From b93ad7969f3ecc5fa8b0d105ad5512523fd7c54d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 25 Oct 2018 17:31:36 +0200 Subject: [PATCH] fix: jq all the things(tm) --- objects/TSK-Chats/definition.json | 168 ++++----- objects/TSK-Web-Bookmark/definition.json | 134 +++---- objects/TSK-Web-Cookie/definition.json | 134 +++---- objects/TSK-Web-Downloads/definition.json | 110 +++--- objects/TSK-Web-History/definition.json | 136 +++---- objects/TSK-Web-Search-Query/definition.json | 132 +++---- objects/python-etvx-event-log/definition.json | 342 +++++++++--------- objects/regripper-NTUser/definition.json | 196 +++++----- .../definition.json | 136 +++---- .../definition.json | 108 +++--- .../definition.json | 118 +++--- .../definition.json | 106 +++--- .../definition.json | 98 ++--- .../definition.json | 114 +++--- .../definition.json | 110 +++--- .../definition.json | 250 ++++++------- .../definition.json | 126 +++---- .../definition.json | 320 ++++++++-------- .../definition.json | 100 ++--- .../definition.json | 178 ++++----- .../definition.json | 212 +++++------ .../definition.json | 196 +++++----- 22 files changed, 1762 insertions(+), 1762 deletions(-) diff --git a/objects/TSK-Chats/definition.json b/objects/TSK-Chats/definition.json index 9ffffe0..05b18a2 100644 --- a/objects/TSK-Chats/definition.json +++ b/objects/TSK-Chats/definition.json @@ -1,84 +1,84 @@ -{ - "required": [ - "message-type", - "message" - ], - "attributes": { - "message-type": { - "description": "the type of message extracted from the forensic-evidence.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "SMS", - "MMS", - "Instant Message (IM)", - "Voice Message" - ], - "disable_correlation": true - }, - "datetime-sent": { - "description": "date and the time when the message was sent.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "datetime-received": { - "description": "date and time when the message was received.", - "multiple": true, - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "Source": { - "description": "Source of the message.(Contact details)", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "destination": { - "description": "Destination of the message.(Contact details)", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "app-used": { - "description": "Application used to send the message.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "subject": { - "description": "Subject of the message if any.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "message": { - "description": "Message exchanged.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "attachments": { - "description": "External references", - "multiple": true, - "ui-priority": 0, - "categories": [ - "External analysis" - ], - "misp-attribute": "link" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.", - "meta-category": "misc", - "uuid": "6b71f231-c502-467f-bc67-1423cd5bf800", - "name": "tsk-chats" -} +{ + "required": [ + "message-type", + "message" + ], + "attributes": { + "message-type": { + "description": "the type of message extracted from the forensic-evidence.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "SMS", + "MMS", + "Instant Message (IM)", + "Voice Message" + ], + "disable_correlation": true + }, + "datetime-sent": { + "description": "date and the time when the message was sent.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "datetime-received": { + "description": "date and time when the message was received.", + "multiple": true, + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "Source": { + "description": "Source of the message.(Contact details)", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "destination": { + "description": "Destination of the message.(Contact details)", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "app-used": { + "description": "Application used to send the message.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "subject": { + "description": "Subject of the message if any.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "message": { + "description": "Message exchanged.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "attachments": { + "description": "External references", + "multiple": true, + "ui-priority": 0, + "categories": [ + "External analysis" + ], + "misp-attribute": "link" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.", + "meta-category": "misc", + "uuid": "6b71f231-c502-467f-bc67-1423cd5bf800", + "name": "tsk-chats" +} diff --git a/objects/TSK-Web-Bookmark/definition.json b/objects/TSK-Web-Bookmark/definition.json index 99475d3..28fca9e 100644 --- a/objects/TSK-Web-Bookmark/definition.json +++ b/objects/TSK-Web-Bookmark/definition.json @@ -1,67 +1,67 @@ -{ - "required": [ - "URL" - ], - "attributes": { - "URL": { - "description": "The URL saved as bookmark.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-bookmarked": { - "description": "date and time when the URL was added to favorites.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Book mark name. ", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "title": { - "description": "Title of the web page", - "ui-priority": 0, - "misp-attribute": "text" - }, - "browser": { - "description": "Browser used to access the URL.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "domain-name": { - "description": "Domain of the URL.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the URL domain.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.", - "meta-category": "misc", - "uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373", - "name": "tsk-web-bookmark" -} +{ + "required": [ + "URL" + ], + "attributes": { + "URL": { + "description": "The URL saved as bookmark.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-bookmarked": { + "description": "date and time when the URL was added to favorites.