode": {
+      "description": "Dun & Bradstreet identifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "email": {
+      "description": "Email address",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fnsCode": {
+      "description": "(RU, ФНС) Federal Tax Service related info",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fssCode": {
+      "description": "(RU, ФСС) Social Security",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibcRuc": {
+      "description": "ibcRUC",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "icijId": {
+      "description": "ID according to International Consortium for Investigative Journalists",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "idNumber": {
+      "description": "ID number of any applicable ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "incorporationDate": {
+      "description": "The date the legal entity was incorporated",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "innCode": {
+      "description": "Russian company ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipoCode": {
+      "description": "IPO",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "irsCode": {
+      "description": "US tax ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "jibCode": {
+      "description": "Yugoslavia company ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "jurisdiction": {
+      "description": "Jurisdiction",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "kppCode": {
+      "description": "(RU, КПП) in addition to INN for orgs; reason for registration at FNS",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "legalForm": {
+      "description": "Legal form",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "mainCountry": {
+      "description": "Primary country of this entity",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mbsCode": {
+      "description": "MBS",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ogrnCode": {
+      "description": "Major State Registration Number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okopfCode": {
+      "description": "(RU, ОКОПФ) What kind of business entity",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okpoCode": {
+      "description": "Russian industry classifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "oksmCode": {
+      "description": "Russian (ОКСМ) countries classifer",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okvedCode": {
+      "description": "(RU, ОКВЭД) Economical activity classifier. OKVED2 is the same but newer",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "opencorporatesUrl": {
+      "description": "OpenCorporates URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "pfrNumber": {
+      "description": "(RU, ПФР) Pension Fund Registration number. AAA-BBB-CCCCCC, where AAA is organisation region, BBB is district, CCCCCC number at a specific branch",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phone": {
+      "description": "Phone number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Registration number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sector": {
+      "description": "Sector",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "swiftBic": {
+      "description": "Bank identifier code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxNumber": {
+      "description": "Tax identification number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxStatus": {
+      "description": "Tax status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vatCode": {
+      "description": "(EU) VAT number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "voenCode": {
+      "description": "Azerbaijan taxpayer ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "website": {
+      "description": "Website address",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Company",
+  "required": [
+    "name"
+  ],
+  "uuid": "b6da52a4-2290-47ad-b316-d31dc3274382",
+  "version": 1
+}

objects/ftm-Contract/definition.json

@@ -0,0 +1,285 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cancelled": {
+      "description": "Cancelled?",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contractDate": {
+      "description": "Contract date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "criteria": {
+      "description": "Contract award criteria",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "method": {
+      "description": "Procurement method",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Contract name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "noticeId": {
+      "description": "Contract Award Notice ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "numberAwards": {
+      "description": "Number of awards",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "procedure": {
+      "description": "Contract procedure",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "procedureNumber": {
+      "description": "Procedure number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Procurement status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Contract title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Type of contract. Potentially W (Works), U (Supplies), S (Services).\n",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "An contract or contract lot issued by an authority. Multiple lots may be awarded to different suppliers (see ContractAward).\n",
+  "meta-category": "followthemoney",
+  "name": "ftm-Contract",
+  "required": [
+    "name"
+  ],
+  "uuid": "8bd6b969-ea49-4252-8b03-777dd16598e1",
+  "version": 1
+}

objects/ftm-ContractAward/definition.json

@@ -0,0 +1,191 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amended": {
+      "description": "Was this award amended, modified or updated by a subsequent document?",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cpvCode": {
+      "description": "Contract Procurement Vocabulary (what type of goods/services, EU)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "decisionReason": {
+      "description": "Decision reason",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "documentNumber": {
+      "description": "Document number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "documentType": {
+      "description": "Document type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "lotNumber": {
+      "description": "Lot number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "nutsCode": {
+      "description": "Nomencalture of Territorial Units for Statistics (NUTS)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A contract or contract lot as awarded to a supplier.",
+  "meta-category": "followthemoney",
+  "name": "ftm-ContractAward",
+  "uuid": "d4857edf-a2c3-479b-bc0a-ef17ec98d0b7",
+  "version": 1
+}

