From 71cc235a5d466c8090e16d255e1acf44af250e79 Mon Sep 17 00:00:00 2001 From: Michael Trewen Date: Tue, 13 Jun 2023 10:47:28 +0200 Subject: [PATCH] new:added Diamond Object --- objects/diamond/definition.json | 106 ++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 objects/diamond/definition.json diff --git a/objects/diamond/definition.json b/objects/diamond/definition.json new file mode 100644 index 0000000..23d66b9 --- /dev/null +++ b/objects/diamond/definition.json @@ -0,0 +1,106 @@ +{ + "required": [ + "EventID", + "Advesary", + "Capability", + "Infrastructure", + "Victim" + ], + "version": 1, + "description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.", + "meta-category": "internal", + "uuid": "a9618450-694d-4c73-9f76-35ea0150c19e", + "name": "diamond-event", + "attributes": { + "EventID": { + "description": "Id of the event", + "ui-priority": 0, + "misp-attribute": "counter" + }, + "Advesary": { + "description": "The advesary who attacks the victim", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Capability": { + "description": "The capability used to attack the victim", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Infrastructure": { + "description": "The infrastructure used in the attack", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Victim": { + "description": "The attacked victim", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Timestamp": { + "description": "Timestamp when the event happened", + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "Phase": { + "description": "The event mapped to a phase of the killchain", + "ui-priority": 0, + "misp-attribute": "text", + "values_list": [ + "Reconnaissance", + "Weaponization", + "Delivery", + "Exploitation", + "Installation", + "C2", + "Action on Objectives" + ] + }, + "Result": { + "description": "The result of the event", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Direction": { + "description": "The network-based direction of the event", + "ui-priority": 0, + "misp-attribute": "text", + "values_list": [ + "Victim-to-Infrastructure", + "Infrastructure-to-Victim", + "Infrastructure-to-Infrastructure", + "Adversary-to-Infrastructure", + "Infrastructure-to-Adversary", + "Bidirectional", + "Unknown" + ] + }, + "Methodology": { + "description": "Mitre-Attack mapping of the event", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Resources": { + "description": "The resources the attacker needed for the event to succeed", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Description": { + "description": "Further context to the event", + "ui-priority": 0, + "misp-attribute": "text" + }, + "ioc": { + "description": "Generic IOC", + "ui-priority": 0, + "multiple": true, + "misp-attribute": "text" + }, + "textfield": { + "description": "Generic textfield", + "ui-priority": 0, + "multiple": true, + "misp-attribute": "text" + } + } + } \ No newline at end of file