From a68e678f508b1101f6d15090cf931b142ac7f579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 13 Feb 2017 11:18:42 +0100 Subject: [PATCH] JQ all the things --- jq_all_the_things.sh | 2 +- objects/domain-ip/definition.json | 69 +++++---- objects/email/definition.json | 209 +++++++++++++++----------- objects/file/definition.json | 198 +++++++++++++----------- objects/ip-port/definition.json | 86 ++++++----- objects/passive-dns/definition.json | 116 +++++++------- objects/registry-key/definition.json | 90 ++++++----- objects/vulnerability/definition.json | 86 ++++++----- objects/whois/definition.json | 88 ++++++----- objects/x509/definition.json | 122 +++++++-------- validate_all.sh | 4 +- 11 files changed, 595 insertions(+), 475 deletions(-) diff --git a/jq_all_the_things.sh b/jq_all_the_things.sh index e2ed85c..e10e2d7 100755 --- a/jq_all_the_things.sh +++ b/jq_all_the_things.sh @@ -5,7 +5,7 @@ set -x # Seeds sponge, from moreutils -for dir in objects/*/list.json +for dir in objects/*/definition.json do cat ${dir} | jq . | sponge ${dir} done diff --git a/objects/domain-ip/definition.json b/objects/domain-ip/definition.json index 87f5453..2ad7aa9 100644 --- a/objects/domain-ip/definition.json +++ b/objects/domain-ip/definition.json @@ -1,33 +1,40 @@ { - "name": "domain|ip", - "meta-category": "network", - "description": "A domain and IP address seen as a tuple in a specific time frame.", - "version": 1, - "attributes" : - { - "ip": { - "misp-attribute": "ip-dst", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "domain": { - "misp-attribute": "domain", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "first-seen": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "last-seen": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - } - - }, - "required": ["ip","domain"] + "name": "domain|ip", + "meta-category": "network", + "description": "A domain and IP address seen as a tuple in a specific time frame.", + "version": 1, + "attributes": { + "ip": { + "misp-attribute": "ip-dst", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "domain": { + "misp-attribute": "domain", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "first-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "last-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + } + }, + "required": [ + "ip", + "domain" + ] } diff --git a/objects/email/definition.json b/objects/email/definition.json index aa3ad87..a211aa7 100644 --- a/objects/email/definition.json +++ b/objects/email/definition.json @@ -1,86 +1,127 @@ { - "name": "email", - "meta-category": "email", - "description": "Email object describing an email with meta-information", - "version": 1, - "attributes" : - { - "from": { - "misp-attribute": "email-src", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"] - }, - "from-display-name": { - "misp-attribute": "email-src-display-name", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"] - }, - "to": { - "misp-attribute": "email-dst", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"], - "multiple": true - }, - "to-display-name": { - "misp-attribute": "email-dst-display-name", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"], - "multiple": true - }, - "subject": { - "misp-attribute": "email-subject", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"] - }, - "attachment": { - "misp-attribute": "email-attachment", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"], - "multiple": true - }, - "message-id": { - "misp-attribute": "email-message-id", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"] - }, - "reply-to": { - "misp-attribute": "email-reply-to", - "misp-usage-frequency": 1, - "categories": ["Payload delivery"] - }, - "send-date": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0, - "categories": ["Other"] - }, - "url": { - "misp-attribute": "url", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"], - "multiple": true - }, - "mime-boundary": { - "misp-attribute": "email-mime-boundary", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"] - }, - "thread-index": { - "misp-attribute": "email-thread-index", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"] - }, - "header": { - "misp-attribute": "email-header", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"], - "multiple": true - }, - "x-mailer": { - "misp-attribute": "email-xmailer", - "misp-usage-frequency": 0, - "categories": ["Payload delivery"] - } - - }, - "requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"] + "name": "email", + "meta-category": "email", + "description": "Email object describing an email with meta-information", + "version": 