objects/ftm-CourtCase/definition.json

@@ -0,0 +1,215 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "caseNumber": {
+      "description": "Case number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "category": {
+      "description": "Category",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "closeDate": {
+      "description": "Close date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "court": {
+      "description": "Court",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileDate": {
+      "description": "File date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-CourtCase",
+  "required": [
+    "name"
+  ],
+  "uuid": "daa2375c-dc92-42c7-80c0-392500c69771",
+  "version": 1
+}

objects/ftm-CourtCaseParty/definition.json

@@ -0,0 +1,114 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-CourtCaseParty",
+  "uuid": "9f00c22f-348b-48a9-996b-3ba30de851fe",
+  "version": 1
+}

objects/ftm-Debt/definition.json

@@ -0,0 +1,128 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A monetary debt between two parties.",
+  "meta-category": "followthemoney",
+  "name": "ftm-Debt",
+  "uuid": "7f878885-1ebf-48ee-961a-5ded0f63d593",
+  "version": 1
+}

objects/ftm-Directorship/definition.json

@@ -0,0 +1,121 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "secretary": {
+      "description": "Secretary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Directorship",
+  "uuid": "9d9b0af9-9c8c-42c4-8210-388dc3824239",
+  "version": 1
+}

objects/ftm-Document/definition.json

@@ -0,0 +1,355 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Document",
+  "required": [
+    "name"
+  ],
+  "uuid": "63315c33-2ed0-46dd-8345-9f5f6a80942a",
+  "version": 1
+}

objects/ftm-Documentation/definition.json

@@ -0,0 +1,114 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Documentation",
+  "uuid": "a5a0c1dd-4438-4520-875d-1e7cf4bcda7d",
+  "version": 1
+}

objects/ftm-EconomicActivity/definition.json

@@ -0,0 +1,198 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ccdNumber": {
+      "description": "Customs Cargo Declaration Number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ccdValue": {
+      "description": "Declaration Value",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "customsAmount": {
+      "description": "Customs Value of goods",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "customsProcedure": {
+      "description": "Customs Procedure — type of customs clearance",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "departureCountry": {
+      "description": "Country out of which the goods are transported",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "destinationCountry": {
+      "description": "Final destination for the goods",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "directionOfTransportation": {
+      "description": "Direction of transportation (import/export)",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dollarExchRate": {
+      "description": "USD Exchange Rate for the activity",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "goodsDescription": {
+      "description": "Description of goods",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "invoiceAmount": {
+      "description": "Invoice Value of goods",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "originCountry": {
+      "description": "Country of origin of goods",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "tradingCountry": {
+      "description": "Trading Country of the company which transports the goods via Russian border",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vedCode": {
+      "description": "(Код ТН ВЭД) Foreign Economic Activity Commodity Code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vedCodeDescription": {
+      "description": "(Описание кода ТН ВЭД) Foreign Economic Activity Commodity Code description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A foreign economic activity",
+  "meta-category": "followthemoney",
+  "name": "ftm-EconomicActivity",
+  "uuid": "ab680ac3-7f3f-4282-883c-d3920c63c8b2",
+  "version": 1
+}

objects/ftm-Email/definition.json

@@ -0,0 +1,433 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bcc": {
+      "description": "Blind carbon copy",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyHtml": {
+      "description": "HTML",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyText": {
+      "description": "Text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cc": {
+      "description": "Carbon copy",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "from": {
+      "description": "From",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "headers": {
+      "description": "Raw headers",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "inReplyTo": {
+      "description": "Message ID of the preceding email in the thread",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sender": {
+      "description": "Sender",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "subject": {
+      "description": "Subject",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "threadTopic": {
+      "description": "Thread topic",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "to": {
+      "description": "To",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Email",
+  "required": [
+    "name",
+    "fileName"
+  ],
+  "uuid": "2bafc93f-b99d-4f64-aa74-3252d4ac6030",
+  "version": 3
+}

