mirror of https://github.com/MISP/misp-objects
JQ all the things
parent
1f2633c6f1
commit
a68e678f50
|
@ -5,7 +5,7 @@ set -x
|
|||
|
||||
# Seeds sponge, from moreutils
|
||||
|
||||
for dir in objects/*/list.json
|
||||
for dir in objects/*/definition.json
|
||||
do
|
||||
cat ${dir} | jq . | sponge ${dir}
|
||||
done
|
||||
|
|
|
@ -3,17 +3,22 @@
|
|||
"meta-category": "network",
|
||||
"description": "A domain and IP address seen as a tuple in a specific time frame.",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"ip": {
|
||||
"misp-attribute": "ip-dst",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"domain": {
|
||||
"misp-attribute": "domain",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"first-seen": {
|
||||
"misp-attribute": "datetime",
|
||||
|
@ -27,7 +32,9 @@
|
|||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 1
|
||||
}
|
||||
|
||||
},
|
||||
"required": ["ip","domain"]
|
||||
"required": [
|
||||
"ip",
|
||||
"domain"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,84 +3,125 @@
|
|||
"meta-category": "email",
|
||||
"description": "Email object describing an email with meta-information",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"from": {
|
||||
"misp-attribute": "email-src",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"from-display-name": {
|
||||
"misp-attribute": "email-src-display-name",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"to": {
|
||||
"misp-attribute": "email-dst",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"],
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
],
|
||||
"multiple": true
|
||||
},
|
||||
"to-display-name": {
|
||||
"misp-attribute": "email-dst-display-name",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"],
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
],
|
||||
"multiple": true
|
||||
},
|
||||
"subject": {
|
||||
"misp-attribute": "email-subject",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"attachment": {
|
||||
"misp-attribute": "email-attachment",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"],
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
],
|
||||
"multiple": true
|
||||
},
|
||||
"message-id": {
|
||||
"misp-attribute": "email-message-id",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"reply-to": {
|
||||
"misp-attribute": "email-reply-to",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"send-date": {
|
||||
"misp-attribute": "datetime",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Other"]
|
||||
"categories": [
|
||||
"Other"
|
||||
]
|
||||
},
|
||||
"url": {
|
||||
"misp-attribute": "url",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"],
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
],
|
||||
"multiple": true
|
||||
},
|
||||
"mime-boundary": {
|
||||
"misp-attribute": "email-mime-boundary",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"thread-index": {
|
||||
"misp-attribute": "email-thread-index",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
},
|
||||
"header": {
|
||||
"misp-attribute": "email-header",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"],
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
],
|
||||
"multiple": true
|
||||
},
|
||||
"x-mailer": {
|
||||
"misp-attribute": "email-xmailer",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Payload delivery"]
|
||||
"categories": [
|
||||
"Payload delivery"
|
||||
]
|
||||
}
|
||||
|
||||
},
|
||||
"requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"]
|
||||
"requiredOneOf": [
|
||||
"email-src",
|
||||
"email-src-display-name",
|
||||
"email-dst",
|
||||
"email-dst-display-name",
|
||||
"email-subject",
|
||||
"email-attachment",
|
||||
"email-message-id",
|
||||
"email-reply-to",
|
||||
"send-date",
|
||||
"url",
|
||||
"email-mime-boundary",
|
||||
"email-thread-index",
|
||||
"email-header",
|
||||
"x-mailer"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,12 +3,16 @@
|
|||
"meta-category": "file",
|
||||
"description": "File object describing a file with meta-information",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"filename": {
|
||||
"misp-attribute": "filename",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Payload delivery","Artifacts dropped","Payload installation","External analysis"]
|
||||
"categories": [
|
||||
"Payload delivery",
|
||||
"Artifacts dropped",
|
||||
"Payload installation",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"size-in-bytes": {
|
||||
"misp-attribute": "size-in-bytes",
|
||||
|
@ -69,7 +73,11 @@
|
|||
"pattern-in-file": {
|
||||
"misp-attribute": "pattern-in-file",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Artifacts dropped","Payload installation","External analysis"]
|
||||
"categories": [
|
||||
"Artifacts dropped",
|
||||
"Payload installation",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"text": {
|
||||
"misp-attribute": "text",
|
||||
|
@ -83,7 +91,23 @@
|
|||
"misp-attribute": "compilation-timestamp",
|
||||
"misp-usage-frequency": 0
|
||||
}
|
||||
|
||||
},
|
||||
"requiredOneOf": ["filename", "size-in-bytes", "authentihash", "ssdeep", "imphash", "pehash", "sha-224", "sha-384", "sha-512", "sha-512/224", "sha-512/256", "tlsh", "md5", "sha1", "sha256", "pattern-in-file"]
|
||||
"requiredOneOf": [
|
||||
"filename",
|
||||
"size-in-bytes",
|
||||
"authentihash",
|
||||
"ssdeep",
|
||||
"imphash",
|
||||
"pehash",
|
||||
"sha-224",
|
||||
"sha-384",
|
||||
"sha-512",
|
||||
"sha-512/224",
|
||||