1, + "attributes": { + "from": { + "misp-attribute": "email-src", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ] + }, + "from-display-name": { + "misp-attribute": "email-src-display-name", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ] + }, + "to": { + "misp-attribute": "email-dst", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ], + "multiple": true + }, + "to-display-name": { + "misp-attribute": "email-dst-display-name", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ], + "multiple": true + }, + "subject": { + "misp-attribute": "email-subject", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ] + }, + "attachment": { + "misp-attribute": "email-attachment", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ], + "multiple": true + }, + "message-id": { + "misp-attribute": "email-message-id", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ] + }, + "reply-to": { + "misp-attribute": "email-reply-to", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery" + ] + }, + "send-date": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0, + "categories": [ + "Other" + ] + }, + "url": { + "misp-attribute": "url", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ], + "multiple": true + }, + "mime-boundary": { + "misp-attribute": "email-mime-boundary", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ] + }, + "thread-index": { + "misp-attribute": "email-thread-index", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ] + }, + "header": { + "misp-attribute": "email-header", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ], + "multiple": true + }, + "x-mailer": { + "misp-attribute": "email-xmailer", + "misp-usage-frequency": 0, + "categories": [ + "Payload delivery" + ] + } + }, + "requiredOneOf": [ + "email-src", + "email-src-display-name", + "email-dst", + "email-dst-display-name", + "email-subject", + "email-attachment", + "email-message-id", + "email-reply-to", + "send-date", + "url", + "email-mime-boundary", + "email-thread-index", + "email-header", + "x-mailer" + ] } diff --git a/objects/file/definition.json b/objects/file/definition.json index 41eb57e..89dc5c0 100644 --- a/objects/file/definition.json +++ b/objects/file/definition.json @@ -1,89 +1,113 @@ { - "name": "file", - "meta-category": "file", - "description": "File object describing a file with meta-information", - "version": 1, - "attributes" : - { - "filename": { - "misp-attribute": "filename", - "misp-usage-frequency": 1, - "categories": ["Payload delivery","Artifacts dropped","Payload installation","External analysis"] - }, - "size-in-bytes": { - "misp-attribute": "size-in-bytes", - "misp-usage-frequency": 0 - }, - "authentihash": { - "misp-attribute": "authentihash", - "misp-usage-frequency": 0 - }, - "ssdeep": { - "misp-attribute": "ssdeep", - "misp-usage-frequency": 0 - }, - "imphash": { - "misp-attribute": "imphash", - "misp-usage-frequency": 0 - }, - "pehash": { - "misp-attribute": "pehash", - "misp-usage-frequency": 0 - }, - "sha-224": { - "misp-attribute": "sha-224", - "misp-usage-frequency": 0 - }, - "sha-384": { - "misp-attribute": "sha-384", - "misp-usage-frequency": 0 - }, - "sha-512": { - "misp-attribute": "sha-512", - "misp-usage-frequency": 0 - }, - "sha-512/224": { - "misp-attribute": "sha-512/224", - "misp-usage-frequency": 0 - }, - "sha-512/256": { - "misp-attribute": "sha-512/256", - "misp-usage-frequency": 0 - }, - "tlsh": { - "misp-attribute": "tlsh", - "misp-usage-frequency": 0 - }, - "md5": { - "misp-attribute": "md5", - "misp-usage-frequency": 1 - }, - "sha1": { - "misp-attribute": "sha1", - "misp-usage-frequency": 1 - }, - "sha256": { - "misp-attribute": "sha256", - "misp-usage-frequency": 1 - }, - "pattern-in-file": { - "misp-attribute": "pattern-in-file", - "misp-usage-frequency": 1, - "categories": ["Artifacts dropped","Payload installation","External analysis"] - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - }, - "original-filename": { - "misp-attribute": "original-filename", - "misp-usage-frequency": 0 - }, - "compilation-timestamp": { - "misp-attribute": "compilation-timestamp", - "misp-usage-frequency": 0 - } - - }, - "requiredOneOf": ["filename", "size-in-bytes", "authentihash", "ssdeep", "imphash", "pehash", "sha-224", "sha-384", "sha-512", "sha-512/224", "sha-512/256", "tlsh", "md5", "sha1", "sha256", "pattern-in-file"] + "name": "file", + "meta-category": "file", + "description": "File object describing a file with meta-information", + "version": 1, + "attributes": { + "filename": { + "misp-attribute": "filename", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery", + "Artifacts dropped", + "Payload installation", + "External analysis" + ] + }, + "size-in-bytes": { + "misp-attribute": "size-in-bytes", + "misp-usage-frequency": 0 + }, + "authentihash": { + "misp-attribute": "authentihash", + "misp-usage-frequency": 