diff --git a/objects/regripper-system-hive-firewall-configuration/definition.json b/objects/regripper-system-hive-firewall-configuration/definition.json new file mode 100644 index 0000000..7f361d8 --- /dev/null +++ b/objects/regripper-system-hive-firewall-configuration/definition.json @@ -0,0 +1,42 @@ +{ + "required": [ + "profile" + ], + "attributes": { + "profile": { + "description": "Firewall Profile type", + "ui-priority": 0, + "sane-default":[ + "Domain Profile", + "Standard Profile" + ], + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the firewall profile policy was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "enbled-firewall": { + "description": "Boolean flag to determine if the firewall is enabled.", + "ui-priority": 0, + "misp-attribute": "boolean" + }, + "disable-notification": { + "description": "Boolean flag to determine if firewall notifications are enabled.", + "ui-priority": 0, + "misp-attribute": "boolean" + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "" + } + }, + "version": 1, + "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", + "meta-category": "misc", + "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", + "name": "regripper-system-hive-firewall-configuration" + } + \ No newline at end of file diff --git a/objects/regripper-system-hive-general-configuration/definition.json b/objects/regripper-system-hive-general-configuration/definition.json new file mode 100644 index 0000000..df2a4fe --- /dev/null +++ b/objects/regripper-system-hive-general-configuration/definition.json @@ -0,0 +1,73 @@ +{ + "required": [ + "computer-name" + ], + "attributes": { + "computer-name": { + "description": "name of the computer under analysis", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "shutdown-time": { + "description": "Date and time when the system was shutdown.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "timezone-last-write-time": { + "description": "Date and time when the timezone key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "timezone-bias": { + "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "timezone-standard-name": { + "description": "Timezone standard name used during non-daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "timezone-standard-date": { + "description": "Standard date - non daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "timezone-standard-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "timezone-daylight-name": { + "description": "Timezone name used during daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "timezone-daylight-date": { + "description": "Daylight date - daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "timezone-daylight-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "fDenyTSConnections:": { + "description": "Specifies whether remote connections are enabled or disabled on the system.", + "ui-priority": 0, + "misp-attribute": "boolean" + } + }, + "version": 1, + "description": "Regripper Object template designed to present general system properties extracted from the system-hive.", + "meta-category": "misc", + "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", + "name": "regripper-system-hive-general-configuration" + } + \ No newline at end of file diff --git a/objects/regripper-system-hive-network-information/definition.json b/objects/regripper-system-hive-network-information/definition.json new file mode 100644 index 0000000..d2b07b5 --- /dev/null +++ b/objects/regripper-system-hive-network-information/definition.json @@ -0,0 +1,93 @@ +{ + "required": [ + "network-key" + ], + "attributes": { + "network-key": { + "description": "Registry key assigned to the network", + "ui-priority": 0, + "misp-attribute": "text" + }, + "network-key-last-write-time": { + "description": "Date and time when the network key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "network-key-path": { + "description": "Path of the key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "TCPIP-key": { + "description": "TCPIP key", + "ui-priority": 0, + "misp-attribute": "text" + }, + "TCPIP-key-last-write-time": { + "description": "Datetime when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "DHCP-domain": { + "description": "Name of the DHCP domain service", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DHCP-IP-address": { + "description": "DHCP service - IP address", + "ui-priority": 0, + "misp-attribute": "ip-dist" + }, + "DHCP-subnet-mask": { + "description": "DHCP subnet mask - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dist" + }, + "DHCP-name-server": { + "description": "DHCP Name server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dist" + }, + "DHCP-server": { + "description": "DHCP server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dist" + }, + "interface-GUID": { + "description": "GUID value assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "interface-last-write-time": { + "description": "Last date and time when the interface key was updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "interface-name": { + "description": "Name of the interface.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "interface-PnpInstanceID": { + "description": "Plug and Play instance ID assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "interface-MediaSubType": { + "description": "", + "ui-priority": 0, + "misp-attribute": "number" + }, + "interface-IPcheckingEnabled": { + "description": "", + "ui-priority": 0, + "misp-attribute": "boolean" + } + }, + "version": 1, + "description": "Regripper object template designed to gather network information from the system-hive.", + "meta-category": "misc", + "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", + "name": "regripper-system-hive-network-information." + } + \ No newline at end of file diff --git a/objects/regripper-system-hive-service-drivers/definition.json b/objects/regripper-system-hive-service-drivers/definition.json new file mode 100644 index 0000000..264cbc6 --- /dev/null +++ b/objects/regripper-system-hive-service-drivers/definition.json @@ -0,0 +1,94 @@ +{ + "required": [ + "name" + ], + "attributes": { + "name": { + "description": "name of the key", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "display": { + "description": "Display name/information of the service or the driver.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "image-path": { + "description": "Path of the service/drive", + "ui-priority": 0, + "misp-attribute": "text" + }, + "type": { + "description": "Service/driver type.", + "ui-priority": 0, + "sane_default": [ + "Kernel driver", + "File system driver", + "Own process", + "Share process", + "Interactive", + "Other" + ], + "misp-attribute": "text" + }, + "start": { + "description": "When the service/driver starts or executes.", + "ui-priority": 0, + "sane_default":[ + "Boot start", + "System start", + "Auto start", + "Manual", + "Disabled" + ], + "misp-attribute": "text" + }, + "group": { + "description": "Group to which the system/driver belong to.", + "ui-priority": 0, + "sane_default":[ + "Base", + "Boot Bus Extender", + "Boot File System", + "Cryptography", + "Extended base", + "Event Log", + "Filter", + "FSFilter Bottom", + "FSFilter Infrastructure", + "File System", + "FSFilter Virtualization", + "Keyboard Port", + "Network", + "NDIS", + "Parallel arbitrator", + "Pointer Port", + "PnP Filter", + "ProfSvc_Group", + "PNP_TDI", + "SCSI Miniport", + "SCSI CDROM Class", + "System Bus Extender", + "Video Save", + "other" + ], + "misp-attribute": "text" + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "" + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", + "meta-category": "misc", + "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", + "name": "regripper-system-hive-services-drivers" + } + \ No newline at end of file