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Book mark name. ", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "title": { + "description": "Title of the web page", + "ui-priority": 0, + "misp-attribute": "text" + }, + "browser": { + "description": "Browser used to access the URL.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "domain-name": { + "description": "Domain of the URL.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the URL domain.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.", + "meta-category": "misc", + "uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373", + "name": "tsk-web-bookmark" +} diff --git a/objects/TSK-Web-Cookie/definition.json b/objects/TSK-Web-Cookie/definition.json index edf2e40..03e841e 100644 --- a/objects/TSK-Web-Cookie/definition.json +++ b/objects/TSK-Web-Cookie/definition.json @@ -1,67 +1,67 @@ -{ - "required": [ - "URL", - "name", - "value" - ], - "attributes": { - "URL": { - "description": "The website URL that created the cookie.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-created": { - "description": "date and time when the cookie was created.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Name of the cookie ", - "ui-priority": 0, - "misp-attribute": "text" - }, - "value": { - "description": "Value assigned to the cookie.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "browser": { - "description": "Browser on which the cookie was created.", - "ui-priority": 0, - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "misp-attribute": "text" - }, - "domain-name": { - "description": "Domain of the URL that created the cookie.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the domain that created the URL.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.", - "meta-category": "misc", - "uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d", - "name": "tsk-web-cookie" -} +{ + "required": [ + "URL", + "name", + "value" + ], + "attributes": { + "URL": { + "description": "The website URL that created the cookie.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-created": { + "description": "date and time when the cookie was created.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Name of the cookie ", + "ui-priority": 0, + "misp-attribute": "text" + }, + "value": { + "description": "Value assigned to the cookie.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "browser": { + "description": "Browser on which the cookie was created.", + "ui-priority": 0, + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "misp-attribute": "text" + }, + "domain-name": { + "description": "Domain of the URL that created the cookie.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the domain that created the URL.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.", + "meta-category": "misc", + "uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d", + "name": "tsk-web-cookie" +} diff --git a/objects/TSK-Web-Downloads/definition.json b/objects/TSK-Web-Downloads/definition.json index d7c8f69..6659d0e 100644 --- a/objects/TSK-Web-Downloads/definition.json +++ b/objects/TSK-Web-Downloads/definition.json @@ -1,55 +1,55 @@ -{ - "required": [ - "URL", - "name" - ], - "attributes": { - "URL": { - "description": "The URL used to download the file.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-accessed": { - "description": "date and time when the file was downloaded.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Name of the file downloaded.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "path-downloadedTo": { - "description": "Location the file was downloaded to.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "pathID": { - "description": "Id of the attribute file where the information is gathered from.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "attachment": { - "description": "The downloaded file itself.", - "ui-priority": 1, - "misp-attribute": "attachment", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to add web-downloads", - "meta-category": "File", - "uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26", - "name": "tsk-web-downloads" -} +{ + "required": [ + "URL", + "name" + ], + "attributes": { + "URL": { + "description": "The URL used to download the file.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-accessed": { + "description": "date and time when the file was downloaded.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Name of the file downloaded.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "path-downloadedTo": { + "description": "Location the file was downloaded to.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "pathID": { + "description": "Id of the attribute file where the information is gathered from.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "attachment": { + "description": "The downloaded file itself.", + "ui-priority": 1, + "misp-attribute": "attachment", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to add web-downloads", + "meta-category": "File", + "uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26", + "name": "tsk-web-downloads" +} diff --git a/objects/TSK-Web-History/definition.json b/objects/TSK-Web-History/definition.json index 4c9bd86..b38fd8d 100644 --- a/objects/TSK-Web-History/definition.json +++ b/objects/TSK-Web-History/definition.json @@ -1,68 +1,68 @@ -{ - "required": [ - "URL", - "datetime-accessed" - ], - "attributes": { - "URL": { - "description": "The URL accessed.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-accessed": { - "description": "date and the time when the URL was accessed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "referrer": { - "description": "where the URL was referred from ", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "title": { - "description": "Title of the web page", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-name": { - "description": "Domain of the URL.