MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Add: regripper objects for system hive

pull/118/head
aksha 2018-09-30 21:35:38 +01:00
parent 58ab539825
commit 58f39ff62d
4 changed files with 302 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
objects/regripper-system-hive-firewall-configuration/definition.json Normal file
View File

@ -0,0 +1,42 @@
{
"required": [
"profile"
],
"attributes": {
"profile": {
"description": "Firewall Profile type",
"ui-priority": 0,
"sane-default":[
"Domain Profile",
"Standard Profile"
],
"misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the firewall profile policy was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
},
"disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": ""
}
},
"version": 1,
"description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.",
"meta-category": "misc",
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"name": "regripper-system-hive-firewall-configuration"
}

73
objects/regripper-system-hive-general-configuration/definition.json Normal file
View File

@ -0,0 +1,73 @@
{
"required": [
"computer-name"
],
"attributes": {
"computer-name": {
"description": "name of the computer under analysis",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"shutdown-time": {
"description": "Date and time when the system was shutdown.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0,
"misp-attribute": "text"
},
"timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text"
},
"timezone-standard-date": {
"description": "Standard date - non daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0,
"misp-attribute": "text"
},
"timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text"
},
"timezone-daylight-date": {
"description": "Daylight date - daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0,
"misp-attribute": "text"
},
"fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0,
"misp-attribute": "boolean"
}
},
"version": 1,
"description": "Regripper Object template designed to present general system properties extracted from the system-hive.",
"meta-category": "misc",
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"name": "regripper-system-hive-general-configuration"
}

93
objects/regripper-system-hive-network-information/definition.json Normal file
View File

@ -0,0 +1,93 @@
{
"required": [
"network-key"
],
"attributes": {
"network-key": {
"description": "Registry key assigned to the network",
"ui-priority": 0,
"misp-attribute": "text"
},
"network-key-last-write-time": {
"description": "Date and time when the network key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"network-key-path": {
"description": "Path of the key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
},
"TCPIP-key": {
"description": "TCPIP key",
"ui-priority": 0,
"misp-attribute": "text"
},
"TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"DHCP-domain": {
"description": "Name of the DHCP domain service",
"ui-priority": 0,
"misp-attribute": "text"
},
"DHCP-IP-address": {
"description": "DHCP service - IP address",
"ui-priority": 0,
"misp-attribute": "ip-dist"
},
"DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
},
"DHCP-name-server": {
"description": "DHCP Name server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
},
"DHCP-server": {
"description": "DHCP server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
},
"interface-GUID": {
"description": "GUID value assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text"
},
"interface-last-write-time": {
"description": "Last date and time when the interface key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"interface-name": {
"description": "Name of the interface.",
"ui-priority": 0,
"misp-attribute": "text"
},
"interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text"
},
"interface-MediaSubType": {
"description": "",
"ui-priority": 0,
"misp-attribute": "number"
},
"interface-IPcheckingEnabled": {
"description": "",
"ui-priority": 0,
"misp-attribute": "boolean"
}
},
"version": 1,
"description": "Regripper object template designed to gather network information from the system-hive.",
"meta-category": "misc",
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"name": "regripper-system-hive-network-information."
}

94
objects/regripper-system-hive-service-drivers/definition.json Normal file
View File

@ -0,0 +1,94 @@
{
"required": [
"name"
],
"attributes": {
"name": {
"description": "name of the key",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"display": {
"description": "Display name/information of the service or the driver.",
"ui-priority": 0,
"misp-attribute": "text"
},
"image-path": {
"description": "Path of the service/drive",
"ui-priority": 0,
"misp-attribute": "text"
},
"type": {
"description": "Service/driver type.",
"ui-priority": 0,
"sane_default": [
"Kernel driver",
"File system driver",
"Own process",
"Share process",
"Interactive",
"Other"
],
"misp-attribute": "text"
},
"start": {
"description": "When the service/driver starts or executes.",
"ui-priority": 0,
"sane_default":[
"Boot start",
"System start",
"Auto start",
"Manual",
"Disabled"
],
"misp-attribute": "text"
},
"group": {
"description": "Group to which the system/driver belong to.",
"ui-priority": 0,
"sane_default":[
"Base",
"Boot Bus Extender",
"Boot File System",
"Cryptography",
"Extended base",
"Event Log",
"Filter",
"FSFilter Bottom",
"FSFilter Infrastructure",
"File System",
"FSFilter Virtualization",
"Keyboard Port",
"Network",
"NDIS",
"Parallel arbitrator",
"Pointer Port",
"PnP Filter",
"ProfSvc_Group",
"PNP_TDI",
"SCSI Miniport",
"SCSI CDROM Class",
"System Bus Extender",
"Video Save",
"other"
],
"misp-attribute": "text"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": ""
}
},
"version": 1,
"description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.",
"meta-category": "misc",
"uuid": "78cdae45-2061-4b49-b1d6-71f562094a73",
"name": "regripper-system-hive-services-drivers"
}