From 951abf10fea019580c5decbb7879a35ef713b9f3 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 11 Sep 2019 09:11:28 +0200
Subject: [PATCH] chg: [new object templates] various updates

---
 objects/command-line/definition.json  | 16 +++++++-------
 objects/command/definition.json       | 30 +++++++++++++++++++++------
 objects/impersonation/definition.json |  8 +++++--
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/objects/command-line/definition.json b/objects/command-line/definition.json
index 0b11d92..02c21ae 100644
--- a/objects/command-line/definition.json
+++ b/objects/command-line/definition.json
@@ -1,19 +1,19 @@
 {
   "attributes": {
     "value": {
-      "description": "",
+      "description": "command code",
       "ui-priority": 1,
       "misp-attribute": "text",
       "multiple": true
-      },
-      "description": {
-        "description": "description of the command",
-        "ui-priority": 1,
-        "misp-attribute": "text"
-      }
+    },
+    "description": {
+      "description": "description of the command",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    }
   },
   "version": 1,
-  "description": "",
+  "description": "Command line and option related to a software malicious or not to execute specific commands.",
   "meta-category": "misc",
   "uuid": "88ebe222-d3cc-11e9-875d-7f13f460adaf",
   "name": "command-line"
diff --git a/objects/command/definition.json b/objects/command/definition.json
index 6cbb5c7..cb1b7b6 100644
--- a/objects/command/definition.json
+++ b/objects/command/definition.json
@@ -1,18 +1,36 @@
 {
   "attributes": {
-    "command-name": {
-      "description": "Text used to call the command",
+    "location": {
+      "description": "Location of the command functionality",
       "ui-priority": 1,
-      "misp-attribute": "text"
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "sane_default": [
+        "Bundled",
+        "Module",
+        "Libraries",
+        "Unknown"
+      ]
     },
-    "functionality": {
-      "description": "Functionality of the command",
+    "trigger": {
+      "description": "How the commands are triggered",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "sane_default": [
+        "Local",
+        "Network",
+        "Unknown"
+      ]
+    },
+    "description": {
+      "description": "Description of the command functionalities",
       "ui-priority": 1,
       "misp-attribute": "text"
     }
   },
   "version": 1,
-  "description": "Command",
+  "description": "Command functionalities related to a software malicious or not to execute specific commands. Command-line are attached to this object for the related commands.",
   "meta-category": "misc",
   "uuid": "21ad70d8-d397-11e9-9ea7-43b2d5f6a6e3",
   "name": "command"
diff --git a/objects/impersonation/definition.json b/objects/impersonation/definition.json
index da174db..78a35b5 100644
--- a/objects/impersonation/definition.json
+++ b/objects/impersonation/definition.json
@@ -42,7 +42,7 @@
       "misp-attribute": "text"
     },
     "type": {
-      "description": "",
+      "description": "Type of the account",
       "ui-priority": 1,
       "misp-attribute": "text",
       "disable_correlation": true,
@@ -60,7 +60,11 @@
       "disable_correlation": true,
       "multiple": true,
       "sane_default": [
-        "Infomation stealing",
+        "Information stealing",
+        "Disinformation",
+        "Distrusting",
+        "Advertising",
+        "Parody",
         "Other"
       ]
     }