"sha-512/256",
|
||||
"tlsh",
|
||||
"md5",
|
||||
"sha1",
|
||||
"sha256",
|
||||
"pattern-in-file"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,22 +3,30 @@
|
|||
"meta-category": "network",
|
||||
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"ip": {
|
||||
"misp-attribute": "ip-dst",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"dst-port": {
|
||||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"src-port": {
|
||||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"first-seen": {
|
||||
"misp-attribute": "datetime",
|
||||
|
@ -32,8 +40,12 @@
|
|||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 0
|
||||
}
|
||||
|
||||
},
|
||||
"required": ["ip"],
|
||||
"requiredOneOf": ["dst-port", "src-port"]
|
||||
"required": [
|
||||
"ip"
|
||||
],
|
||||
"requiredOneOf": [
|
||||
"dst-port",
|
||||
"src-port"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,17 +3,22 @@
|
|||
"meta-category": "network",
|
||||
"description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"rrtype": {
|
||||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"rrname": {
|
||||
"misp-attribute": "hostname",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"time_first": {
|
||||
"misp-attribute": "datetime",
|
||||
|
@ -52,5 +57,8 @@
|
|||
"misp-usage-frequency": 0
|
||||
}
|
||||
},
|
||||
"required": ["rrtype","rrname"]
|
||||
"required": [
|
||||
"rrtype",
|
||||
"rrname"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,38 +3,52 @@
|
|||
"meta-category": "file",
|
||||
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"hive": {
|
||||
"misp-attribute": "reg-hive",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Persistence mechanism"]
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
]
|
||||
},
|
||||
"key": {
|
||||
"misp-attribute": "reg-key",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Persistence mechanism"]
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
]
|
||||
},
|
||||
"name": {
|
||||
"misp-attribute": "reg-name",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Persistence mechanism"]
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
]
|
||||
},
|
||||
"data": {
|
||||
"misp-attribute": "reg-data",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Persistence mechanism"]
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
]
|
||||
},
|
||||
"data-type": {
|
||||
"misp-attribute": "reg-datatype",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Persistence mechanism"]
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
]
|
||||
},
|
||||
"last-modified": {
|
||||
"misp-attribute": "datetime",
|
||||
"misp-usage-frequency": 0,
|
||||
"categories": ["Other"]
|
||||
"categories": [
|
||||
"Other"
|
||||
]
|
||||
}
|
||||
},
|
||||
"required": ["key", "name"]
|
||||
"required": [
|
||||
"key",
|
||||
"name"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
"meta-category": "network",
|
||||
"description": "Vulnerability object describing common vulnerability enumeration",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"references": {
|
||||
"misp-attribute": "link",
|
||||
"misp-usage-frequency": 1,
|
||||
|
@ -36,7 +35,14 @@
|
|||
"misp-attribute": "vulnerability",
|
||||
"misp-usage-frequency": 1
|
||||
}
|
||||
|
||||
},
|
||||
"requiredOneOf": ["published", "modified", "references", "vulnerable_configuration", "summary", "text", "id"]
|
||||
"requiredOneOf": [
|
||||
"published",
|
||||
"modified",
|
||||
"references",
|
||||
"vulnerable_configuration",
|
||||
"summary",
|
||||
"text",
|
||||
"id"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,12 +3,14 @@
|
|||
"meta-category": "network",
|
||||
"description": "Whois records information for a domain name.",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"domain": {
|
||||
"misp-attribute": "domain",
|
||||
"misp-usage-frequency": 1,
|
||||
"categories": ["Network activity","External analysis"]
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
]
|
||||
},
|
||||
"creation-date": {
|
||||
"misp-attribute": "datetime",
|
||||
|
@ -34,9 +36,15 @@
|
|||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 1
|
||||
}
|
||||
|
||||
|
||||
},
|
||||
"required": ["domain"],
|
||||
"requiredOneOf": ["registrant-email", "registrant-phone", "creation-date", "registrant-name", "registar"]
|
||||
"required": [
|
||||
"domain"
|
||||
],
|
||||
"requiredOneOf": [
|
||||
"registrant-email",
|
||||
"registrant-phone",
|
||||
"creation-date",
|
||||
"registrant-name",
|
||||
"registar"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
"meta-category": "network",
|
||||
"description": "x509 object describing a X.509 certificate",
|
||||
"version": 1,
|
||||
"attributes" :
|
||||
{
|
||||
"attributes": {
|
||||
"version": {
|
||||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 0
|
||||
|
@ -57,7 +56,8 @@
|
|||
"misp-attribute": "text",
|
||||
"misp-usage-frequency": 1
|
||||
}
|
||||
|
||||
},
|
||||
"required": ["x509-fingerprint-sha1"]
|
||||
"required": [
|
||||
"x509-fingerprint-sha1"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -7,12 +7,12 @@ set -x
|
|||
|
||||
diffs=`git status --porcelain | wc -l`
|
||||
|
||||
if ![ $diffs -eq 0 ]; then
|
||||
if ! [ $diffs -eq 0 ]; then
|
||||
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for dir in objects/*/list.json
|
||||
for dir in objects/*/definition.json
|
||||
do
|
||||
echo -n "${dir}: "
|
||||
jsonschema -i ${dir} schema.json
|
||||
|
|
Loading…
Reference in New Issue