mirror of https://github.com/MISP/misp-objects
JQ all the things
Raphaël Vinot
parent
1f2633c6f1
commit
a68e678f50
|
|
@ -5,7 +5,7 @@ set -x
|
||||||
|
|
||||||
# Seeds sponge, from moreutils
|
# Seeds sponge, from moreutils
|
||||||
|
|
||||||
for dir in objects/*/list.json
|
for dir in objects/*/definition.json
|
||||||
do
|
do
|
||||||
cat ${dir} | jq . | sponge ${dir}
|
cat ${dir} | jq . | sponge ${dir}
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,33 +1,40 @@
|
||||||
{
|
{
|
||||||
"name": "domain|ip",
|
"name": "domain|ip",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"ip": {
|
||||||
"ip": {
|
"misp-attribute": "ip-dst",
|
||||||
"misp-attribute": "ip-dst",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Network activity","External analysis"]
|
"Network activity",
|
||||||
},
|
"External analysis"
|
||||||
"domain": {
|
]
|
||||||
"misp-attribute": "domain",
|
},
|
||||||
"misp-usage-frequency": 1,
|
"domain": {
|
||||||
"categories": ["Network activity","External analysis"]
|
"misp-attribute": "domain",
|
||||||
},
|
"misp-usage-frequency": 1,
|
||||||
"first-seen": {
|
"categories": [
|
||||||
"misp-attribute": "datetime",
|
"Network activity",
|
||||||
"misp-usage-frequency": 0
|
"External analysis"
|
||||||
},
|
]
|
||||||
"last-seen": {
|
},
|
||||||
"misp-attribute": "datetime",
|
"first-seen": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "datetime",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"text": {
|
},
|
||||||
"misp-attribute": "text",
|
"last-seen": {
|
||||||
"misp-usage-frequency": 1
|
"misp-attribute": "datetime",
|
||||||
}
|
"misp-usage-frequency": 0
|
||||||
|
},
|
||||||
},
|
"text": {
|
||||||
"required": ["ip","domain"]
|
"misp-attribute": "text",
|
||||||
|
"misp-usage-frequency": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"ip",
|
||||||
|
"domain"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,86 +1,127 @@
|
||||||
{
|
{
|
||||||
"name": "email",
|
"name": "email",
|
||||||
"meta-category": "email",
|
"meta-category": "email",
|
||||||
"description": "Email object describing an email with meta-information",
|
"description": "Email object describing an email with meta-information",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"from": {
|
||||||
"from": {
|
"misp-attribute": "email-src",
|
||||||
"misp-attribute": "email-src",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Payload delivery"]
|
"Payload delivery"
|
||||||
},
|
]
|
||||||
"from-display-name": {
|
},
|
||||||
"misp-attribute": "email-src-display-name",
|
"from-display-name": {
|
||||||
"misp-usage-frequency": 1,
|
"misp-attribute": "email-src-display-name",
|
||||||
"categories": ["Payload delivery"]
|
"misp-usage-frequency": 1,
|
||||||
},
|
"categories": [
|
||||||
"to": {
|
"Payload delivery"
|
||||||
"misp-attribute": "email-dst",
|
]
|
||||||
"misp-usage-frequency": 1,
|
},
|
||||||
"categories": ["Payload delivery"],
|
"to": {
|
||||||
"multiple": true
|
"misp-attribute": "email-dst",
|
||||||
},
|
"misp-usage-frequency": 1,
|
||||||
"to-display-name": {
|
"categories": [
|
||||||
"misp-attribute": "email-dst-display-name",
|
"Payload delivery"
|
||||||
"misp-usage-frequency": 1,
|
],
|
||||||
"categories": ["Payload delivery"],
|
"multiple": true
|
||||||
"multiple": true
|
},
|
||||||
},
|
"to-display-name": {
|
||||||
"subject": {
|
"misp-attribute": "email-dst-display-name",
|
||||||
"misp-attribute": "email-subject",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Payload delivery"]
|
"Payload delivery"
|
||||||
},
|
],
|
||||||
"attachment": {
|
"multiple": true
|
||||||
"misp-attribute": "email-attachment",
|
},
|
||||||
