mirror of https://github.com/MISP/misp-objects
add: [malware-analysis] New object template to describe a static or dynamic analysis performed on a malware instance or family
parent
fb801871bf
commit
5c830087a0
|
@ -0,0 +1,79 @@
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
"analysis_definition_version": {
|
||||||
|
"description": "The version of the analysis definitions used by the analysis tool.",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"analysis_engine_version": {
|
||||||
|
"description": "The version of the analysis engine or product that was used to perform the analysis.",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"configuration_version": {
|
||||||
|
"description": "The named configuration of additional product configuration parameters for this analysis run.",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"end_time": {
|
||||||
|
"description": "The date and time that the malware analysis ended.",
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"module": {
|
||||||
|
"description": "The specific analysis module that was used and configured in the product during this analysis run.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"product": {
|
||||||
|
"description": "The name of the analysis engine or product that was used.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 1
|
||||||
|
},
|
||||||
|
"result": {
|
||||||
|
"description": "The classification result as determined by the scanner or tool analysis process.",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"benign",
|
||||||
|
"malicious",
|
||||||
|
"suspicious",
|
||||||
|
"unknown"
|
||||||
|
],
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"result_name": {
|
||||||
|
"description": "The classification result or name assigned to the malware instance by the scanner tool.",
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"start_time": {
|
||||||
|
"description": "The date and time that the malware analysis was initiated.",
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"submitted_time": {
|
||||||
|
"description": "The date and time that the malware was first submitted for scanning or analysis.",
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"ui-priority": 0
|
||||||
|
},
|
||||||
|
"version": {
|
||||||
|
"description": "The version of the analysis product that was used to perform the analysis.",
|
||||||
|
"disable_correlation": true,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"description": "Malware Analysis captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"name": "malware-analysis",
|
||||||
|
"required": [
|
||||||
|
"product"
|
||||||
|
],
|
||||||
|
"uuid": "8229ee82-7218-4ff5-9eac-57961a6f0288",
|
||||||
|
"version": 1
|
||||||
|
}
|
Loading…
Reference in New Issue