chg: [process] updated following the "mess" of representation in process object

Ref: https://twitter.com/cyb3rops/status/1150315962501095424
2019-07-15 15:58:55 +02:00 · 2019-07-15 15:58:55 +02:00 · ab9c1e4cd6
parent b6cad628c7
commit ab9c1e4cd6
1 changed files with 52 additions and 7 deletions
--- a/objects/process/definition.json
+++ b/objects/process/definition.json
@ -3,16 +3,16 @@
  "uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
  "meta-category": "misc",
  "description": "Object describing a system process.",
-  "version": 5,
+  "version": 6,
  "attributes": {
    "creation-time": {
-      "description": "Local date/time at which the process was created.",
+      "description": "Local date/time at which the process was created",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "start-time": {
-      "description": "Local date/time at which the process was started.",
+      "description": "Local date/time at which the process was started",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
@ -23,26 +23,42 @@
      "misp-attribute": "text"
    },
    "pid": {
-      "description": "Process ID of the process.",
+      "description": "Process ID of the process",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
+    "pgid": {
+      "description": "Identifier of the group of processes the process belong to",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
+    "guid": {
+      "description": "The globally unique identifier of the assigned by the vendor product",
+      "ui-priority": 1,
+      "misp-attribute": "uuid"
+    },
    "parent-pid": {
-      "description": "Process ID of the parent process.",
+      "description": "Process ID of the parent process",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
+    "parent-guid": {
+      "description": "The globally unique idenifier of the parent process assigned by the vendor product",
+      "ui-priority": 1,
+      "misp-attribute": "uuid"
+    },
    "child-pid": {
-      "description": "Process ID of the child(ren) process.",
+      "description": "Process ID of the child(ren) process",
      "ui-priority": 1,
      "misp-attribute": "text",
      "multiple": true,
      "disable_correlation": true
    },
    "port": {
-      "description": "Port(s) owned by the process.",
+      "description": "Port(s) owned by the process",
      "ui-priority": 1,
      "misp-attribute": "src-port",
      "multiple": true,
@ -53,6 +69,12 @@
      "ui-priority": 1,
      "misp-attribute": "text"
    },
+    "args": {
+      "description": "Arguments of the process",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
    "current-directory": {
      "description": "Current working directory of the process",
      "ui-priority": 2,
@ -74,6 +96,16 @@
      "ui-priority": 1,
      "misp-attribute": "filename"
    },
+    "parent-process-name": {
+      "description": "Process name of the parent",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "parent-process-path": {
+      "description": "Parent process path of the parent",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
    "user": {
      "description": "User context of the process",
      "ui-priority": 2,
@ -84,6 +116,19 @@
      "description": "Integrity level of the process",
      "ui-priority": 2,
      "misp-attribute": "text",
+      "disable_correlation": true,
+      "sane_default": [
+        "system",
+        "high",
+        "medium",
+        "low",
+        "untrusted"
+      ]
+    },
+    "hidden": {
+      "description": "Specifies whether the process is hidden",
+      "ui-priority": 1,
+      "misp-attribute": "boolean",
      "disable_correlation": true
    }
  },