"misp-usage-frequency": 0,
|
"subject": {
|
||||||
"categories": ["Payload delivery"],
|
"misp-attribute": "email-subject",
|
||||||
"multiple": true
|
"misp-usage-frequency": 1,
|
||||||
},
|
"categories": [
|
||||||
"message-id": {
|
"Payload delivery"
|
||||||
"misp-attribute": "email-message-id",
|
]
|
||||||
"misp-usage-frequency": 0,
|
},
|
||||||
"categories": ["Payload delivery"]
|
"attachment": {
|
||||||
},
|
"misp-attribute": "email-attachment",
|
||||||
"reply-to": {
|
"misp-usage-frequency": 0,
|
||||||
"misp-attribute": "email-reply-to",
|
"categories": [
|
||||||
"misp-usage-frequency": 1,
|
"Payload delivery"
|
||||||
"categories": ["Payload delivery"]
|
],
|
||||||
},
|
"multiple": true
|
||||||
"send-date": {
|
},
|
||||||
"misp-attribute": "datetime",
|
"message-id": {
|
||||||
"misp-usage-frequency": 0,
|
"misp-attribute": "email-message-id",
|
||||||
"categories": ["Other"]
|
"misp-usage-frequency": 0,
|
||||||
},
|
"categories": [
|
||||||
"url": {
|
"Payload delivery"
|
||||||
"misp-attribute": "url",
|
]
|
||||||
"misp-usage-frequency": 0,
|
},
|
||||||
"categories": ["Payload delivery"],
|
"reply-to": {
|
||||||
"multiple": true
|
"misp-attribute": "email-reply-to",
|
||||||
},
|
"misp-usage-frequency": 1,
|
||||||
"mime-boundary": {
|
"categories": [
|
||||||
"misp-attribute": "email-mime-boundary",
|
"Payload delivery"
|
||||||
"misp-usage-frequency": 0,
|
]
|
||||||
"categories": ["Payload delivery"]
|
},
|
||||||
},
|
"send-date": {
|
||||||
"thread-index": {
|
"misp-attribute": "datetime",
|
||||||
"misp-attribute": "email-thread-index",
|
"misp-usage-frequency": 0,
|
||||||
"misp-usage-frequency": 0,
|
"categories": [
|
||||||
"categories": ["Payload delivery"]
|
"Other"
|
||||||
},
|
]
|
||||||
"header": {
|
},
|
||||||
"misp-attribute": "email-header",
|
"url": {
|
||||||
"misp-usage-frequency": 0,
|
"misp-attribute": "url",
|
||||||
"categories": ["Payload delivery"],
|
"misp-usage-frequency": 0,
|
||||||
"multiple": true
|
"categories": [
|
||||||
},
|
"Payload delivery"
|
||||||
"x-mailer": {
|
],
|
||||||
"misp-attribute": "email-xmailer",
|
"multiple": true
|
||||||
"misp-usage-frequency": 0,
|
},
|
||||||
"categories": ["Payload delivery"]
|
"mime-boundary": {
|
||||||
}
|
"misp-attribute": "email-mime-boundary",
|
||||||
|
"misp-usage-frequency": 0,
|
||||||
},
|
"categories": [
|
||||||
"requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"]
|
"Payload delivery"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"thread-index": {
|
||||||
|
"misp-attribute": "email-thread-index",
|
||||||
|
"misp-usage-frequency": 0,
|
||||||
|
"categories": [
|
||||||
|
"Payload delivery"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"header": {
|
||||||
|
"misp-attribute": "email-header",
|
||||||
|
"misp-usage-frequency": 0,
|
||||||
|
"categories": [
|
||||||
|
"Payload delivery"
|
||||||
|
],
|
||||||
|
"multiple": true
|
||||||
|
},
|
||||||
|
"x-mailer": {
|
||||||
|
"misp-attribute": "email-xmailer",
|
||||||
|
"misp-usage-frequency": 0,
|
||||||
|
"categories": [
|
||||||
|
"Payload delivery"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"requiredOneOf": [
|
||||||
|
"email-src",
|
||||||
|
"email-src-display-name",
|
||||||
|
"email-dst",
|
||||||
|
"email-dst-display-name",
|
||||||
|
"email-subject",
|
||||||
|
"email-attachment",
|
||||||
|
"email-message-id",
|
||||||
|
"email-reply-to",
|
||||||
|
"send-date",
|
||||||
|
"url",
|
||||||
|
"email-mime-boundary",
|
||||||
|
"email-thread-index",
|
||||||
|
"email-header",
|
||||||
|
"x-mailer"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,89 +1,113 @@
|
||||||
{
|
{
|
||||||
"name": "file",
