JQ all the things

pull/7/head
Raphaël Vinot 2017-02-13 11:18:42 +01:00
parent 1f2633c6f1
commit a68e678f50
11 changed files with 595 additions and 475 deletions

View File

@ -5,7 +5,7 @@ set -x
# Seeds sponge, from moreutils
for dir in objects/*/list.json
for dir in objects/*/definition.json
do
cat ${dir} | jq . | sponge ${dir}
done

View File

@ -3,17 +3,22 @@
"meta-category": "network",
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"version": 1,
"attributes" :
{
"attributes": {
"ip": {
"misp-attribute": "ip-dst",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"domain": {
"misp-attribute": "domain",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"first-seen": {
"misp-attribute": "datetime",
@ -27,7 +32,9 @@
"misp-attribute": "text",
"misp-usage-frequency": 1
}
},
"required": ["ip","domain"]
"required": [
"ip",
"domain"
]
}

View File

@ -3,84 +3,125 @@
"meta-category": "email",
"description": "Email object describing an email with meta-information",
"version": 1,
"attributes" :
{
"attributes": {
"from": {
"misp-attribute": "email-src",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"from-display-name": {
"misp-attribute": "email-src-display-name",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"to": {
"misp-attribute": "email-dst",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"],
"categories": [
"Payload delivery"
],
"multiple": true
},
"to-display-name": {
"misp-attribute": "email-dst-display-name",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"],
"categories": [
"Payload delivery"
],
"multiple": true
},
"subject": {
"misp-attribute": "email-subject",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"attachment": {
"misp-attribute": "email-attachment",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"categories": [
"Payload delivery"
],
"multiple": true
},
"message-id": {
"misp-attribute": "email-message-id",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"reply-to": {
"misp-attribute": "email-reply-to",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"send-date": {
"misp-attribute": "datetime",
"misp-usage-frequency": 0,
"categories": ["Other"]
"categories": [
"Other"
]
},
"url": {
"misp-attribute": "url",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"categories": [
"Payload delivery"
],
"multiple": true
},
"mime-boundary": {
"misp-attribute": "email-mime-boundary",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"thread-index": {
"misp-attribute": "email-thread-index",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
},
"header": {
"misp-attribute": "email-header",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"categories": [
"Payload delivery"
],
"multiple": true
},
"x-mailer": {
"misp-attribute": "email-xmailer",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
"categories": [
"Payload delivery"
]
}
},
"requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"]
"requiredOneOf": [
"email-src",
"email-src-display-name",
"email-dst",
"email-dst-display-name",
"email-subject",
"email-attachment",
"email-message-id",
"email-reply-to",
"send-date",
"url",
"email-mime-boundary",
"email-thread-index",
"email-header",
"x-mailer"
]
}

View File

@ -3,12 +3,16 @@
"meta-category": "file",
"description": "File object describing a file with meta-information",
"version": 1,
"attributes" :
{
"attributes": {
"filename": {
"misp-attribute": "filename",
"misp-usage-frequency": 1,
"categories": ["Payload delivery","Artifacts dropped","Payload installation","External analysis"]
"categories": [
"Payload delivery",
"Artifacts dropped",
"Payload installation",
"External analysis"
]
},
"size-in-bytes": {
"misp-attribute": "size-in-bytes",
@ -69,7 +73,11 @@
"pattern-in-file": {
"misp-attribute": "pattern-in-file",
"misp-usage-frequency": 1,
"categories": ["Artifacts dropped","Payload installation","External analysis"]
"categories": [
"Artifacts dropped",
"Payload installation",
"External analysis"
]
},
"text": {
"misp-attribute": "text",
@ -83,7 +91,23 @@
"misp-attribute": "compilation-timestamp",
"misp-usage-frequency": 0
}
},
"requiredOneOf": ["filename", "size-in-bytes", "authentihash", "ssdeep", "imphash", "pehash", "sha-224", "sha-384", "sha-512", "sha-512/224", "sha-512/256", "tlsh", "md5", "sha1", "sha256", "pattern-in-file"]
"requiredOneOf": [
"filename",
"size-in-bytes",
"authentihash",
"ssdeep",
"imphash",
"pehash",
"sha-224",
"sha-384",
"sha-512",
"sha-512/224",
"sha-512/256",
"tlsh",
"md5",
"sha1",
"sha256",
"pattern-in-file"
]
}