objects/ftm-Event/definition.json

@@ -0,0 +1,278 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "important": {
+      "description": "Important",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "location": {
+      "description": "Location",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Event",
+  "required": [
+    "name"
+  ],
+  "uuid": "0f0a252f-a425-46c0-a46a-dabd632d6b59",
+  "version": 1
+}

objects/ftm-Family/definition.json

@@ -0,0 +1,107 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "relationship": {
+      "description": "Nature of the relationship, from the person's perspective eg. 'mother', where 'relative' is mother of 'person'.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Family relationship between two people",
+  "meta-category": "followthemoney",
+  "name": "ftm-Family",
+  "uuid": "d81db1ac-7479-4689-8f3e-ad2c8c2b272f",
+  "version": 1
+}

objects/ftm-Folder/definition.json

@@ -0,0 +1,355 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Folder",
+  "required": [
+    "name"
+  ],
+  "uuid": "85e30566-976d-4740-a397-40dda018b37c",
+  "version": 1
+}

objects/ftm-HyperText/definition.json

@@ -0,0 +1,369 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyHtml": {
+      "description": "HTML",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyText": {
+      "description": "Text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-HyperText",
+  "required": [
+    "name"
+  ],
+  "uuid": "be7be26f-c256-4381-939c-dd6eb2675153",
+  "version": 1
+}

objects/ftm-Image/definition.json

@@ -0,0 +1,362 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyText": {
+      "description": "Text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Image",
+  "required": [
+    "name"
+  ],
+  "uuid": "50a6a504-c4cc-4905-8628-9e9418f2d325",
+  "version": 1
+}

objects/ftm-Land/definition.json

@@ -0,0 +1,278 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "area": {
+      "description": "Area",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cadastralCode": {
+      "description": "Cadastral code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "censusBlock": {
+      "description": "Census block",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "createDate": {
+      "description": "Record date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encumbrance": {
+      "description": "An encumbrance is a right to, interest in, or legal liability on real property that does not prohibit passing title to the property but that diminishes its value.\n",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "landType": {
+      "description": "Land type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "latitude": {
+      "description": "Latitude",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "longitude": {
+      "description": "Longitude",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "propertyType": {
+      "description": "Property type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Registration number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "tenure": {
+      "description": "Tenure",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "titleNumber": {
+      "description": "Title number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Land",
+  "required": [
+    "name"
+  ],
+  "uuid": "83fb4991-ce04-49d7-97c8-448e867c7f02",
+  "version": 1
+}

objects/ftm-LegalEntity/definition.json

@@ -0,0 +1,327 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bvdId": {
+      "description": "Bureau van Dijk ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dissolutionDate": {
+      "description": "The date the legal entity was dissolved, if applicable",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dunsCode": {
+      "description": "Dun & Bradstreet identifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "email": {
+      "description": "Email address",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "icijId": {
+      "description": "ID according to International Consortium for Investigative Journalists",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "idNumber": {
+      "description": "ID number of any applicable ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "incorporationDate": {
+      "description": "The date the legal entity was incorporated",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "innCode": {
+      "description": "Russian company ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "jurisdiction": {
+      "description": "Country or region in which this entity operates",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "legalForm": {
+      "description": "Legal form",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "mainCountry": {
+      "description": "Primary country of this entity",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okpoCode": {
+      "description": "Russian industry classifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "opencorporatesUrl": {
+      "description": "OpenCorporates URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phone": {
+      "description": "Phone number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Company registration number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sector": {
+      "description": "Sector",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "swiftBic": {
+      "description": "Bank identifier code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxNumber": {
+      "description": "Tax identification number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxStatus": {
+      "description": "Tax status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vatCode": {
+      "description": "(EU) VAT number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "website": {
+      "description": "Website address",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A legal entity may be a person or a company.",
+  "meta-category": "followthemoney",
+  "name": "ftm-LegalEntity",
+  "required": [
+    "name"
+  ],
+  "uuid": "53ff8f46-3cd7-4968-86d2-1faaea02f3a3",
+  "version": 1
+}