|
"name": "file",
|
||||||
"meta-category": "file",
|
"meta-category": "file",
|
||||||
"description": "File object describing a file with meta-information",
|
"description": "File object describing a file with meta-information",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"filename": {
|
||||||
"filename": {
|
"misp-attribute": "filename",
|
||||||
"misp-attribute": "filename",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Payload delivery","Artifacts dropped","Payload installation","External analysis"]
|
"Payload delivery",
|
||||||
},
|
"Artifacts dropped",
|
||||||
"size-in-bytes": {
|
"Payload installation",
|
||||||
"misp-attribute": "size-in-bytes",
|
"External analysis"
|
||||||
"misp-usage-frequency": 0
|
]
|
||||||
},
|
},
|
||||||
"authentihash": {
|
"size-in-bytes": {
|
||||||
"misp-attribute": "authentihash",
|
"misp-attribute": "size-in-bytes",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"ssdeep": {
|
"authentihash": {
|
||||||
"misp-attribute": "ssdeep",
|
"misp-attribute": "authentihash",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"imphash": {
|
"ssdeep": {
|
||||||
"misp-attribute": "imphash",
|
"misp-attribute": "ssdeep",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"pehash": {
|
"imphash": {
|
||||||
"misp-attribute": "pehash",
|
"misp-attribute": "imphash",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha-224": {
|
"pehash": {
|
||||||
"misp-attribute": "sha-224",
|
"misp-attribute": "pehash",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha-384": {
|
"sha-224": {
|
||||||
"misp-attribute": "sha-384",
|
"misp-attribute": "sha-224",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha-512": {
|
"sha-384": {
|
||||||
"misp-attribute": "sha-512",
|
"misp-attribute": "sha-384",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha-512/224": {
|
"sha-512": {
|
||||||
"misp-attribute": "sha-512/224",
|
"misp-attribute": "sha-512",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha-512/256": {
|
"sha-512/224": {
|
||||||
"misp-attribute": "sha-512/256",
|
"misp-attribute": "sha-512/224",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"tlsh": {
|
"sha-512/256": {
|
||||||
"misp-attribute": "tlsh",
|
"misp-attribute": "sha-512/256",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"md5": {
|
"tlsh": {
|
||||||
"misp-attribute": "md5",
|
"misp-attribute": "tlsh",
|
||||||
"misp-usage-frequency": 1
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"sha1": {
|
"md5": {
|
||||||
"misp-attribute": "sha1",
|
"misp-attribute": "md5",
|
||||||
"misp-usage-frequency": 1
|
"misp-usage-frequency": 1
|
||||||
},
|
},
|
||||||
"sha256": {
|
"sha1": {
|
||||||
"misp-attribute": "sha256",
|
"misp-attribute": "sha1",
|
||||||
"misp-usage-frequency": 1
|
"misp-usage-frequency": 1
|
||||||
},
|
},
|
||||||
"pattern-in-file": {
|
"sha256": {
|
||||||
"misp-attribute": "pattern-in-file",
|
"misp-attribute": "sha256",
|
||||||
"misp-usage-frequency": 1,
|
"misp-usage-frequency": 1
|
||||||
"categories": ["Artifacts dropped","Payload installation","External analysis"]
|
},
|
||||||
},
|
"pattern-in-file": {
|
||||||
"text": {
|
"misp-attribute": "pattern-in-file",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1
|
"categories": [
|
||||||
},
|
"Artifacts dropped",
|
||||||
"original-filename": {
|
"Payload installation",
|
||||||
"misp-attribute": "original-filename",
|
"External analysis"
|
||||||
"misp-usage-frequency": 0
|
]
|
||||||
},
|
},
|
||||||
"compilation-timestamp": {
|
"text": {
|
||||||
"misp-attribute": "compilation-timestamp",
|
"misp-attribute": "text",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 1
