From 7dc65e5fe07100dec815d7c15c3ad3a0068f7ddb Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 8 Aug 2019 11:46:54 +0200 Subject: [PATCH] chg: [validation] complement schema with categories/types --- schema_objects.json | 180 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/schema_objects.json b/schema_objects.json index 0df52de..916bc58 100644 --- a/schema_objects.json +++ b/schema_objects.json @@ -7,6 +7,24 @@ "properties": { "categories": { "items": { + "enum": [ + "Antivirus detection", + "Artifacts dropped", + "Attribution", + "External analysis", + "Financial fraud", + "Internal reference", + "Network activity", + "Other", + "Payload delivery", + "Payload installation", + "Payload type", + "Persistence mechanism", + "Person", + "Social network", + "Support Tool", + "Targeting data" + ], "type": "string" }, "type": "array", @@ -19,6 +37,168 @@ "type": "boolean" }, "misp-attribute": { + "enum": [ + "AS", + "aba-rtn", + "anonymised", + "attachment", + "authentihash", + "bank-account-nr", + "bic", + "bin", + "boolean", + "bro", + "btc", + "campaign-id", + "campaign-name", + "cc-number", + "cdhash", + "comment", + "community-id", + "cookie", + "cortex", + "counter", + "country-of-residence", + "cpe", + "date-of-birth", + "datetime", + "dns-soa-email", + "domain", + "domain|ip", + "email-attachment", + "email-body", + "email-dst", + "email-dst-display-name", + "email-header", + "email-message-id", + "email-mime-boundary", + "email-reply-to", + "email-src", + "email-src-display-name", + "email-subject", + "email-thread-index", + "email-x-mailer", + "filename", + "filename|authentihash", + "filename|impfuzzy", + "filename|imphash", + "filename|md5", + "filename|pehash", + "filename|sha1", + "filename|sha224", + "filename|sha256", + "filename|sha384", + "filename|sha512", + "filename|sha512/224", + "filename|sha512/256", + "filename|ssdeep", + "filename|tlsh", + "first-name", + "float", + "frequent-flyer-number", + "gender", + "gene", + "github-organisation", + "github-repository", + "github-username", + "hassh-md5", + "hasshserver-md5", + "hex", + "hostname", + "hostname|port", + "http-method", + "iban", + "identity-card-number", + "impfuzzy", + "imphash", + "ip-dst", + "ip-dst|port", + "ip-src", + "ip-src|port", + "issue-date-of-the-visa", + "ja3-fingerprint-md5", + "jabber-id", + "last-name", + "link", + "mac-address", + "mac-eui-64", + "malware-sample", + "malware-type", + "md5", + "middle-name", + "mime-type", + "mobile-application-id", + "mutex", + "named pipe", + "nationality", + "other", + "passenger-name-record-locator-number", + "passport-country", + "passport-expiration", + "passport-number", + "pattern-in-file", + "pattern-in-memory", + "pattern-in-traffic", + "payment-details", + "pdb", + "pehash", + "phone-number", + "place-of-birth", + "place-port-of-clearance", + "place-port-of-onward-foreign-destination", + "place-port-of-original-embarkation", + "port", + "primary-residence", + "prtn", + "redress-number", + "regkey", + "regkey|value", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sigma", + "size-in-bytes", + "snort", + "special-service-request", + "ssdeep", + "stix2-pattern", + "target-email", + "target-external", + "target-location", + "target-machine", + "target-org", + "target-user", + "text", + "threat-actor", + "tlsh", + "travel-details", + "twitter-id", + "uri", + "url", + "user-agent", + "visa-number", + "vulnerability", + "weakness", + "whois-creation-date", + "whois-registrant-email", + "whois-registrant-name", + "whois-registrant-org", + "whois-registrant-phone", + "whois-registrar", + "windows-scheduled-task", + "windows-service-displayname", + "windows-service-name", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "xmr", + "yara", + "zeek" + ], "type": "string" }, "multiple": {