0 + }, + "ssdeep": { + "misp-attribute": "ssdeep", + "misp-usage-frequency": 0 + }, + "imphash": { + "misp-attribute": "imphash", + "misp-usage-frequency": 0 + }, + "pehash": { + "misp-attribute": "pehash", + "misp-usage-frequency": 0 + }, + "sha-224": { + "misp-attribute": "sha-224", + "misp-usage-frequency": 0 + }, + "sha-384": { + "misp-attribute": "sha-384", + "misp-usage-frequency": 0 + }, + "sha-512": { + "misp-attribute": "sha-512", + "misp-usage-frequency": 0 + }, + "sha-512/224": { + "misp-attribute": "sha-512/224", + "misp-usage-frequency": 0 + }, + "sha-512/256": { + "misp-attribute": "sha-512/256", + "misp-usage-frequency": 0 + }, + "tlsh": { + "misp-attribute": "tlsh", + "misp-usage-frequency": 0 + }, + "md5": { + "misp-attribute": "md5", + "misp-usage-frequency": 1 + }, + "sha1": { + "misp-attribute": "sha1", + "misp-usage-frequency": 1 + }, + "sha256": { + "misp-attribute": "sha256", + "misp-usage-frequency": 1 + }, + "pattern-in-file": { + "misp-attribute": "pattern-in-file", + "misp-usage-frequency": 1, + "categories": [ + "Artifacts dropped", + "Payload installation", + "External analysis" + ] + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + }, + "original-filename": { + "misp-attribute": "original-filename", + "misp-usage-frequency": 0 + }, + "compilation-timestamp": { + "misp-attribute": "compilation-timestamp", + "misp-usage-frequency": 0 + } + }, + "requiredOneOf": [ + "filename", + "size-in-bytes", + "authentihash", + "ssdeep", + "imphash", + "pehash", + "sha-224", + "sha-384", + "sha-512", + "sha-512/224", + "sha-512/256", + "tlsh", + "md5", + "sha1", + "sha256", + "pattern-in-file" + ] } diff --git a/objects/ip-port/definition.json b/objects/ip-port/definition.json index f652c34..b43f4ec 100644 --- a/objects/ip-port/definition.json +++ b/objects/ip-port/definition.json @@ -1,39 +1,51 @@ { - "name": "ip|port", - "meta-category": "network", - "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.", - "version": 1, - "attributes" : - { - "ip": { - "misp-attribute": "ip-dst", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "dst-port": { - "misp-attribute": "text", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "src-port": { - "misp-attribute": "text", - "misp-usage-frequency": 0, - "categories": ["Network activity","External analysis"] - }, - "first-seen": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "last-seen": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - } - - }, - "required": ["ip"], - "requiredOneOf": ["dst-port", "src-port"] + "name": "ip|port", + "meta-category": "network", + "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.", + "version": 1, + "attributes": { + "ip": { + "misp-attribute": "ip-dst", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "dst-port": { + "misp-attribute": "text", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "src-port": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "first-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "last-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + }, + "required": [ + "ip" + ], + "requiredOneOf": [ + "dst-port", + "src-port" + ] } diff --git a/objects/passive-dns/definition.json b/objects/passive-dns/definition.json index 93a192c..3314569 100644 --- a/objects/passive-dns/definition.json +++ b/objects/passive-dns/definition.json @@ -1,56 +1,64 @@ { - "name": "passive-dns", - "meta-category": "network", - "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01", - "version": 1, - "attributes" : - { - "rrtype": { - "misp-attribute": "text", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "rrname": { - "misp-attribute": "hostname", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "time_first": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "time_last": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "origin": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "count": { - "misp-attribute": "counter", - "misp-usage-frequency": 0 - }, - "sensor_id": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "bailiwick": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "zone_time_first": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "zone_time_last": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - } - }, - "required": ["rrtype","rrname"] + "name": "passive-dns", + "meta-category": "network", + "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01", + "version": 1, + "attributes": { + "rrtype": { + "misp-attribute": "text", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "rrname": { + "misp-attribute": "hostname", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "time_first": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "time_last": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "origin": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "count": { + "misp-attribute": "counter", + "misp-usage-frequency": 