From 7577cbe59a06e24a778cea6a100fe5614ad850d3 Mon Sep 17 00:00:00 2001
From: VVX7 <info@VVX7.io>
Date: Mon, 8 Jun 2020 11:16:59 -0400
Subject: [PATCH] chg: [dev] make Reddit attributes (mostly) reflect Reddit
 API.

---
 objects/reddit-account/definition.json   | 14 +++----
 objects/reddit-comment/definition.json   | 15 ++++----
 objects/reddit-post/definition.json      | 24 +++++++++++-
 objects/reddit-subreddit/definition.json | 47 ++++++++++++++++++------
 4 files changed, 72 insertions(+), 28 deletions(-)

diff --git a/objects/reddit-account/definition.json b/objects/reddit-account/definition.json
index 337f1b0..b1fe148 100644
--- a/objects/reddit-account/definition.json
+++ b/objects/reddit-account/definition.json
@@ -6,6 +6,12 @@
       "multiple": true,
       "ui-priority": 1
     },
+    "account-avatar-url": {
+      "description": "A user profile picture or avatar.",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "account-id": {
       "description": "Account id.",
       "misp-attribute": "text",
@@ -56,12 +62,6 @@
       "description": "Original URL location of the page (potentially malicious).",
       "misp-attribute": "url",
       "ui-priority": 1
-    },
-    "user-avatar": {
-      "description": "A user profile picture or avatar.",
-      "misp-attribute": "attachment",
-      "multiple": true,
-      "ui-priority": 1
     }
   },
   "description": "Reddit account.",
@@ -75,5 +75,5 @@
     "link"
   ],
   "uuid": "6802f885-2003-494a-b234-61aadce62731",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file
diff --git a/objects/reddit-comment/definition.json b/objects/reddit-comment/definition.json
index c487cb2..90d161f 100644
--- a/objects/reddit-comment/definition.json
+++ b/objects/reddit-comment/definition.json
@@ -13,13 +13,13 @@
       "multiple": true,
       "ui-priority": 1
     },
-    "comment": {
-      "description": "The raw text of the comment.",
+    "author": {
+      "description": "The user account that created the post (do not include u/).",
       "misp-attribute": "text",
       "ui-priority": 1
     },
-    "creator": {
-      "description": "The user account that created the post (do not include u/).",
+    "body": {
+      "description": "The raw text of the comment.",
       "misp-attribute": "text",
       "ui-priority": 1
     },
@@ -56,7 +56,6 @@
       "description": "The name of the subreddit where it was posted (exclude the r/).",
       "disable_correlation": true,
       "misp-attribute": "text",
-      "multiple": true,
       "ui-priority": 1
     },
     "url": {
@@ -75,11 +74,11 @@
   "meta-category": "misc",
   "name": "reddit-comment",
   "requiredOneOf": [
-    "creator",
-    "comment",
+    "author",
+    "body",
     "archive",
     "link"
   ],
   "uuid": "0a7e5fc0-fe6a-43c7-a957-de3269c2eb6c",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file
diff --git a/objects/reddit-post/definition.json b/objects/reddit-post/definition.json
index 2ccde61..08f00e1 100644
--- a/objects/reddit-post/definition.json
+++ b/objects/reddit-post/definition.json
@@ -13,7 +13,7 @@
       "multiple": true,
       "ui-priority": 1
     },
-    "creator": {
+    "author": {
       "description": "The user account that created the post (do not include u/).",
       "misp-attribute": "text",
       "ui-priority": 1
@@ -24,6 +24,16 @@
       "misp-attribute": "text",
       "ui-priority": 1
     },
+    "edited": {
+      "description": "Has the post been edited?",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "True",
+        "False"
+      ],
+      "ui-priority": 1
+    },
     "embedded-link": {
       "description": "Link embedded in the subreddit description (potentially malicious).",
       "misp-attribute": "url",
@@ -63,6 +73,16 @@
       "multiple": true,
       "ui-priority": 1
     },
+    "thumbnail": {
+      "description": "Screen capture or exported post thumbnail.",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
+    "thumbnail-url": {
+      "description": "Link to post thumbnail.",
+      "misp-attribute": "url",
+      "ui-priority": 1
+    },
     "url": {
       "description": "Original URL location of the Reddit post (potentially malicious).",
       "misp-attribute": "url",
@@ -85,5 +105,5 @@
     "link"
   ],
   "uuid": "e5ed7e7f-2e21-44ff-839f-e58d9818f17f",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file
diff --git a/objects/reddit-subreddit/definition.json b/objects/reddit-subreddit/definition.json
index 19ae175..88e15fc 100644
--- a/objects/reddit-subreddit/definition.json
+++ b/objects/reddit-subreddit/definition.json
@@ -1,5 +1,11 @@
 {
   "attributes": {
+    "active-user-count": {
+      "description": "Number of active accounts in the subreddit.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "archive": {
       "description": "Archive of the original subreddit (Internet Archive, Archive.is, etc).",
       "disable_correlation": true,
@@ -13,12 +19,18 @@
       "multiple": true,
       "ui-priority": 1
     },
-    "community-icon": {
-      "description": "A screen capture or exported subreddit community icon.",
+    "banner-background-image": {
+      "description": "A screen capture or exported subreddit header.",
       "misp-attribute": "attachment",
       "multiple": true,
       "ui-priority": 1
     },
+    "banner-background-url": {
+      "description": "A link to the subreddit header.",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "creator": {
       "description": "The user account that created the subreddit (do not include u/).",
       "misp-attribute": "text",
@@ -29,6 +41,11 @@
       "misp-attribute": "text",
       "ui-priority": 1
     },
+    "display-name": {
+      "description": "The name of the subreddit (exclude the r/).",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "embedded-link": {
       "description": "Link embedded in the subreddit description (potentially malicious).",
       "misp-attribute": "url",
@@ -47,12 +64,24 @@
       "multiple": true,
       "ui-priority": 0
     },
-    "header-image": {
-      "description": "A screen capture or exported subreddit header.",
+    "header-title": {
+      "description": "A title of the subreddit.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "icon-img": {
+      "description": "A screen capture or exported subreddit community icon.",
       "misp-attribute": "attachment",
       "multiple": true,
       "ui-priority": 1
     },
+    "icon-img-url": {
+      "description": "A link to the subreddit community icon.",
+      "misp-attribute": "url",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "link": {
       "description": "Original link to the subreddit (supposed harmless).",
       "misp-attribute": "link",
@@ -76,6 +105,7 @@
     "rules": {
       "description": "Raw text of the rules of the subreddit.",
       "misp-attribute": "text",
+      "multiple": true,
       "ui-priority": 1
     },
     "submit-text": {
@@ -89,11 +119,6 @@
       "multiple": true,
       "ui-priority": 1
     },
-    "subreddit-name": {
-      "description": "The name of the subreddit (exclude the r/).",
-      "misp-attribute": "text",
-      "ui-priority": 1
-    },
     "subreddit-type": {
       "description": "Subreddit type, e.g. general, buy and sell etc.",
       "disable_correlation": true,
@@ -111,11 +136,11 @@
   "meta-category": "misc",
   "name": "reddit-subreddit",
   "requiredOneOf": [
-    "subreddit-name",
+    "display-name",
     "description",
     "archive",
     "link"
   ],
   "uuid": "5a00464c-5379-4e66-ab21-d356ba426155",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file