From 896fb727358366b949dfa74b9321d979c6e53e62 Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Fri, 1 Jul 2022 16:47:23 +0200 Subject: [PATCH] Merge from master --- objects/attack-step/definition.json | 88 ++++++++++++++--------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/objects/attack-step/definition.json b/objects/attack-step/definition.json index b0f5573..0c63e05 100644 --- a/objects/attack-step/definition.json +++ b/objects/attack-step/definition.json @@ -1,35 +1,9 @@ { "attributes": { - "source-ip": { - "description": "IP source of the attack step, if any.", - "misp-attribute": "ip-src", - "ui-priority": 1 - }, - "source-domain": { - "description": "Domain source of the attack step, if any.", - "misp-attribute": "domain", - "ui-priority": 1 - }, - "source-misc": { - "description": "Other type of source of the attack step, if any. This can be e.g. rotating ip from cloud providers such as AWS, or localhost.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "dst-ip": { - "description": "IP destination of the attack step, if any.", - "misp-attribute": "ip-dst", - "disable-correlation": true, - "ui-priority": 1 - }, - "dst-domain": { - "description": "Domain destination of the attack step, if any.", - "misp-attribute": "domain", - "disable-correlation": true, - "ui-priority": 1 - }, - "dst-misc": { - "description": "Other type of source of the attack step, if any. This can be e.g. localhost.", + "command-line": { + "description": "Command line used to execute attack step, if any.", "misp-attribute": "text", + "multiple": true, "ui-priority": 1 }, "description": { @@ -37,19 +11,31 @@ "misp-attribute": "text", "ui-priority": 1 }, - "command-line": { - "description": "Command line used to execute attack step, if any.", - "multiple": true, + "detections": { + "description": "Detections by the victim's monitoring capabilities.", "misp-attribute": "text", "ui-priority": 1 }, - "succesful": { - "description": "Was this attack step succesful?", - "misp-attribute": "boolean", - "sane_default": [ - "True", - "False" - ], + "dst-domain": { + "description": "Domain destination of the attack step, if any.", + "disable-correlation": true, + "misp-attribute": "domain", + "ui-priority": 1 + }, + "dst-ip": { + "description": "IP destination of the attack step, if any.", + "disable-correlation": true, + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dst-misc": { + "description": "Other type of source of the attack step, if any. This can be e.g. localhost.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "expected-response": { + "description": "Response or detection expected (in case of purple teaming)", + "misp-attribute": "text", "ui-priority": 1 }, "key-step": { @@ -61,14 +47,28 @@ ], "ui-priority": 1 }, - "detections": { - "description": "Detections by the victim's monitoring capabilities.", + "source-domain": { + "description": "Domain source of the attack step, if any.", + "misp-attribute": "domain", + "ui-priority": 1 + }, + "source-ip": { + "description": "IP source of the attack step, if any.", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "source-misc": { + "description": "Other type of source of the attack step, if any. This can be e.g. rotating ip from cloud providers such as AWS, or localhost.", "misp-attribute": "text", "ui-priority": 1 }, - "expected-response": { - "description": "Response or detection expected (in case of purple teaming)", - "misp-attribute": "text", + "succesful": { + "description": "Was this attack step succesful?", + "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 } },