|
||||||
}
|
},
|
||||||
|
"original-filename": {
|
||||||
},
|
"misp-attribute": "original-filename",
|
||||||
"requiredOneOf": ["filename", "size-in-bytes", "authentihash", "ssdeep", "imphash", "pehash", "sha-224", "sha-384", "sha-512", "sha-512/224", "sha-512/256", "tlsh", "md5", "sha1", "sha256", "pattern-in-file"]
|
"misp-usage-frequency": 0
|
||||||
|
},
|
||||||
|
"compilation-timestamp": {
|
||||||
|
"misp-attribute": "compilation-timestamp",
|
||||||
|
"misp-usage-frequency": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"requiredOneOf": [
|
||||||
|
"filename",
|
||||||
|
"size-in-bytes",
|
||||||
|
"authentihash",
|
||||||
|
"ssdeep",
|
||||||
|
"imphash",
|
||||||
|
"pehash",
|
||||||
|
"sha-224",
|
||||||
|
"sha-384",
|
||||||
|
"sha-512",
|
||||||
|
"sha-512/224",
|
||||||
|
"sha-512/256",
|
||||||
|
"tlsh",
|
||||||
|
"md5",
|
||||||
|
"sha1",
|
||||||
|
"sha256",
|
||||||
|
"pattern-in-file"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,39 +1,51 @@
|
||||||
{
|
{
|
||||||
"name": "ip|port",
|
"name": "ip|port",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
|
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"ip": {
|
||||||
"ip": {
|
"misp-attribute": "ip-dst",
|
||||||
"misp-attribute": "ip-dst",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Network activity","External analysis"]
|
"Network activity",
|
||||||
},
|
"External analysis"
|
||||||
"dst-port": {
|
]
|
||||||
"misp-attribute": "text",
|
},
|
||||||
"misp-usage-frequency": 1,
|
"dst-port": {
|
||||||
"categories": ["Network activity","External analysis"]
|
"misp-attribute": "text",
|
||||||
},
|
"misp-usage-frequency": 1,
|
||||||
"src-port": {
|
"categories": [
|
||||||
"misp-attribute": "text",
|
"Network activity",
|
||||||
"misp-usage-frequency": 0,
|
"External analysis"
|
||||||
"categories": ["Network activity","External analysis"]
|
]
|
||||||
},
|
},
|
||||||
"first-seen": {
|
"src-port": {
|
||||||
"misp-attribute": "datetime",
|
"misp-attribute": "text",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0,
|
||||||
},
|
"categories": [
|
||||||
"last-seen": {
|
"Network activity",
|
||||||
"misp-attribute": "datetime",
|
"External analysis"
|
||||||
"misp-usage-frequency": 0
|
]
|
||||||
},
|
},
|
||||||
"text": {
|
"first-seen": {
|
||||||
"misp-attribute": "text",
|
"misp-attribute": "datetime",
|
||||||
"misp-usage-frequency": 0
|
"misp-usage-frequency": 0
|
||||||
}
|
},
|
||||||
|
"last-seen": {
|
||||||
},
|
"misp-attribute": "datetime",
|
||||||
"required": ["ip"],
|
"misp-usage-frequency": 0
|
||||||
"requiredOneOf": ["dst-port", "src-port"]
|
},
|
||||||
|
"text": {
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"misp-usage-frequency": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"ip"
|
||||||
|
],
|
||||||
|
"requiredOneOf": [
|
||||||
|
"dst-port",
|
||||||
|
"src-port"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,56 +1,64 @@
|
||||||
{
|
{
|
||||||
"name": "passive-dns",
|
"name": "passive-dns",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
|
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"rrtype": {
|
||||||
"rrtype": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Network activity","External analysis"]
|
"Network activity",
|
||||||
},
|
"External analysis"
|
||||||
"rrname": {
|
]
|
||||||
"misp-attribute": "hostname",
|
},
|
||||||
"misp-usage-frequency": 1,
|
"rrname": {
|
||||||
"categories": ["Network activity","External analysis"]
|
"misp-attribute": "hostname",
|
||||||
},
|
"misp-usage-frequency": 1,
|
||||||
"time_first": {
|
"categories": [
|
||||||
"misp-attribute": "datetime",
|
"Network activity",
|
||||||