objects/ftm-License/definition.json

@@ -0,0 +1,306 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "area": {
+      "description": "Area",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "cancelled": {
+      "description": "Cancelled?",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "commodities": {
+      "description": "Commodities",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "contractDate": {
+      "description": "Contract date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "criteria": {
+      "description": "Contract award criteria",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "method": {
+      "description": "Procurement method",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Contract name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "noticeId": {
+      "description": "Contract Award Notice ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "numberAwards": {
+      "description": "Number of awards",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "procedure": {
+      "description": "Contract procedure",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "procedureNumber": {
+      "description": "Procedure number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "reviewDate": {
+      "description": "License review date",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Procurement status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Contract title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Type of contract. Potentially W (Works), U (Supplies), S (Services).\n",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A grant of land, rights or property. A type of Contract",
+  "meta-category": "followthemoney",
+  "name": "ftm-License",
+  "required": [
+    "name"
+  ],
+  "uuid": "4629cf5c-60ee-4292-837a-f48874633c29",
+  "version": 1
+}

objects/ftm-Membership/definition.json

@@ -0,0 +1,114 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Membership",
+  "uuid": "42dbbf3a-8c60-483c-a395-44aaaefc77d1",
+  "version": 1
+}

objects/ftm-Message/definition.json

@@ -0,0 +1,419 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyHtml": {
+      "description": "HTML",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bodyText": {
+      "description": "Text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "inReplyTo": {
+      "description": "Message ID of the preceding message in the thread",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "metadata": {
+      "description": "Metadata",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "subject": {
+      "description": "Subject",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "threadTopic": {
+      "description": "Thread topic",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Message",
+  "required": [
+    "name",
+    "fileName"
+  ],
+  "uuid": "d3b31288-5b6f-4d87-a074-95e6f165af6e",
+  "version": 3
+}

objects/ftm-Organization/definition.json

@@ -0,0 +1,327 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bvdId": {
+      "description": "Bureau van Dijk ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dissolutionDate": {
+      "description": "The date the legal entity was dissolved, if applicable",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dunsCode": {
+      "description": "Dun & Bradstreet identifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "email": {
+      "description": "Email address",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "icijId": {
+      "description": "ID according to International Consortium for Investigative Journalists",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "idNumber": {
+      "description": "ID number of any applicable ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "incorporationDate": {
+      "description": "The date the legal entity was incorporated",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "innCode": {
+      "description": "Russian company ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "jurisdiction": {
+      "description": "Country or region in which this entity operates",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "legalForm": {
+      "description": "Legal form",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "mainCountry": {
+      "description": "Primary country of this entity",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okpoCode": {
+      "description": "Russian industry classifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "opencorporatesUrl": {
+      "description": "OpenCorporates URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phone": {
+      "description": "Phone number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Company registration number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sector": {
+      "description": "Sector",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "swiftBic": {
+      "description": "Bank identifier code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxNumber": {
+      "description": "Tax identification number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxStatus": {
+      "description": "Tax status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vatCode": {
+      "description": "(EU) VAT number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "website": {
+      "description": "Website address",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Organization",
+  "required": [
+    "name"
+  ],
+  "uuid": "45678a45-5ac2-4fef-9bbd-bfb947463166",
+  "version": 1
+}

objects/ftm-Ownership/definition.json

@@ -0,0 +1,163 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "legalBasis": {
+      "description": "Legal basis",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ownershipType": {
+      "description": "Type of ownership",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "percentage": {
+      "description": "Percentage held",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "role": {
+      "description": "Role",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sharesCount": {
+      "description": "Number of shares",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sharesCurrency": {
+      "description": "Currency of shares",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sharesType": {
+      "description": "Type of shares",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sharesValue": {
+      "description": "Value of shares",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Ownership",
+  "uuid": "2a09b445-c638-40e1-8f52-b95c9156f4d8",
+  "version": 1
+}