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the URL domain.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "browser": { - "description": "Browser used to access the URL.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to share web history information", - "meta-category": "misc", - "uuid": "e1325e52-e52e-49b1-89ad-d503c127c698", - "name": "tsk-web-history" -} +{ + "required": [ + "URL", + "datetime-accessed" + ], + "attributes": { + "URL": { + "description": "The URL accessed.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-accessed": { + "description": "date and the time when the URL was accessed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "referrer": { + "description": "where the URL was referred from ", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "title": { + "description": "Title of the web page", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-name": { + "description": "Domain of the URL.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the URL domain.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "browser": { + "description": "Browser used to access the URL.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to share web history information", + "meta-category": "misc", + "uuid": "e1325e52-e52e-49b1-89ad-d503c127c698", + "name": "tsk-web-history" +} diff --git a/objects/TSK-Web-Search-Query/definition.json b/objects/TSK-Web-Search-Query/definition.json index 43d94c5..0b0afdd 100644 --- a/objects/TSK-Web-Search-Query/definition.json +++ b/objects/TSK-Web-Search-Query/definition.json @@ -1,66 +1,66 @@ -{ - "required": [ - "domain", - "text" - ], - "attributes": { - "domain": { - "description": "The domain of the search engine.", - "ui-priority": 0, - "misp-attribute": "link", - "sane_default": [ - "Google", - "Yahoo", - "Bing", - "Alta Vista", - "MSN" - ], - "disable_correlation": true - }, - "text": { - "description": "the search word or sentence.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "datetime-searched": { - "description": "date and time when the search was conducted.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "browser": { - "description": "Browser used.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "username": { - "description": "User name or ID associated with the search.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to share web search query information", - "meta-category": "misc", - "uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e", - "name": "tsk-web-search-query" -} +{ + "required": [ + "domain", + "text" + ], + "attributes": { + "domain": { + "description": "The domain of the search engine.", + "ui-priority": 0, + "misp-attribute": "link", + "sane_default": [ + "Google", + "Yahoo", + "Bing", + "Alta Vista", + "MSN" + ], + "disable_correlation": true + }, + "text": { + "description": "the search word or sentence.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "datetime-searched": { + "description": "date and time when the search was conducted.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "browser": { + "description": "Browser used.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "username": { + "description": "User name or ID associated with the search.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to share web search query information", + "meta-category": "misc", + "uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e", + "name": "tsk-web-search-query" +} diff --git a/objects/python-etvx-event-log/definition.json b/objects/python-etvx-event-log/definition.json index 79a2d13..62566f4 100644 --- a/objects/python-etvx-event-log/definition.json +++ b/objects/python-etvx-event-log/definition.json @@ -1,171 +1,171 @@ -{ - "required": [ - "source", - "type", - "name" - ], - "attributes": { - "event-id": { - "description": "A unique number which identifies the event.", - "ui-priority": 1, - "misp-attribute": "text", - "disable_correlation": true - }, - "name": { - "description": "Name of the event.", - "ui-priority": 2, - "misp-attribute": "text", - "disable_correlation": true - }, - "event-channel": { - "description": " Channel through which the event occurred", - "ui-priority": 3, - "misp-attribute": "text", - "disable_correlation": true, - "sane-default": [ - "Application", - "System", - "Security", - "Setup", - "other" - ] - }, - "event-type": { - "description": "Event-type assigned to the event", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true, - "sane-default": [ - "Admin", - "Operational", - "Audit", - "Analytic", - "Debug", - "other" - ] - }, - "source": { - "description": "The source of the event log - application/software that logged the event.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "event-date-time": { - "description": "Date and time when the event was logged.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "level": { - "description": "Determines the event severity.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "Information", - "Warning", - "Error", - "Critical", - "Success Audit", - "Failure Audit" - ] - }, - "Computer": { - "description": "Computer name on which the event occurred", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "User": { - "description": "Name or the User ID the event is associated with.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Operational-code": { - "description": "The opcode (numeric value or name) associated with the activity carried out by the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "log": { - "description": "Log file where the event was recorded.