MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge from master

pull/364/head
matthijsvp 2022-07-01 16:47:23 +02:00
parent 29d7467de9
commit 896fb72735
1 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
objects/attack-step/definition.json
View File

@ -1,35 +1,9 @@
{ {
"attributes": { "attributes": {
"source-ip": { "command-line": {
"description": "IP source of the attack step, if any.", "description": "Command line used to execute attack step, if any.",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"source-domain": {
"description": "Domain source of the attack step, if any.",
"misp-attribute": "domain",
"ui-priority": 1
},
"source-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. rotating ip from cloud providers such as AWS, or localhost.",
"misp-attribute": "text",
"ui-priority": 1
},
"dst-ip": {
"description": "IP destination of the attack step, if any.",
"misp-attribute": "ip-dst",
"disable-correlation": true,
"ui-priority": 1
},
"dst-domain": {
"description": "Domain destination of the attack step, if any.",
"misp-attribute": "domain",
"disable-correlation": true,
"ui-priority": 1
},
"dst-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. localhost.",
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"description": { "description": {
@ -37,19 +11,31 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"command-line": { "detections": {
"description": "Command line used to execute attack step, if any.", "description": "Detections by the victim's monitoring capabilities.",
"multiple": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"succesful": { "dst-domain": {
"description": "Was this attack step succesful?", "description": "Domain destination of the attack step, if any.",
"misp-attribute": "boolean", "disable-correlation": true,
"sane_default": [ "misp-attribute": "domain",
"True", "ui-priority": 1
"False" },
], "dst-ip": {
"description": "IP destination of the attack step, if any.",
"disable-correlation": true,
"misp-attribute": "ip-dst",
"ui-priority": 1
},
"dst-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. localhost.",
"misp-attribute": "text",
"ui-priority": 1
},
"expected-response": {
"description": "Response or detection expected (in case of purple teaming)",
"misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"key-step": { "key-step": {
@ -61,14 +47,28 @@
], ],
"ui-priority": 1 "ui-priority": 1
}, },
"detections": { "source-domain": {
"description": "Detections by the victim's monitoring capabilities.", "description": "Domain source of the attack step, if any.",
"misp-attribute": "domain",
"ui-priority": 1
},
"source-ip": {
"description": "IP source of the attack step, if any.",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"source-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. rotating ip from cloud providers such as AWS, or localhost.",
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"expected-response": { "succesful": {
"description": "Response or detection expected (in case of purple teaming)", "description": "Was this attack step succesful?",
"misp-attribute": "text", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
} }
}, },