diff --git a/objects/file/definition.json b/objects/file/definition.json index f745adc..4ce11a3 100644 --- a/objects/file/definition.json +++ b/objects/file/definition.json @@ -16,7 +16,8 @@ }, "size-in-bytes": { "misp-attribute": "size-in-bytes", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "authentihash": { "misp-attribute": "authentihash", @@ -68,7 +69,8 @@ }, "entropy": { "misp-attribute": "float", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "disable_correlation": true }, "pattern-in-file": { "misp-attribute": "pattern-in-file", @@ -81,7 +83,8 @@ }, "text": { "misp-attribute": "text", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "disable_correlation": true } }, "requiredOneOf": [ diff --git a/objects/pe-section/definition.json b/objects/pe-section/definition.json index 2dec02f..2bd1ec6 100644 --- a/objects/pe-section/definition.json +++ b/objects/pe-section/definition.json @@ -6,19 +6,30 @@ "attributes": { "name": { "misp-attribute": "text", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "sane_default": [ + ".rsrc", + ".reloc", + ".rdata", + ".data", + ".text" + ], + "disable_correlation": true }, "text": { "misp-attribute": "text", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "disable_correlation": true }, "size-in-bytes": { "misp-attribute": "size-in-bytes", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "disable_correlation": true }, "entropy": { "misp-attribute": "float", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "md5": { "misp-attribute": "md5", diff --git a/objects/pe/definition.json b/objects/pe/definition.json index 47f2b62..89c4b5d 100644 --- a/objects/pe/definition.json +++ b/objects/pe/definition.json @@ -10,14 +10,15 @@ }, "text": { "misp-attribute": "text", - "misp-usage-frequency": 1 + "misp-usage-frequency": 1, + "disable_correlation": true }, "original-filename": { - "misp-attribute": "text", + "misp-attribute": "filename", "misp-usage-frequency": 1 }, "internal-filename": { - "misp-attribute": "text", + "misp-attribute": "filename", "misp-usage-frequency": 0 }, "compilation-timestamp": { @@ -26,43 +27,53 @@ }, "entrypoint-section|position": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "entrypoint-address": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "file-description": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "file-version": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "lang-id": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "product-name": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "product-version": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "company-name": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "legal-copyright": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true }, "pe-type": { "misp-attribute": "text", - "misp-usage-frequency": 0 + "misp-usage-frequency": 0, + "disable_correlation": true } }, "requiredOneOf": [