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "task-category": { - "description": "Activity by the event publisher", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Keywords": { - "description": "Tags used for the event for the purpose of filtering or searching.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "Network", - "Security", - "Resource not found", - "other" - ] - }, - "Processor-ID": { - "description": "ID of the processor that processed the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Thread-ID": { - "description": "Thread id that generated the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Session-ID": { - "description": "Terminal server session ID.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Correlation-ID": { - "description": "Unique activity identity which relates the event to a process. ", - "ui-priority": 0, - "misp-attribute": "text" - }, - "Relative-Correlation-ID": { - "description": "Related activity ID which identity similar activities which occurred as a part of the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "kernel-time": { - "description": "Execution time of the kernel mode instruction.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "user-time": { - "description": "Date and time when the user instruction was executed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "Event-data": { - "description": "Event data description.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Event log object template to share information of the activities conducted on a system. ", - "meta-category": "misc", - "uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e", - "name": "python-etvx-event-log" -} +{ + "required": [ + "source", + "type", + "name" + ], + "attributes": { + "event-id": { + "description": "A unique number which identifies the event.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true + }, + "name": { + "description": "Name of the event.", + "ui-priority": 2, + "misp-attribute": "text", + "disable_correlation": true + }, + "event-channel": { + "description": " Channel through which the event occurred", + "ui-priority": 3, + "misp-attribute": "text", + "disable_correlation": true, + "sane-default": [ + "Application", + "System", + "Security", + "Setup", + "other" + ] + }, + "event-type": { + "description": "Event-type assigned to the event", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true, + "sane-default": [ + "Admin", + "Operational", + "Audit", + "Analytic", + "Debug", + "other" + ] + }, + "source": { + "description": "The source of the event log - application/software that logged the event.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "event-date-time": { + "description": "Date and time when the event was logged.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "level": { + "description": "Determines the event severity.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "Information", + "Warning", + "Error", + "Critical", + "Success Audit", + "Failure Audit" + ] + }, + "Computer": { + "description": "Computer name on which the event occurred", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "User": { + "description": "Name or the User ID the event is associated with.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Operational-code": { + "description": "The opcode (numeric value or name) associated with the activity carried out by the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "log": { + "description": "Log file where the event was recorded.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "task-category": { + "description": "Activity by the event publisher", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Keywords": { + "description": "Tags used for the event for the purpose of filtering or searching.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "Network", + "Security", + "Resource not found", + "other" + ] + }, + "Processor-ID": { + "description": "ID of the processor that processed the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Thread-ID": { + "description": "Thread id that generated the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Session-ID": { + "description": "Terminal server session ID.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Correlation-ID": { + "description": "Unique activity identity which relates the event to a process. ", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Relative-Correlation-ID": { + "description": "Related activity ID which identity similar activities which occurred as a part of the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "kernel-time": { + "description": "Execution time of the kernel mode instruction.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "user-time": { + "description": "Date and time when the user instruction was executed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "Event-data": { + "description": "Event data description.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Event log object template to share information of the activities conducted on a system. ", + "meta-category": "misc", + "uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e", + "name": "python-etvx-event-log" +} diff --git a/objects/regripper-NTUser/definition.json b/objects/regripper-NTUser/definition.json index 9ec80c5..b9ed227 100644 --- a/objects/regripper-NTUser/definition.json +++ b/objects/regripper-NTUser/definition.json @@ -1,98 +1,98 @@ -{ - "required": [ - "key" - ], - "requiredOneOf": [ - "logon-user-name" - ], - "attributes": { - "key": { - "description": "Registry key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "logon-user-name": { - "description": "Name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "recent-folders-accessed": { - "description": "List of recent folders accessed by the user.