From 7d1e3747d004a5289e05a76963b7057ec79e1d50 Mon Sep 17 00:00:00 2001 From: AH Date: Mon, 18 Jun 2018 19:12:27 -0400 Subject: [PATCH 1/3] STIX AIS Information source --- objects/ais-info/definition.json | 55 ++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 objects/ais-info/definition.json diff --git a/objects/ais-info/definition.json b/objects/ais-info/definition.json new file mode 100644 index 0000000..abb2cc7 --- /dev/null +++ b/objects/ais-info/definition.json @@ -0,0 +1,55 @@ +{ + "requiredOneOf": [ + "organisation", + "administrative-area", + "industry", + "country" + ], + "attributes": { + "organisation": { + "description": "AIS Organisation Name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "administrative-area": { + "description": "AIS Administrative Area represented using ISO-3166-2.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "industry": { + "description": "AIS IndustryType.", + "misp-attribute": "text", + "ui-priority": 1, + "multiple": true, + "sane_default": [ + "Chemical Sector", + "Commercial Facilities Sector", + "Communications Sector", + "Critical Manufacturing Sector", + "Dams Sector", + "Defense Industrial Base Sector", + "Emergency Services Sector", + "Energy Sector", + "Financial Services Sector", + "Food and Agriculture Sector", + "Government Facilities Sector", + "Healthcare and Public Health Sector", + "Information Technology Sector", + "Nuclear Reactors, Materials, and Waste Sector", + "Transportation Systems Sector", + "Water and Wastewater Systems Sector", + "Other" + ] + }, + "country": { + "description": "AIS Country represented using ISO-3166-1_alpha-2.", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "version": 1, + "description": "Automated Indicator Sharing (AIS) Information Source Markings.", + "meta-category": "misc", + "uuid": "1f3f466d-465f-4c3a-8cce-933642c9ea83", + "name": "ais-info" +} \ No newline at end of file From d9a616095a3549a9730ee0421f6910dac1c3307a Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 19 Jun 2018 21:11:24 +0200 Subject: [PATCH 2/3] Chg: jq all the things --- objects/ais-info/definition.json | 110 +++++++++++++++---------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/objects/ais-info/definition.json b/objects/ais-info/definition.json index abb2cc7..05e9629 100644 --- a/objects/ais-info/definition.json +++ b/objects/ais-info/definition.json @@ -1,55 +1,55 @@ -{ - "requiredOneOf": [ - "organisation", - "administrative-area", - "industry", - "country" - ], - "attributes": { - "organisation": { - "description": "AIS Organisation Name.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "administrative-area": { - "description": "AIS Administrative Area represented using ISO-3166-2.", - "misp-attribute": "text", - "ui-priority": 1 - }, - "industry": { - "description": "AIS IndustryType.", - "misp-attribute": "text", - "ui-priority": 1, - "multiple": true, - "sane_default": [ - "Chemical Sector", - "Commercial Facilities Sector", - "Communications Sector", - "Critical Manufacturing Sector", - "Dams Sector", - "Defense Industrial Base Sector", - "Emergency Services Sector", - "Energy Sector", - "Financial Services Sector", - "Food and Agriculture Sector", - "Government Facilities Sector", - "Healthcare and Public Health Sector", - "Information Technology Sector", - "Nuclear Reactors, Materials, and Waste Sector", - "Transportation Systems Sector", - "Water and Wastewater Systems Sector", - "Other" - ] - }, - "country": { - "description": "AIS Country represented using ISO-3166-1_alpha-2.", - "misp-attribute": "text", - "ui-priority": 1 - } - }, - "version": 1, - "description": "Automated Indicator Sharing (AIS) Information Source Markings.", - "meta-category": "misc", - "uuid": "1f3f466d-465f-4c3a-8cce-933642c9ea83", - "name": "ais-info" -} \ No newline at end of file +{ + "requiredOneOf": [ + "organisation", + "administrative-area", + "industry", + "country" + ], + "attributes": { + "organisation": { + "description": "AIS Organisation Name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "administrative-area": { + "description": "AIS Administrative Area represented using ISO-3166-2.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "industry": { + "description": "AIS IndustryType.", + "misp-attribute": "text", + "ui-priority": 1, + "multiple": true, + "sane_default": [ + "Chemical Sector", + "Commercial Facilities Sector", + "Communications Sector", + "Critical Manufacturing Sector", + "Dams Sector", + "Defense Industrial Base Sector", + "Emergency Services Sector", + "Energy Sector", + "Financial Services Sector", + "Food and Agriculture Sector", + "Government Facilities Sector", + "Healthcare and Public Health Sector", + "Information Technology Sector", + "Nuclear Reactors, Materials, and Waste Sector", + "Transportation Systems Sector", + "Water and Wastewater Systems Sector", + "Other" + ] + }, + "country": { + "description": "AIS Country represented using ISO-3166-1_alpha-2.", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "version": 1, + "description": "Automated Indicator Sharing (AIS) Information Source Markings.", + "meta-category": "misc", + "uuid": "1f3f466d-465f-4c3a-8cce-933642c9ea83", + "name": "ais-info" +} From 3b21125acdc7bcddd5ab3a230d9460d5138c2cc2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 22 Jun 2018 07:44:20 +0200 Subject: [PATCH 3/3] add: missing timesketch-timeline object template --- objects/timesketch-timeline/definition.json | 33 +++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 objects/timesketch-timeline/definition.json diff --git a/objects/timesketch-timeline/definition.json b/objects/timesketch-timeline/definition.json new file mode 100644 index 0000000..994015f --- /dev/null +++ b/objects/timesketch-timeline/definition.json @@ -0,0 +1,33 @@ +{ + "requiredOneOf": [ + "message", + "datetime" + ], + "attributes": { + "message": { + "description": "Informative message of the event", + "ui-priority": 0, + "misp-attribute": "text" + }, + "timestamp": { + "description": "When the log entry was seen in microseconds since Unix epoch", + "ui-priority": 0, + "misp-attribute": "timestamp-microsec" + }, + "timestamp_desc": { + "description": "Text explaining what type of timestamp is it", + "ui-priority": 0, + "misp-attribute": "text" + }, + "datetime": { + "description": "When the log entry was seen", + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 2, + "description": "A timesketch timeline object based on mandatory field in timesketch to describe a log entry.", + "meta-category": "misc", + "uuid": "06db0221-cbc0-4ffc-ad98-7f34549310f1", + "name": "timesketch-timeline" +}