"misp-usage-frequency": 0
|
"External analysis"
|
||||||
},
|
]
|
||||||
"time_last": {
|
},
|
||||||
"misp-attribute": "datetime",
|
"time_first": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "datetime",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"origin": {
|
},
|
||||||
"misp-attribute": "text",
|
"time_last": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "datetime",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"count": {
|
},
|
||||||
"misp-attribute": "counter",
|
"origin": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "text",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"sensor_id": {
|
},
|
||||||
"misp-attribute": "text",
|
"count": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "counter",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"bailiwick": {
|
},
|
||||||
"misp-attribute": "text",
|
"sensor_id": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "text",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"zone_time_first": {
|
},
|
||||||
"misp-attribute": "datetime",
|
"bailiwick": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "text",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"zone_time_last": {
|
},
|
||||||
"misp-attribute": "datetime",
|
"zone_time_first": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "datetime",
|
||||||
},
|
"misp-usage-frequency": 0
|
||||||
"text": {
|
},
|
||||||
"misp-attribute": "text",
|
"zone_time_last": {
|
||||||
"misp-usage-frequency": 0
|
"misp-attribute": "datetime",
|
||||||
}
|
"misp-usage-frequency": 0
|
||||||
},
|
},
|
||||||
"required": ["rrtype","rrname"]
|
"text": {
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"misp-usage-frequency": 0
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"rrtype",
|
||||||
|
"rrname"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,40 +1,54 @@
|
||||||
{
|
{
|
||||||
"name": "registry-key",
|
"name": "registry-key",
|
||||||
"meta-category": "file",
|
"meta-category": "file",
|
||||||
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"hive": {
|
||||||
"hive": {
|
"misp-attribute": "reg-hive",
|
||||||
"misp-attribute": "reg-hive",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Persistence mechanism"]
|
"Persistence mechanism"
|
||||||
},
|
]
|
||||||
"key": {
|
},
|
||||||
"misp-attribute": "reg-key",
|
"key": {
|
||||||
"misp-usage-frequency": 1,
|
"misp-attribute": "reg-key",
|
||||||
"categories": ["Persistence mechanism"]
|
"misp-usage-frequency": 1,
|
||||||
},
|
"categories": [
|
||||||
"name": {
|
"Persistence mechanism"
|
||||||
"misp-attribute": "reg-name",
|
]
|
||||||
"misp-usage-frequency": 1,
|
},
|
||||||
"categories": ["Persistence mechanism"]
|
"name": {
|
||||||
},
|
"misp-attribute": "reg-name",
|
||||||
"data": {
|
"misp-usage-frequency": 1,
|
||||||
"misp-attribute": "reg-data",
|
"categories": [
|
||||||
"misp-usage-frequency": 1,
|
"Persistence mechanism"
|
||||||
"categories": ["Persistence mechanism"]
|
]
|
||||||
},
|
},
|
||||||
"data-type": {
|
"data": {
|
||||||
"misp-attribute": "reg-datatype",
|
"misp-attribute": "reg-data",
|
||||||
"misp-usage-frequency": 0,
|
"misp-usage-frequency": 1,
|
||||||
"categories": ["Persistence mechanism"]
|
"categories": [
|
||||||
},
|
"Persistence mechanism"
|
||||||
"last-modified": {
|
]
|
||||||
"misp-attribute": "datetime",
|
},
|
||||||
"misp-usage-frequency": 0,
|
"data-type": {
|
||||||
"categories": ["Other"]
|
"misp-attribute": "reg-datatype",
|
||||||
}
|
"misp-usage-frequency": 0,
|
||||||
},
|
"categories": [
|
||||||
"required": ["key", "name"]
|
"Persistence mechanism"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"last-modified": {