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "recent-files-accessed": { - "description": "List of recent files accessed by the user.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "typed-urls": { - "description": "Urls typed by the user in internet explorer", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "applications-installed": { - "description": "List of applications installed.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "applications-run": { - "description": "List of applications set to run on the system.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "external-devices": { - "description": "List of external devices connected to the system by the user.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "user-init": { - "description": "Applications or processes set to run when the user logs onto the windows system.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "nukeOnDelete": { - "description": "Determines if the Recycle bin option has been disabled.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "network-connected-to": { - "description": "List of networks the user connected the system to.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "mount-points": { - "description": "Details of the mount points created on the system.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true, - "disable_correlation": true - }, - "comments": { - "description": "Additional information related to the user profile", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", - "meta-category": "misc", - "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65", - "name": "regripper-NTUser" -} +{ + "required": [ + "key" + ], + "requiredOneOf": [ + "logon-user-name" + ], + "attributes": { + "key": { + "description": "Registry key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "logon-user-name": { + "description": "Name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "recent-folders-accessed": { + "description": "List of recent folders accessed by the user.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "recent-files-accessed": { + "description": "List of recent files accessed by the user.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "typed-urls": { + "description": "Urls typed by the user in internet explorer", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "applications-installed": { + "description": "List of applications installed.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "applications-run": { + "description": "List of applications set to run on the system.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "external-devices": { + "description": "List of external devices connected to the system by the user.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "user-init": { + "description": "Applications or processes set to run when the user logs onto the windows system.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "nukeOnDelete": { + "description": "Determines if the Recycle bin option has been disabled.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "network-connected-to": { + "description": "List of networks the user connected the system to.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "mount-points": { + "description": "Details of the mount points created on the system.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true, + "disable_correlation": true + }, + "comments": { + "description": "Additional information related to the user profile", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", + "meta-category": "misc", + "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65", + "name": "regripper-NTUser" +} diff --git a/objects/regripper-sam-hive-single-user/definition.json b/objects/regripper-sam-hive-single-user/definition.json index 11632e3..598144b 100644 --- a/objects/regripper-sam-hive-single-user/definition.json +++ b/objects/regripper-sam-hive-single-user/definition.json @@ -1,68 +1,68 @@ -{ - "required": [ - "key" - ], - "requiredOneOf": [ - "user-name", - "last-login-time", - "login-count" - ], - "attributes": { - "key": { - "description": "Registry key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "user-name": { - "description": "User name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "full-user-name": { - "description": "Full name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-login-time": { - "description": "Date and time when the user last logged onto the system.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "pwd-reset-time": { - "description": "Date and time when the password was last reset.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "pwd-fail-date": { - "description": "Date and time when a password last failed for this user profile.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "login-count": { - "description": "Number of times the user logged-in onto the system.", - "ui-priority": 0, - "misp-attribute": "counter", - "disable_correlation": true - }, - "comments": { - "description": "Full name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", - "meta-category": "misc", - "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", - "name": "regripper-sam-hive-single-user" -} +{ + "required": [ + "key" + ], + "requiredOneOf": [ + "user-name", + "last-login-time", + "login-count" + ], + "attributes": { + "key": { + "description": "Registry key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "user-name": { + "description": "User name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "full-user-name": { + "description": "Full name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-login-time": { + "description": "Date and time when the user last logged onto the system.