objects/ftm-Package/definition.json

@@ -0,0 +1,355 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Package",
+  "required": [
+    "name"
+  ],
+  "uuid": "f9f13fd9-797c-4e2e-aa17-0ca4a0a60f5c",
+  "version": 1
+}

objects/ftm-Page/definition.json

@@ -0,0 +1,37 @@
+{
+  "attributes": {
+    "bodyText": {
+      "description": "Text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Auto-detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "index": {
+      "description": "Index",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Page",
+  "uuid": "2d9d7605-5105-445e-9ee8-9e39ad34c5c9",
+  "version": 1
+}

objects/ftm-Pages/definition.json

@@ -0,0 +1,362 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "author": {
+      "description": "The original author, not the uploader",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authoredAt": {
+      "description": "Authored on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "companiesMentioned": {
+      "description": "Detected companies",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "contentHash": {
+      "description": "SHA1 hash of the data",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "crawler": {
+      "description": "The crawler used to acquire this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "If not otherwise specified",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedCountry": {
+      "description": "Detected country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "detectedLanguage": {
+      "description": "Detected language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "emailMentioned": {
+      "description": "Detected e-mail addresses",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "encoding": {
+      "description": "File encoding",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "extension": {
+      "description": "File extension",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fileName": {
+      "description": "File name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "fileSize": {
+      "description": "File size",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "generator": {
+      "description": "The program used to generate this file",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ibanMentioned": {
+      "description": "Detected IBANs",
+      "disable_correlation": false,
+      "misp-attribute": "iban",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ipMentioned": {
+      "description": "Detected IP addresses",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "language": {
+      "description": "Language",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "locationMentioned": {
+      "description": "Detected locations",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "messageId": {
+      "description": "Message ID of a document; unique in most cases",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mimeType": {
+      "description": "MIME type",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "namesMentioned": {
+      "description": "Detected names",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "pdfHash": {
+      "description": "PDF alternative version checksum",
+      "disable_correlation": false,
+      "misp-attribute": "sha1",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "peopleMentioned": {
+      "description": "Detected people",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phoneMentioned": {
+      "description": "Detected phones",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingError": {
+      "description": "Processing error",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "processingStatus": {
+      "description": "Processing status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publishedAt": {
+      "description": "Published on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "",
+  "meta-category": "followthemoney",
+  "name": "ftm-Pages",
+  "required": [
+    "name"
+  ],
+  "uuid": "8e567eab-d893-4a38-9dd9-73442f15ede7",
+  "version": 1
+}

objects/ftm-Passport/definition.json

@@ -0,0 +1,170 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "authority": {
+      "description": "Authority",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "birthDate": {
+      "description": "Date of birth",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "birthPlace": {
+      "description": "Place of birth",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "gender": {
+      "description": "Gender",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "givenName": {
+      "description": "Given name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "passportNumber": {
+      "description": "Passport number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "personalNumber": {
+      "description": "Personal number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "surname": {
+      "description": "Surname",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Document type",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    }
+  },
+  "description": "Passport",
+  "meta-category": "followthemoney",
+  "name": "ftm-Passport",
+  "uuid": "d3c9ae6a-46bf-4cb7-81c9-bc7b88f8a6e1",
+  "version": 1
+}