View File

@ -3,22 +3,30 @@
"meta-category": "network",
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"version": 1,
"attributes" :
{
"attributes": {
"ip": {
"misp-attribute": "ip-dst",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"dst-port": {
"misp-attribute": "text",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"src-port": {
"misp-attribute": "text",
"misp-usage-frequency": 0,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"first-seen": {
"misp-attribute": "datetime",
@ -32,8 +40,12 @@
"misp-attribute": "text",
"misp-usage-frequency": 0
}
},
"required": ["ip"],
"requiredOneOf": ["dst-port", "src-port"]
"required": [
"ip"
],
"requiredOneOf": [
"dst-port",
"src-port"
]
}

View File

@ -3,17 +3,22 @@
"meta-category": "network",
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
"version": 1,
"attributes" :
{
"attributes": {
"rrtype": {
"misp-attribute": "text",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"rrname": {
"misp-attribute": "hostname",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"time_first": {
"misp-attribute": "datetime",
@ -52,5 +57,8 @@
"misp-usage-frequency": 0
}
},
"required": ["rrtype","rrname"]
"required": [
"rrtype",
"rrname"
]
}

View File

@ -3,38 +3,52 @@
"meta-category": "file",
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"version": 1,
"attributes" :
{
"attributes": {
"hive": {
"misp-attribute": "reg-hive",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
"categories": [
"Persistence mechanism"
]
},
"key": {
"misp-attribute": "reg-key",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
"categories": [
"Persistence mechanism"
]
},
"name": {
"misp-attribute": "reg-name",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
"categories": [
"Persistence mechanism"
]
},
"data": {
"misp-attribute": "reg-data",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
"categories": [
"Persistence mechanism"
]
},
"data-type": {
"misp-attribute": "reg-datatype",
"misp-usage-frequency": 0,
"categories": ["Persistence mechanism"]
"categories": [
"Persistence mechanism"
]
},
"last-modified": {
"misp-attribute": "datetime",
"misp-usage-frequency": 0,
"categories": ["Other"]
"categories": [
"Other"
]
}
},
"required": ["key", "name"]
"required": [
"key",
"name"
]
}

View File

@ -3,8 +3,7 @@
"meta-category": "network",
"description": "Vulnerability object describing common vulnerability enumeration",
"version": 1,
"attributes" :
{
"attributes": {
"references": {
"misp-attribute": "link",
"misp-usage-frequency": 1,
@ -36,7 +35,14 @@
"misp-attribute": "vulnerability",
"misp-usage-frequency": 1
}
},
"requiredOneOf": ["published", "modified", "references", "vulnerable_configuration", "summary", "text", "id"]
"requiredOneOf": [
"published",
"modified",
"references",
"vulnerable_configuration",
"summary",
"text",
"id"
]
}

View File

@ -3,12 +3,14 @@
"meta-category": "network",
"description": "Whois records information for a domain name.",
"version": 1,
"attributes" :
{
"attributes": {
"domain": {
"misp-attribute": "domain",
"misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"]
"categories": [
"Network activity",
"External analysis"
]
},
"creation-date": {
"misp-attribute": "datetime",
@ -34,9 +36,15 @@
"misp-attribute": "text",
"misp-usage-frequency": 1
}
},
"required": ["domain"],
"requiredOneOf": ["registrant-email", "registrant-phone", "creation-date", "registrant-name", "registar"]
"required": [
"domain"
],
"requiredOneOf": [
"registrant-email",
"registrant-phone",
"creation-date",
"registrant-name",
"registar"
]
}

View File

@ -3,8 +3,7 @@
"meta-category": "network",
"description": "x509 object describing a X.509 certificate",
"version": 1,
"attributes" :
{
"attributes": {
"version": {
"misp-attribute": "text",
"misp-usage-frequency": 0
@ -57,7 +56,8 @@
"misp-attribute": "text",
"misp-usage-frequency": 1
}
},
"required": ["x509-fingerprint-sha1"]
"required": [
"x509-fingerprint-sha1"
]
}

View File

@ -7,12 +7,12 @@ set -x
diffs=`git status --porcelain | wc -l`
if ![ $diffs -eq 0 ]; then
if ! [ $diffs -eq 0 ]; then
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
exit 1
fi
for dir in objects/*/list.json
for dir in objects/*/definition.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema.json