add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes.

objects/anonymisation/definition.json

@@ -0,0 +1,190 @@
+{
+  "requiredOneOf": [
+    "description",
+    "method",
+    "key",
+    "keyed-hash-function",
+    "encryption-function",
+    "regexp",
+    "iv"
+  ],
+  "attributes": {
+    "method": {
+      "description": "Anonymisation (pseudo or not) method(s) used",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "sane_default": [
+        "hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
+        "hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
+        "permutation - Maps each original value to a unique new value.",
+        "prefix-preserving - Any two values that had the same n-bit prefix before anonymization will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
+        "shift - Adds a fixed offset to each value/attribute.",
+        "enumeration - Map each original value to a new value such that their ordering is preserved.",
+        "partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
+        "updated - Checksums are recalculated to reflect changes made to other fields.",
+        "truncation - Field is shortened, losing data at the end.",
+        "encryption - Attribute is encrypted."
+      ],
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "key": {
+      "description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "misp-attribute": "text"
+    },
+    "iv": {
+      "description": "Initialisation vector for the encryption function used to anonymise the attribute",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "misp-attribute": "text"
+    },
+    "keyed-hash-function": {
+      "description": "Keyed-hash function used to anonymise the attribute",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "sane_default": [
+        "hmac-sha1",
+        "hmac-md5",
+        "hmac-sha256",
+        "hmac-sha384",
+        "hmac-sha512"
+      ],
+      "misp-attribute": "text"
+    },
+    "encryption-function": {
+      "description": "Encryption function or algorithm used to anonymise the attribute",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "sane_default": [
+        "bf-cbc",
+        "bf",
+        "blowfish",
+        "bf-cfb",
+        "bf-ecb",
+        "bf-ofb",
+        "cast-cbc",
+        "cast",
+        "cast5-cbc",
+        "cast5-cfb",
+        "cast5-ecb",
+        "cast5-ofb",
+        "des-cbc",
+        "des",
+        "des-cfb",
+        "des-ofb",
+        "des-ecb",
+        "des-ede-cbc",
+        "des-ede",
+        "des-ede-cfb",
+        "des-ede-ofb",
+        "des-ede3-cbc",
+        "des-ede3",
+        "des3",
+        "des-ede3-cfb",
+        "des-ede3-ofb",
+        "desx",
+        "gost89",
+        "gost89-cnt",
+        "idea-cbc",
+        "idea",
+        "idea-cfb",
+        "idea-ecb",
+        "idea-ofb",
+        "rc2-cbc",
+        "rc2",
+        "rc2-cfb",
+        "rc2-ecb",
+        "rc2-ofb",
+        "rc2-64-cbc",
+        "rc2-40-cbc",
+        "rc4",
+        "rc4-64",
+        "rc4-40",
+        "rc5-cbc",
+        "rc5",
+        "rc5-cfb",
+        "rc5-ecb",
+        "rc5-ofb",
+        "seed-cbc",
+        "seed",
+        "seed-cfb",
+        "seed-ecb",
+        "seed-ofb",
+        "sm4-cbc",
+        "sm4",
+        "sm4-cfb",
+        "sm4-ctr",
+        "sm4-ecb",
+        "sm4-ofb",
+        "aes-128-cbc",
+        "aes128",
+        "aes-128-cfb",
+        "aes-128-cfb1",
+        "aes-128-cfb8",
+        "aes-128-ctr",
+        "aes-128-ecb",
+        "aes-128-ofb",
+        "aes-128-cbc",
+        "aes128",
+        "aes-192-cfb",
+        "aes-192-cfb1",
+        "aes-192-cfb8",
+        "aes-192-ctr",
+        "aes-192-ecb",
+        "aes-192-ofb",
+        "aes-192-cbc",
+        "aes192",
+        "aes-256-cfb",
+        "aes-256-cfb1",
+        "aes-256-cfb8",
+        "aes-256-ctr",
+        "aes-256-ecb",
+        "aes-256-ofb",
+        "camellia-128-cbc",
+        "camellia128",
+        "camellia-128-cfb",
+        "camellia-128-cfb1",
+        "camellia-128-cfb8",
+        "camellia-128-ctr",
+        "camellia-128-ecb",
+        "camellia-128-ofb",
+        "camellia-192-cbc",
+        "camellia192",
+        "camellia-192-cfb",
+        "camellia-192-cfb1",
+        "camellia-192-cfb8",
+        "camellia-192-ctr",
+        "camellia-192-ecb",
+        "camellia-192-ofb",
+        "camellia-256-cbc",
+        "camellia256",
+        "camellia-256-cfb",
+        "camellia-256-cfb1",
+        "camellia-256-cfb8",
+        "camellia-256-ctr",
+        "camellia-256-ecb",
+        "camellia-256-ofb"
+      ],
+      "misp-attribute": "text"
+    },
+    "regexp": {
+      "description": "Regular expression to perfom the anonymisation (reversible or not)",
+      "ui-priority": 10,
+      "disable_correlation": true,
+      "misp-attribute": "text"
+    },
+    "description": {
+      "description": "Description of the anonymisation technique or tool used",
+      "ui-priority": 1,
+      "disable_correlation": true,
+      "misp-attribute": "text"
+    }
+  },
+  "version": 1,
+  "description": "Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
+  "meta-category": "misc",
+  "uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
+  "name": "anonymisation"
+}