0 + }, + "sensor_id": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "bailiwick": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "zone_time_first": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "zone_time_last": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + }, + "required": [ + "rrtype", + "rrname" + ] } diff --git a/objects/registry-key/definition.json b/objects/registry-key/definition.json index 2739f35..2842d81 100644 --- a/objects/registry-key/definition.json +++ b/objects/registry-key/definition.json @@ -1,40 +1,54 @@ { - "name": "registry-key", - "meta-category": "file", - "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", - "version": 1, - "attributes" : - { - "hive": { - "misp-attribute": "reg-hive", - "misp-usage-frequency": 1, - "categories": ["Persistence mechanism"] - }, - "key": { - "misp-attribute": "reg-key", - "misp-usage-frequency": 1, - "categories": ["Persistence mechanism"] - }, - "name": { - "misp-attribute": "reg-name", - "misp-usage-frequency": 1, - "categories": ["Persistence mechanism"] - }, - "data": { - "misp-attribute": "reg-data", - "misp-usage-frequency": 1, - "categories": ["Persistence mechanism"] - }, - "data-type": { - "misp-attribute": "reg-datatype", - "misp-usage-frequency": 0, - "categories": ["Persistence mechanism"] - }, - "last-modified": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0, - "categories": ["Other"] - } - }, - "required": ["key", "name"] + "name": "registry-key", + "meta-category": "file", + "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", + "version": 1, + "attributes": { + "hive": { + "misp-attribute": "reg-hive", + "misp-usage-frequency": 1, + "categories": [ + "Persistence mechanism" + ] + }, + "key": { + "misp-attribute": "reg-key", + "misp-usage-frequency": 1, + "categories": [ + "Persistence mechanism" + ] + }, + "name": { + "misp-attribute": "reg-name", + "misp-usage-frequency": 1, + "categories": [ + "Persistence mechanism" + ] + }, + "data": { + "misp-attribute": "reg-data", + "misp-usage-frequency": 1, + "categories": [ + "Persistence mechanism" + ] + }, + "data-type": { + "misp-attribute": "reg-datatype", + "misp-usage-frequency": 0, + "categories": [ + "Persistence mechanism" + ] + }, + "last-modified": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0, + "categories": [ + "Other" + ] + } + }, + "required": [ + "key", + "name" + ] } diff --git a/objects/vulnerability/definition.json b/objects/vulnerability/definition.json index a21cfc3..9fa6764 100644 --- a/objects/vulnerability/definition.json +++ b/objects/vulnerability/definition.json @@ -1,42 +1,48 @@ { - "name": "vulnerability", - "meta-category": "network", - "description": "Vulnerability object describing common vulnerability enumeration", - "version": 1, - "attributes" : - { - "references": { - "misp-attribute": "link", - "misp-usage-frequency": 1, - "multiple": true - }, - "published": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "modified": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "vulnerable_configuration": { - "misp-attribute": "text", - "misp-usage-frequency": 1, - "multiple": true, - "description": "The vulnerable configuration is described in CPE format" - }, - "summary": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - }, - "id": { - "misp-attribute": "vulnerability", - "misp-usage-frequency": 1 - } - - }, - "requiredOneOf": ["published", "modified", "references", "vulnerable_configuration", "summary", "text", "id"] + "name": "vulnerability", + "meta-category": "network", + "description": "Vulnerability object describing common vulnerability enumeration", + "version": 1, + "attributes": { + "references": { + "misp-attribute": "link", + "misp-usage-frequency": 1, + "multiple": true + }, + "published": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "modified": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "vulnerable_configuration": { + "misp-attribute": "text", + "misp-usage-frequency": 1, + "multiple": true, + "description": "The vulnerable configuration is described in CPE format" + }, + "summary": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + }, + "id": { + "misp-attribute": "vulnerability", + "misp-usage-frequency": 1 + } + }, + "requiredOneOf": [ + "published", + "modified", + "references", + "vulnerable_configuration", + "summary", + "text", + "id" + ] } diff --git a/objects/whois/definition.json b/objects/whois/definition.json index eca6ceb..4ac5dcf 100644 --- a/objects/whois/definition.json +++ b/objects/whois/definition.json @@ -1,42 +1,50 @@ { - "name": "whois", - "meta-category": "network", - "description": "Whois records information for a domain name.", - "version": 1, - "attributes" : - { - "domain": { - "misp-attribute": "domain", - "misp-usage-frequency": 1, - "categories": ["Network activity","External analysis"] - }, - "creation-date": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "registrant-email": { - "misp-attribute": "whois-registrant-email", - "misp-usage-frequency": 1 - }, - "registrant-phone": { - "misp-attribute": "whois-registrant-phone", - "misp-usage-frequency": 0 - }, - "registrant-name": { - "misp-attribute": "whois-registrant-name", - "misp-usage-frequency": 0 - }, - "registar": { - "misp-attribute": "whois-registar", - "misp-usage-frequency": 0 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - } - - - }, - "required": ["domain"], - "requiredOneOf": ["registrant-email", "registrant-phone", "creation-date", "registrant-name", "registar"] + "name": "whois", + "meta-category": "network", + "description": "Whois records information for a domain name.", + "version": 1, + "attributes": { + "domain": { + "misp-attribute": "domain", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "creation-date": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "registrant-email": { + "misp-attribute": "whois-registrant-email", + "misp-usage-frequency": 1 + }, + "registrant-phone": { + "misp-attribute": "whois-registrant-phone", + "misp-usage-frequency": 0 + }, + "registrant-name": { + "misp-attribute": "whois-registrant-name", + "misp-usage-frequency": 0 + }, + "registar": { + "misp-attribute": "whois-registar", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + } + }, + "required": [ + "domain" + ], + "requiredOneOf": [ + "registrant-email", + "registrant-phone", + "creation-date", + "registrant-name", + "registar" + ] } diff --git a/objects/x509/definition.json b/objects/x509/definition.json index c28577f..4175478 100644 --- a/objects/x509/definition.json +++ b/objects/x509/definition.json @@ -1,63 +1,63 @@ { - "name": "x509", - "meta-category": "network", - "description": "x509 object describing a X.509 certificate", - "version": 1, - "attributes" : - { - "version": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "serial-number": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "issuer": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "validity-not-before": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "validity-not-after": { - "misp-attribute": "datetime", - "misp-usage-frequency": 0 - }, - "subject": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - }, - "pubkey-info-algorithm": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "pubkey-info-seize": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "pubkey-info-modulus": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "pubkey-info-exponent": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "x509-fingerprint-sha1": { - "misp-attribute": "sha1", - "misp-usage-frequency": 1 - }, - "raw-base64": { - "misp-attribute": "text", - "misp-usage-frequency": 0 - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1 - } - - }, - "required": ["x509-fingerprint-sha1"] + "name": "x509", + "meta-category": "network", + "description": "x509 object describing a X.509 certificate", + "version": 1, + "attributes": { + "version": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "serial-number": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "issuer": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "validity-not-before": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "validity-not-after": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "subject": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + }, + "pubkey-info-algorithm": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "pubkey-info-seize": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "pubkey-info-modulus": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "pubkey-info-exponent": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "x509-fingerprint-sha1": { + "misp-attribute": "sha1", + "misp-usage-frequency": 1 + }, + "raw-base64": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + } + }, + "required": [ + "x509-fingerprint-sha1" + ] } diff --git a/validate_all.sh b/validate_all.sh index 4c288a0..4a2a83f 100755 --- a/validate_all.sh +++ b/validate_all.sh @@ -7,12 +7,12 @@ set -x diffs=`git status --porcelain | wc -l` -if ![ $diffs -eq 0 ]; then +if ! [ $diffs -eq 0 ]; then echo "Please make sure you run ./jq_all_the_things.sh before commiting." exit 1 fi -for dir in objects/*/list.json +for dir in objects/*/definition.json do echo -n "${dir}: " jsonschema -i ${dir} schema.json