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"misp-usage-frequency": 0,
|
||||||
|
"categories": [
|
||||||
|
"Other"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"key",
|
||||||
|
"name"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,42 +1,48 @@
|
||||||
{
|
{
|
||||||
"name": "vulnerability",
|
"name": "vulnerability",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "Vulnerability object describing common vulnerability enumeration",
|
"description": "Vulnerability object describing common vulnerability enumeration",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"references": {
|
||||||
"references": {
|
"misp-attribute": "link",
|
||||||
"misp-attribute": "link",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"multiple": true
|
||||||
"multiple": true
|
},
|
||||||
},
|
"published": {
|
||||||
"published": {
|
"misp-attribute": "datetime",
|
||||||
"misp-attribute": "datetime",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"modified": {
|
||||||
"modified": {
|
"misp-attribute": "datetime",
|
||||||
"misp-attribute": "datetime",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"vulnerable_configuration": {
|
||||||
"vulnerable_configuration": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"multiple": true,
|
||||||
"multiple": true,
|
"description": "The vulnerable configuration is described in CPE format"
|
||||||
"description": "The vulnerable configuration is described in CPE format"
|
},
|
||||||
},
|
"summary": {
|
||||||
"summary": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
},
|
||||||
},
|
"text": {
|
||||||
"text": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
},
|
||||||
},
|
"id": {
|
||||||
"id": {
|
"misp-attribute": "vulnerability",
|
||||||
"misp-attribute": "vulnerability",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
}
|
||||||
}
|
},
|
||||||
|
"requiredOneOf": [
|
||||||
},
|
"published",
|
||||||
"requiredOneOf": ["published", "modified", "references", "vulnerable_configuration", "summary", "text", "id"]
|
"modified",
|
||||||
|
"references",
|
||||||
|
"vulnerable_configuration",
|
||||||
|
"summary",
|
||||||
|
"text",
|
||||||
|
"id"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,42 +1,50 @@
|
||||||
{
|
{
|
||||||
"name": "whois",
|
"name": "whois",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "Whois records information for a domain name.",
|
"description": "Whois records information for a domain name.",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"domain": {
|
||||||
"domain": {
|
"misp-attribute": "domain",
|
||||||
"misp-attribute": "domain",
|
"misp-usage-frequency": 1,
|
||||||
"misp-usage-frequency": 1,
|
"categories": [
|
||||||
"categories": ["Network activity","External analysis"]
|
"Network activity",
|
||||||
},
|
"External analysis"
|
||||||
"creation-date": {
|
]
|
||||||
"misp-attribute": "datetime",
|
},
|
||||||
"misp-usage-frequency": 0
|
"creation-date": {
|
||||||
},
|
"misp-attribute": "datetime",
|
||||||
"registrant-email": {
|
"misp-usage-frequency": 0
|
||||||
"misp-attribute": "whois-registrant-email",
|
},
|
||||||
"misp-usage-frequency": 1
|
"registrant-email": {
|
||||||
},
|
"misp-attribute": "whois-registrant-email",
|
||||||
"registrant-phone": {
|
"misp-usage-frequency": 1
|
||||||
"misp-attribute": "whois-registrant-phone",
|
},
|
||||||
"misp-usage-frequency": 0
|
"registrant-phone": {
|
||||||
},
|
"misp-attribute": "whois-registrant-phone",
|
||||||
"registrant-name": {
|
"misp-usage-frequency": 0
|
||||||
"misp-attribute": "whois-registrant-name",
|
},
|
||||||
"misp-usage-frequency": 0
|
"registrant-name": {
|
||||||
},
|
