Add: python-etvx object

2018-10-15 11:08:09 +01:00 · 2018-10-15 11:08:09 +01:00 · 711abb094a
parent f8226fc200
commit 711abb094a
1 changed files with 177 additions and 0 deletions
--- a/objects/python-etvx-event-log/definition.json
+++ b/objects/python-etvx-event-log/definition.json
@ -0,0 +1,177 @@
+{
+  "required": [
+    "source",
+    "type",
+    "name"
+  ],
+  "attributes": {
+      "event-id": {
+        "description": "A unique number which identifies the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "name": {
+        "description": "Name of the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "event-channel":
+      {
+        "description":" Channel through which the event occurred",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true,
+        "sane-default":[
+          "Application",
+          "System",
+          "Security",
+          "Setup",
+          "other"
+        ]
+      },
+      "event-type":
+      {
+        "description": "Event-type assigned to the event",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true,
+        "sane-default":[
+          "Admin",
+          "Operational",
+          "Audit",
+          "Analytic",
+          "Debug",
+          "other"
+        ]
+      },
+      "source": {
+        "description": "The source of the event log - application/software that logged the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "event-date-time":
+      {
+        "description": "Date and time when the event was logged.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime",
+        "disable_correlation": true
+      },
+      "level": {
+        "description": "Determines the event severity.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "sane_default":[
+          "Information",
+          "Warning",
+          "Error",
+          "Critical",
+          "Success Audit",
+          "Failure Audit"
+        ]
+      },
+      "Computer": {
+        "description": "Computer name on which the event occurred",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "User": {
+        "description": "Name or the User ID the event is associated with.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "Operational-code": {
+        "description": "The opcode (numeric value or name) associated with the activity carried out by the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "log": {
+        "description": "Log file where the event was recorded.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "task-category":{
+        "description": "Activity by the event publisher",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "Keywords":{
+        "description" : "Tags used for the event for the purpose of filtering or searching.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "sane_default":[
+          "Network",
+          "Security",
+          "Resource not found",
+          "other"
+        ]
+      },
+      "Processor-ID": {
+        "description": "ID of the processor that processed the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "Thread-ID": {
+        "description": "Thread id that generated the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "Session-ID": {
+        "description": "Terminal server session ID.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "Correlation-ID": {
+        "description": "Unique activity identity which relates the event to a process. ",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "Relative-Correlation-ID": {
+        "description": "Related activity ID which identity similar activities which occurred as a part of the event.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "kernel-time":
+      {
+        "description": "Execution time of the kernel mode instruction.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime",
+        "disable_correlation": true
+      },
+      "user-time":
+      {
+        "description": "Date and time when the user instruction was executed.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime",
+        "disable_correlation": true
+      },
+      "Event-data":
+      {
+        "description": "Event data description.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      },
+      "comment": {
+        "description": "Additional comments.",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "disable_correlation": true
+      }
+  },
+  "version": 1,
+  "description": "Event log object template to share information of the activities conducted on a system. ",
+  "meta-category": "misc",
+  "uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e",
+  "name": "python-etvx-event-log"
+}