MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch

pull/403/head
Christian Studer 2023-08-10 10:00:47 +02:00
parent 9486bbbab1 0037856e60
commit a9f836f751
6 changed files with 240 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
objects/malware-config/definition.json
View File

@ -5,11 +5,21 @@
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "Description of the malware configuration",
"misp-attribute": "text",
"ui-priority": 1
},
"encrypted": {
"description": "Encrypted or encoded text of the malware configuration in base64.",
"misp-attribute": "text",
"ui-priority": 1
},
"file-config": {
"description": "File configuration as an attachment",
"misp-attribute": "attachment",
"ui-priority": 1
},
"first-seen": {
"description": "When the malware configuration has been seen for the first time.",
"disable_correlation": true,
@ -44,8 +54,9 @@
"meta-category": "file",
"name": "malware-config",
"requiredOneOf": [
"config"
"config",
"file-config"
],
"uuid": "8200b79b-1d8c-49a8-9a63-7710e613c059",
"version": 1
"version": 2
}

17
objects/scan-result/definition.json
View File

@ -32,6 +32,11 @@
"Unknown"
]
},
"scan-result-query": {
"description": "Query or parameters provided to scan-result-tool to generate the scan-result.",
"misp-attribute": "text",
"ui-priority": 1
},
"scan-result-tool": {
"description": "Tool used which generated the scan-result.",
"disable_correlation": true,
@ -54,6 +59,7 @@
"AuditJS Scan",
"Azure Security Center Recommendations Scan",
"Bandit Scan",
"BinaryEdge",
"BlackDuck API",
"Blackduck Component Risk",
"Blackduck Hub Scan",
@ -66,6 +72,7 @@
"Burp REST API",
"Burp Scan",
"CargoAudit Scan",
"Censys",
"Checkmarx OSA",
"Checkmarx Scan",
"Checkmarx Scan detailed",
@ -133,6 +140,7 @@
"Nmap Scan",
"Node Security Platform Scan",
"Nuclei Scan",
"ONYPHE",
"ORT evaluated model Importer",
"OpenVAS CSV",
"Openscap Vulnerability Scan",
@ -156,6 +164,7 @@
"Scantist Scan",
"Scout Suite Scan",
"Semgrep JSON Report",
"Shodan",
"Snyk Scan",
"Solar Appscreener Scan",
"SonarQube API Import",
@ -191,6 +200,7 @@
"Xanitizer Scan",
"Yarn Audit Scan",
"ZAP Scan",
"ZoomEye",
"docker-bench-security Scan",
"kube-bench Scan",
"pip-audit Scan"
@ -220,9 +230,10 @@
"description": "Scan result object to add meta-data and the output of the scan result by itself.",
"meta-category": "network",
"name": "scan-result",
"required": [
"scan-result"
"requiredOneOf": [
"scan-result",
"scan-result-query"
],
"uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4",
"version": 2
"version": 3
}

18
objects/sigmf-archive/definition.json Normal file
View File

@ -0,0 +1,18 @@
{
"attributes": {
"SigMF-archive": {
"description": "tar archive (.sigmf)",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 1
}
},
"description": "An object representing an archive containing one or multiple recordings in the Signal Metadata Format Specification (SigMF)",
"meta-category": "misc",
"name": "sigmf-archive",
"required": [
"SigMF-archive"
],
"uuid": "5985d34d-3657-4828-9788-470175bcc3b1",
"version": 1
}

147
objects/sigmf-expanded-recording/definition.json Normal file
View File

@ -0,0 +1,147 @@
{
"attributes": {
"author": {
"description": "A text identifier for the author potentially including name, handle, email, and/or other ID like Amateur Call Sign.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"collection": {
"description": "The base filename of a collection with which this Recording is associated.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"data_doi": {
"description": "The registered DOI (ISO 26324) for a Recording's Dataset file.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"dataset": {
"description": "The full filename of the Dataset file this Metadata file describes.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"datatype": {
"description": "",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"description": {
"description": "A text description of the SigMF Recording.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"fft-plot": {
"description": "FFT plot of the signal",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 0
},
"geolocation_alt": {
"description": "The location of the Recording system (altitude).",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"geolocation_lat": {
"description": "The location of the Recording system (latitude).",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"geolocation_long": {
"description": "The location of the Recording system (longitude).",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"hw": {
"description": "A text description of the hardware used to make the Recording.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"iq-sample": {
"description": "Binary file of IQ samples",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 0
},
"license": {
"description": "A URL for the license document under which the Recording is offered.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"meta_doi": {
"description": "The registered DOI (ISO 26324) for a Recording's Metadata file.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"metadata_only": {
"description": "Indicates the Metadata file is intentionally distributed without the Dataset.",
"disable_correlation": true,
"misp-attribute": "boolean",
"ui-priority": 0
},
"num_channels": {
"description": "Total number of interleaved channels in the Dataset file. If omitted, this defaults to one.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"offset": {
"description": "The index number of the first sample in the Dataset. If not provided, this value defaults to zero. Typically used when a Recording is split over multiple files. All sample indices in SigMF are absolute, and so all other indices referenced in metadata for this recording SHOULD be greater than or equal to this value.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"recorder": {
"description": "The name of the software used to make this SigMF Recording.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"sample_rate": {
"description": "The sample rate of the signal in samples per second.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"sha512": {
"description": "The SHA512 hash of the Dataset file associated with the SigMF file.",
"disable_correlation": true,
"misp-attribute": "sha512",
"ui-priority": 0
},
"trailing_bytes": {
"description": "The number of bytes to ignore at the end of a Non-Conforming Dataset file.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"version": {
"description": "The version of the SigMF specification used to create the Metadata file.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"waterfall-plot": {
"description": "Waterfall plot of the signal",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 0
}
},
"description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)",
"meta-category": "misc",
"name": "sigmf-expanded-recording",
"uuid": "f1c2c4e1-d3bf-46b1-b34d-f5e9544a4795",
"version": 1
}

24
objects/sigmf-recording/definition.json Normal file
View File

@ -0,0 +1,24 @@
{
"attributes": {
"SigMF-data": {
"description": "Binary file of IQ or RF samples (.sigmf-data)",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 1
},
"SigMF-meta": {
"description": "Metadata file in SigMF format (.sigmf-meta)",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 0
}
},
"description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)",
"meta-category": "misc",
"name": "sigmf-recording",
"required": [
"SigMF-meta"
],
"uuid": "0ca64648-38ca-4e48-99ce-2e655cdac02c",
"version": 1
}

24
objects/x-header/definition.json Normal file
View File

@ -0,0 +1,24 @@
{
"attributes": {
"x-header-name": {
"description": "X header name is the value of the header key. The name is case sensitive.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"x-value": {
"description": "X value is the value of the specified header name.",
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "X header generic object for SMTP, HTTP or any other protocols using X headers.",
"meta-category": "network",
"name": "x-header",
"requiredOneOf": [
"x-header-name",
"x-value"
],
"uuid": "9a7028df-e238-45e8-893c-8e67d273fb61",
"version": 1
}