objects/ftm-Payment/definition.json

@@ -0,0 +1,156 @@
+{
+  "attributes": {
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amount": {
+      "description": "Amount",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountEur": {
+      "description": "Amount in EUR",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "amountUsd": {
+      "description": "Amount in USD",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "currency": {
+      "description": "Currency",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "date": {
+      "description": "Date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "endDate": {
+      "description": "End date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "programme": {
+      "description": "Programme name, funding code, category identifier, etc.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "purpose": {
+      "description": "Payment purpose",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "recordId": {
+      "description": "Record ID",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sequenceNumber": {
+      "description": "Sequence number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "startDate": {
+      "description": "Start date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "transactionNumber": {
+      "description": "Transaction number",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A monetary payment between two parties.",
+  "meta-category": "followthemoney",
+  "name": "ftm-Payment",
+  "uuid": "f4644f96-64f6-465a-be37-62bca315f791",
+  "version": 1
+}

objects/ftm-Person/definition.json

@@ -0,0 +1,425 @@
+{
+  "attributes": {
+    "address": {
+      "description": "Address",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alephUrl": {
+      "description": "Aleph URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "alias": {
+      "description": "Other name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "birthDate": {
+      "description": "Birth date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "birthPlace": {
+      "description": "Place of birth",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "bvdId": {
+      "description": "Bureau van Dijk ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "classification": {
+      "description": "Classification",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "country": {
+      "description": "Country",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "deathDate": {
+      "description": "Death date",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Description",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dissolutionDate": {
+      "description": "The date the legal entity was dissolved, if applicable",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "dunsCode": {
+      "description": "Dun & Bradstreet identifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "email": {
+      "description": "Email address",
+      "disable_correlation": false,
+      "misp-attribute": "email-src",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "fatherName": {
+      "description": "Patronymic",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "firstName": {
+      "description": "First name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "gender": {
+      "description": "Gender",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "icijId": {
+      "description": "ID according to International Consortium for Investigative Journalists",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "idNumber": {
+      "description": "ID number of any applicable ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "incorporationDate": {
+      "description": "The date the legal entity was incorporated",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexText": {
+      "description": "Index text",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "indexUpdatedAt": {
+      "description": "Index updated at",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "innCode": {
+      "description": "Russian company ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "jurisdiction": {
+      "description": "Country or region in which this entity operates",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "keywords": {
+      "description": "Keywords",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "lastName": {
+      "description": "Last name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "legalForm": {
+      "description": "Legal form",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "mainCountry": {
+      "description": "Primary country of this entity",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "middleName": {
+      "description": "Middle name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "modifiedAt": {
+      "description": "Modified on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "motherName": {
+      "description": "Matronymic",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "nationality": {
+      "description": "Nationality",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "notes": {
+      "description": "Notes",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "okpoCode": {
+      "description": "Russian industry classifier",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "opencorporatesUrl": {
+      "description": "OpenCorporates URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "passportNumber": {
+      "description": "Passport",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "phone": {
+      "description": "Phone number",
+      "disable_correlation": false,
+      "misp-attribute": "phone-number",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "position": {
+      "description": "Position",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "previousName": {
+      "description": "Previous name",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "program": {
+      "description": "Program",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisher": {
+      "description": "Publishing source",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "publisherUrl": {
+      "description": "Publishing source URL",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "registrationNumber": {
+      "description": "Company registration number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "retrievedAt": {
+      "description": "Retrieved on",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "secondName": {
+      "description": "Second name",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sector": {
+      "description": "Sector",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "sourceUrl": {
+      "description": "Source link",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "swiftBic": {
+      "description": "Bank identifier code",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxNumber": {
+      "description": "Tax identification number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "taxStatus": {
+      "description": "Tax status",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "title": {
+      "description": "Title",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "topics": {
+      "description": "Topics",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "vatCode": {
+      "description": "(EU) VAT number",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "weakAlias": {
+      "description": "Weak alias",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "website": {
+      "description": "Website address",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikidataId": {
+      "description": "Wikidata ID",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "wikipediaUrl": {
+      "description": "Wikipedia Article",
+      "disable_correlation": false,
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "An individual",
+  "meta-category": "followthemoney",
+  "name": "ftm-Person",
+  "required": [
+    "name"
+  ],
+  "uuid": "070e1c5b-7f5a-4322-81ff-9d684172fe36",
+  "version": 1
+}