"misp-attribute": "whois-registrant-name",
|
||||||
"registar": {
|
"misp-usage-frequency": 0
|
||||||
"misp-attribute": "whois-registar",
|
},
|
||||||
"misp-usage-frequency": 0
|
"registar": {
|
||||||
},
|
"misp-attribute": "whois-registar",
|
||||||
"text": {
|
"misp-usage-frequency": 0
|
||||||
"misp-attribute": "text",
|
},
|
||||||
"misp-usage-frequency": 1
|
"text": {
|
||||||
}
|
"misp-attribute": "text",
|
||||||
|
"misp-usage-frequency": 1
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"required": ["domain"],
|
"required": [
|
||||||
"requiredOneOf": ["registrant-email", "registrant-phone", "creation-date", "registrant-name", "registar"]
|
"domain"
|
||||||
|
],
|
||||||
|
"requiredOneOf": [
|
||||||
|
"registrant-email",
|
||||||
|
"registrant-phone",
|
||||||
|
"creation-date",
|
||||||
|
"registrant-name",
|
||||||
|
"registar"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,63 +1,63 @@
|
||||||
{
|
{
|
||||||
"name": "x509",
|
"name": "x509",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "x509 object describing a X.509 certificate",
|
"description": "x509 object describing a X.509 certificate",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"attributes" :
|
"attributes": {
|
||||||
{
|
"version": {
|
||||||
"version": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"serial-number": {
|
||||||
"serial-number": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"issuer": {
|
||||||
"issuer": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"validity-not-before": {
|
||||||
"validity-not-before": {
|
"misp-attribute": "datetime",
|
||||||
"misp-attribute": "datetime",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"validity-not-after": {
|
||||||
"validity-not-after": {
|
"misp-attribute": "datetime",
|
||||||
"misp-attribute": "datetime",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"subject": {
|
||||||
"subject": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
},
|
||||||
},
|
"pubkey-info-algorithm": {
|
||||||
"pubkey-info-algorithm": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"pubkey-info-seize": {
|
||||||
"pubkey-info-seize": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"pubkey-info-modulus": {
|
||||||
"pubkey-info-modulus": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"pubkey-info-exponent": {
|
||||||
"pubkey-info-exponent": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"x509-fingerprint-sha1": {
|
||||||
"x509-fingerprint-sha1": {
|
"misp-attribute": "sha1",
|
||||||
"misp-attribute": "sha1",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
},
|
||||||
},
|
"raw-base64": {
|
||||||
"raw-base64": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 0
|
||||||
"misp-usage-frequency": 0
|
},
|
||||||
},
|
"text": {
|
||||||
"text": {
|
"misp-attribute": "text",
|
||||||
"misp-attribute": "text",
|
"misp-usage-frequency": 1
|
||||||
"misp-usage-frequency": 1
|
}
|
||||||
}
|
},
|
||||||
|
"required": [
|
||||||
},
|
"x509-fingerprint-sha1"
|
||||||
"required": ["x509-fingerprint-sha1"]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,12 +7,12 @@ set -x
|
||||||
|
|
||||||
diffs=`git status --porcelain | wc -l`
|
diffs=`git status --porcelain | wc -l`
|
||||||
|
|
||||||
if ![ $diffs -eq 0 ]; then
|
if ! [ $diffs -eq 0 ]; then
|
||||||
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
|
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for dir in objects/*/list.json
|
for dir in objects/*/definition.json
|
||||||
do
|
do
|
||||||
echo -n "${dir}: "
|
echo -n "${dir}: "
|
||||||
jsonschema -i ${dir} schema.json
|
jsonschema -i ${dir} schema.json
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue