diff --git a/objects/cytomic_orion/definition.json b/objects/cytomic_orion/definition.json new file mode 100644 index 0000000..050506c --- /dev/null +++ b/objects/cytomic_orion/definition.json @@ -0,0 +1,63 @@ +{ + "required": [], + "attributes": { + "fileName": { + "description": "Original filename", + "ui-priority": 9, + "categories": [ + "Other" + ], + "misp-attribute": "filename" + }, + "fileSize": { + "description": "Size of the file", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "size-in-bytes" + }, + "classification": { + "description": "File classification - number", + "to_ids": false, + "ui-priority": 2, + "categories": [ + "Other" + ], + "misp-attribute": "text" + }, + "classificationName": { + "description": "File classification", + "to_ids": false, + "ui-priority": 1, + "categories": [ + "Other" + ], + "misp-attribute": "text" + }, + "first-seen": { + "description": "First seen timestamp of the file", + "to_ids": false, + "ui-priority": 3, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + }, + "last-seen": { + "description": "Last seen timestamp of the file", + "to_ids": false, + "ui-priority": 4, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + } + }, + "version": 7, + "description": "Cytomic Orion File Detection", + "meta-category": "misc", + "uuid": "0ad86572-ba38-4baf-9fed-1926e9ecc916", + "name": "cytomic-orion-file" +} diff --git a/objects/cytomic_orion_machine/definition.json b/objects/cytomic_orion_machine/definition.json new file mode 100644 index 0000000..5a25dd7 --- /dev/null +++ b/objects/cytomic_orion_machine/definition.json @@ -0,0 +1,101 @@ +{ + "required": [ + "machineName" + ], + "attributes": { + "machineName": { + "description": "Machine name", + "ui-priority": 9, + "categories": [ + "Other" + ], + "misp-attribute": "target-machine" + }, + "machineMuid": { + "description": "Machine UID", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "text" + }, + "clientName": { + "description": "Client name", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "target-org" + }, + "clientId": { + "description": "Client id", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "text" + }, + "machinePath": { + "description": "Path of observable", + "to_ids": false, + "ui-priority": 2, + "categories": [ + "Other" + ], + "misp-attribute": "text" + }, + "first-seen": { + "description": "First seen on machine", + "to_ids": false, + "ui-priority": 3, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + }, + "last-seen": { + "description": "Last seen on machine", + "to_ids": false, + "ui-priority": 4, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + }, + "clientCreationDateUTC": { + "description": "Client creation date UTC", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + }, + "creationDate": { + "description": "Client creation date", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + }, + "lastSeenUtc": { + "description": "Client last seen UTC", + "to_ids": false, + "ui-priority": 0, + "categories": [ + "Other" + ], + "misp-attribute": "datetime" + } + }, + "version": 4, + "description": "Cytomic Orion File at Machine Detection", + "meta-category": "misc", + "uuid": "e0e46343-43fd-4ce7-b447-51381402c774", + "name": "cytomic-orion-machine" +}