From b3096262f53b8d46a4a498dacbba23c39110bbe2 Mon Sep 17 00:00:00 2001 From: phmazzoni Date: Fri, 5 Mar 2021 11:30:00 -0300 Subject: [PATCH 1/7] Create definition.json Create Palo Alto Threat Log Object Template. --- objects/panorama/definition.json | 79 ++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 objects/panorama/definition.json diff --git a/objects/panorama/definition.json b/objects/panorama/definition.json new file mode 100644 index 0000000..08607a6 --- /dev/null +++ b/objects/panorama/definition.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "type": { + "description": "The type of the Log Event", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subtype": { + "description": "The subtype of the Log Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "thr_category": { + "description": "The Threat Category.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "direction": { + "description": "The Direction of the Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "threatid": { + "description": "The Threat ID.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "time_generated": { + "description": "The datetime of the event.", + "misp-attribute": "datetime", + "ui-priority": 1 + }, + "srcloc": { + "description": "The Source Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dstloc": { + "description": "The Destination Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dst": { + "description": "The Destination IP which is the target of the observed connections.", + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dport": { + "description": "The port to which the connection headed.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "app": { + "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "proto": { + "description": "The transport protocol (e.g. tcp, udp, icmp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "src": { + "description": "The ip observed to initiate the connection", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "sport": { + "description": "The port from which the connection originated.", + "misp-attribute": "counter", + "ui-priority": 1 + } + }, + "description": "Palo Alto Threat Log Event", + "meta-category": "network", + "name": "paloalto-threat-event", + "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", + "version": 4 +} From 04331becf0e001e375e1e446023fcb8801b7ec6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 30 Nov 2020 14:10:38 +0100 Subject: [PATCH 2/7] chg: Add PR to GH actions --- .github/workflows/nosetests.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nosetests.yml b/.github/workflows/nosetests.yml index b1d6017..2e72a72 100644 --- a/.github/workflows/nosetests.yml +++ b/.github/workflows/nosetests.yml @@ -1,6 +1,10 @@ name: Python application -on: [push] +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] jobs: build: From 3fb441b8a09f2bca50c46644db89563dc6048fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 5 Mar 2021 15:57:41 +0100 Subject: [PATCH 3/7] chg: Make jq validation happy --- objects/panorama/definition.json | 90 ++++++++++++++++---------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/objects/panorama/definition.json b/objects/panorama/definition.json index 08607a6..9a0c6e1 100644 --- a/objects/panorama/definition.json +++ b/objects/panorama/definition.json @@ -1,7 +1,47 @@ { "attributes": { - "type": { - "description": "The type of the Log Event", + "app": { + "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "direction": { + "description": "The Direction of the Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dport": { + "description": "The port to which the connection headed.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "dst": { + "description": "The Destination IP which is the target of the observed connections.", + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dstloc": { + "description": "The Destination Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "proto": { + "description": "The transport protocol (e.g. tcp, udp, icmp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "sport": { + "description": "The port from which the connection originated.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "src": { + "description": "The ip observed to initiate the connection", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "srcloc": { + "description": "The Source Location of the event.", "misp-attribute": "text", "ui-priority": 1 }, @@ -15,11 +55,6 @@ "misp-attribute": "text", "ui-priority": 1 }, - "direction": { - "description": "The Direction of the Event.", - "misp-attribute": "text", - "ui-priority": 1 - }, "threatid": { "description": "The Threat ID.", "misp-attribute": "text", @@ -30,45 +65,10 @@ "misp-attribute": "datetime", "ui-priority": 1 }, - "srcloc": { - "description": "The Source Location of the event.", + "type": { + "description": "The type of the Log Event", "misp-attribute": "text", "ui-priority": 1 - }, - "dstloc": { - "description": "The Destination Location of the event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "dst": { - "description": "The Destination IP which is the target of the observed connections.", - "misp-attribute": "ip-dst", - "ui-priority": 1 - }, - "dport": { - "description": "The port to which the connection headed.", - "misp-attribute": "counter", - "ui-priority": 1 - }, - "app": { - "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "proto": { - "description": "The transport protocol (e.g. tcp, udp, icmp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "src": { - "description": "The ip observed to initiate the connection", - "misp-attribute": "ip-src", - "ui-priority": 1 - }, - "sport": { - "description": "The port from which the connection originated.", - "misp-attribute": "counter", - "ui-priority": 1 } }, "description": "Palo Alto Threat Log Event", @@ -76,4 +76,4 @@ "name": "paloalto-threat-event", "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", "version": 4 -} +} \ No newline at end of file From a16d68908512ea5f9e29c4fdcc49a496c0db3b51 Mon Sep 17 00:00:00 2001 From: phmazzoni Date: Fri, 5 Mar 2021 14:03:37 -0300 Subject: [PATCH 4/7] Delete objects/panorama directory --- objects/panorama/definition.json | 79 -------------------------------- 1 file changed, 79 deletions(-) delete mode 100644 objects/panorama/definition.json diff --git a/objects/panorama/definition.json b/objects/panorama/definition.json deleted file mode 100644 index 9a0c6e1..0000000 --- a/objects/panorama/definition.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "attributes": { - "app": { - "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "direction": { - "description": "The Direction of the Event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "dport": { - "description": "The port to which the connection headed.", - "misp-attribute": "counter", - "ui-priority": 1 - }, - "dst": { - "description": "The Destination IP which is the target of the observed connections.", - "misp-attribute": "ip-dst", - "ui-priority": 1 - }, - "dstloc": { - "description": "The Destination Location of the event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "proto": { - "description": "The transport protocol (e.g. tcp, udp, icmp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "sport": { - "description": "The port from which the connection originated.", - "misp-attribute": "counter", - "ui-priority": 1 - }, - "src": { - "description": "The ip observed to initiate the connection", - "misp-attribute": "ip-src", - "ui-priority": 1 - }, - "srcloc": { - "description": "The Source Location of the event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "subtype": { - "description": "The subtype of the Log Event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "thr_category": { - "description": "The Threat Category.