Merge branch 'MISP:main' into master

2022-02-03 10:03:36 +01:00 · 2022-02-03 10:03:36 +01:00 · 98df3423cd
parent f1fea67b58 8cd68cdfd6
commit 98df3423cd
2 changed files with 135 additions and 0 deletions
--- a/objects/artifact/definition.json
+++ b/objects/artifact/definition.json
@ -0,0 +1,45 @@
+{
+  "attributes": {
+    "decryption_key": {
+      "description": "Specifies the decryption key for the encrypted binary data (either via payload_bin or url). For example, this may be useful in cases of sharing malware samples, which are often encoded in an encrypted archive.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "encryption_algorithm": {
+      "description": "If the artifact is encrypted, specifies the type of encryption algorithm the binary data  (either via payload_bin or url) is encoded in.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "hashes": {
+      "description": "Specifies a dictionary of hashes for the contents of the url or the payload_bin.  This property MUST be present when the url property is present. (should be file with relationships?)",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "mime_type": {
+      "description": "Whenever feasible, this value SHOULD be one of the values defined in the Template column in the IANA media type registry [Media Types]. Maintaining a comprehensive universal catalog of all extant file types is obviously not possible. When specifying a MIME Type not included in the IANA registry, implementers should use their best judgement so as to facilitate interoperability.",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "ui-priority": 0
+    },
+    "payload_bin": {
+      "description": "Specifies the binary data contained in the artifact as a base64-encoded string.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "url": {
+      "description": "The value of this property MUST be a valid URL that resolves to the unencoded content.",
+      "misp-attribute": "url",
+      "ui-priority": 0
+    }
+  },
+  "description": "The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. from STIX 2.1 (6.1)",
+  "meta-category": "file",
+  "name": "artifact",
+  "requiredOneOf": [
+    "payload_bin",
+    "url"
+  ],
+  "uuid": "0a46df3a-bd9b-472c-a1e7-6aede7094483",
+  "version": 1
+}
--- a/objects/identity/definition.json
+++ b/objects/identity/definition.json
@ -0,0 +1,90 @@
+{
+  "attributes": {
+    "contact_information": {
+      "description": "The contact information (e-mail, phone number, etc.) for this Identity. No format for this information is currently defined by this specification.",
+      "misp-attribute": "text",
+      "ui-priority": 18
+    },
+    "description": {
+      "description": "A description that provides more details and context about the Identity, potentially including its purpose and its key characteristics.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 10
+    },
+    "identity_class": {
+      "description": "The type of entity that this Identity describes, e.g., an individual or organization.",
+      "misp-attribute": "text",
+      "sane_default": [
+        "individual",
+        "group",
+        "system",
+        "organization",
+        "class",
+        "unknown"
+      ],
+      "ui-priority": 16
+    },
+    "name": {
+      "description": "The name of this Identity. When referring to a specific entity (e.g., an individual or organization), this property SHOULD contain the canonical name of the specific entity.",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "roles": {
+      "description": "The list of roles that this Identity performs (e.g., CEO, Domain Administrators, Doctors, Hospital, or Retailer).",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 15
+    },
+    "sectors": {
+      "description": "Description of the organization",
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "agriculture",
+        "aerospace",
+        "automotive",
+        "chemical",
+        "commercial",
+        "communication",
+        "construction",
+        "defense",
+        "education",
+        "energy",
+        "entertainment",
+        "financial-services",
+        "government",
+        "government emergency-services",
+        "government government-local",
+        "government-national",
+        "government-public-services",
+        "government-regional",
+        "healthcare",
+        "hospitality-leasure",
+        "infrastructure",
+        "infrastructure dams",
+        "infrastructure nuclear",
+        "infrastructure water",
+        "insurance",
+        "manufacturing",
+        "mining",
+        "non-profit",
+        "pharmaceuticals",
+        "retail",
+        "technology",
+        "telecommunication",
+        "transportation",
+        "utilities"
+      ],
+      "ui-priority": 17
+    }
+  },
+  "description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).  The Identity SDO can capture basic identifying information, contact information, and the sectors that the Identity belongs to. Identity is used in STIX to represent, among other things, targets of attacks, information sources, object creators, and threat actor identities. (ref. STIX 2.1 - 4.5)",
+  "meta-category": "misc",
+  "name": "identity",
+  "requiredOneOf": [
+    "name"
+  ],
+  "uuid": "ae85b960-b507-4de2-a32c-9cfb8f25f990",
+  "version": 1
+}