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "threatid": { - "description": "The Threat ID.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "time_generated": { - "description": "The datetime of the event.", - "misp-attribute": "datetime", - "ui-priority": 1 - }, - "type": { - "description": "The type of the Log Event", - "misp-attribute": "text", - "ui-priority": 1 - } - }, - "description": "Palo Alto Threat Log Event", - "meta-category": "network", - "name": "paloalto-threat-event", - "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", - "version": 4 -} \ No newline at end of file From 16a3bed25347089a093e56f47641e960b863b534 Mon Sep 17 00:00:00 2001 From: phmazzoni Date: Fri, 5 Mar 2021 14:05:39 -0300 Subject: [PATCH 5/7] Create definition.json --- objects/paloalto-threat-event/definition.json | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 objects/paloalto-threat-event/definition.json diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json new file mode 100644 index 0000000..08607a6 --- /dev/null +++ b/objects/paloalto-threat-event/definition.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "type": { + "description": "The type of the Log Event", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subtype": { + "description": "The subtype of the Log Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "thr_category": { + "description": "The Threat Category.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "direction": { + "description": "The Direction of the Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "threatid": { + "description": "The Threat ID.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "time_generated": { + "description": "The datetime of the event.", + "misp-attribute": "datetime", + "ui-priority": 1 + }, + "srcloc": { + "description": "The Source Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dstloc": { + "description": "The Destination Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dst": { + "description": "The Destination IP which is the target of the observed connections.", + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dport": { + "description": "The port to which the connection headed.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "app": { + "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "proto": { + "description": "The transport protocol (e.g. tcp, udp, icmp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "src": { + "description": "The ip observed to initiate the connection", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "sport": { + "description": "The port from which the connection originated.", + "misp-attribute": "counter", + "ui-priority": 1 + } + }, + "description": "Palo Alto Threat Log Event", + "meta-category": "network", + "name": "paloalto-threat-event", + "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", + "version": 4 +} From 321a952a6695f1e9abee22ee212953906829f48e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 5 Mar 2021 18:16:46 +0100 Subject: [PATCH 6/7] chg: make jq validation happy --- objects/paloalto-threat-event/definition.json | 90 +++++++++---------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json index 08607a6..0fb3ac9 100644 --- a/objects/paloalto-threat-event/definition.json +++ b/objects/paloalto-threat-event/definition.json @@ -1,7 +1,47 @@ { "attributes": { - "type": { - "description": "The type of the Log Event", + "app": { + "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "direction": { + "description": "The Direction of the Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dport": { + "description": "The port to which the connection headed.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "dst": { + "description": "The Destination IP which is the target of the observed connections.", + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dstloc": { + "description": "The Destination Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "proto": { + "description": "The transport protocol (e.g. tcp, udp, icmp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "sport": { + "description": "The port from which the connection originated.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "src": { + "description": "The ip observed to initiate the connection", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "srcloc": { + "description": "The Source Location of the event.", "misp-attribute": "text", "ui-priority": 1 }, @@ -15,11 +55,6 @@ "misp-attribute": "text", "ui-priority": 1 }, - "direction": { - "description": "The Direction of the Event.", - "misp-attribute": "text", - "ui-priority": 1 - }, "threatid": { "description": "The Threat ID.", "misp-attribute": "text", @@ -30,50 +65,15 @@ "misp-attribute": "datetime", "ui-priority": 1 }, - "srcloc": { - "description": "The Source Location of the event.", + "type": { + "description": "The type of the Log Event", "misp-attribute": "text", "ui-priority": 1 - }, - "dstloc": { - "description": "The Destination Location of the event.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "dst": { - "description": "The Destination IP which is the target of the observed connections.", - "misp-attribute": "ip-dst", - "ui-priority": 1 - }, - "dport": { - "description": "The port to which the connection headed.", - "misp-attribute": "counter", - "ui-priority": 1 - }, - "app": { - "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "proto": { - "description": "The transport protocol (e.g. tcp, udp, icmp).", - "misp-attribute": "text", - "ui-priority": 1 - }, - "src": { - "description": "The ip observed to initiate the connection", - "misp-attribute": "ip-src", - "ui-priority": 1 - }, - "sport": { - "description": "The port from which the connection originated.", - "misp-attribute": "counter", - "ui-priority": 1 } }, "description": "Palo Alto Threat Log Event", "meta-category": "network", "name": "paloalto-threat-event", "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", - "version": 4 + "version": 5 } From 067ae494983cd8dc3d8549e64166cd0d4faeab4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 5 Mar 2021 18:23:11 +0100 Subject: [PATCH 7/7] fix: Typo --- objects/paloalto-threat-event/definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json index 0fb3ac9..6089c25 100644 --- a/objects/paloalto-threat-event/definition.json +++ b/objects/paloalto-threat-event/definition.json @@ -76,4 +76,4 @@ "name": "paloalto-threat-event", "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", "version": 5 -} +} \ No newline at end of file