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "pwd-reset-time": { + "description": "Date and time when the password was last reset.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "pwd-fail-date": { + "description": "Date and time when a password last failed for this user profile.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "login-count": { + "description": "Number of times the user logged-in onto the system.", + "ui-priority": 0, + "misp-attribute": "counter", + "disable_correlation": true + }, + "comments": { + "description": "Full name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", + "meta-category": "misc", + "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", + "name": "regripper-sam-hive-single-user" +} diff --git a/objects/regripper-sam-hive-user-group/definition.json b/objects/regripper-sam-hive-user-group/definition.json index 64119d0..55df836 100644 --- a/objects/regripper-sam-hive-user-group/definition.json +++ b/objects/regripper-sam-hive-user-group/definition.json @@ -1,54 +1,54 @@ -{ - "required": [ - "key" - ], - "requiredOneOf": [ - "group-name" - ], - "attributes": { - "key": { - "description": "Registry key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "group-name": { - "description": "Name assigned to the profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "full-name": { - "description": "Full name assigned to the profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-date-time": { - "description": "Date and time when the group key was updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "group-comment": { - "description": "Any group comment added.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "group-users": { - "description": "Users belonging to the group", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", - "meta-category": "misc", - "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", - "name": "regripper-sam-hive-user-group" -} +{ + "required": [ + "key" + ], + "requiredOneOf": [ + "group-name" + ], + "attributes": { + "key": { + "description": "Registry key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "group-name": { + "description": "Name assigned to the profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "full-name": { + "description": "Full name assigned to the profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-date-time": { + "description": "Date and time when the group key was updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "group-comment": { + "description": "Any group comment added.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "group-users": { + "description": "Users belonging to the group", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", + "meta-category": "misc", + "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", + "name": "regripper-sam-hive-user-group" +} diff --git a/objects/regripper-software-hive-BHO/definition.json b/objects/regripper-software-hive-BHO/definition.json index 0b43791..3c392f6 100644 --- a/objects/regripper-software-hive-BHO/definition.json +++ b/objects/regripper-software-hive-BHO/definition.json @@ -1,59 +1,59 @@ -{ - "required": [ - "key", - "BHO-name" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "BHO-name": { - "description": "Name of the browser helper object.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BHO-key-last-write-time": { - "description": "Date and time when the BHO key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "class": { - "description": "Class to which the BHO belongs to.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "module": { - "description": "DLL module the BHO belongs to.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the BHO.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", - "meta-category": "misc", - "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", - "name": "regripper-software-hive-BHO" -} +{ + "required": [ + "key", + "BHO-name" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "BHO-name": { + "description": "Name of the browser helper object.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BHO-key-last-write-time": { + "description": "Date and time when the BHO key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "class": { + "description": "Class to which the BHO belongs to.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "module": { + "description": "DLL module the BHO belongs to.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the BHO.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", + "meta-category": "misc", + "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", + "name": "regripper-software-hive-BHO" +} diff --git a/objects/regripper-software-hive-appInit-DLLS/definition.json b/objects/regripper-software-hive-appInit-DLLS/definition.json index d089224..7bd9395 100644 --- a/objects/regripper-software-hive-appInit-DLLS/definition.json +++ b/objects/regripper-software-hive-appInit-DLLS/definition.json @@ -1,53 +1,53 @@ -{ - "required": [ - "key", - "DLL-name", - "DLL-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "DLL-name": { - "description": "Name of the DLL file.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DLL-path": { - "description": "Path where the DLL file is stored.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DLL-last-write-time": { - "description": "Date and time when the DLL file was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the DLL file.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the DLL files installed on the system.", - "meta-category": "misc", - "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", - "name": "regripper-software-hive-appInit-DLLS" -} +{ + "required": [ + "key", + "DLL-name", + "DLL-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "DLL-name": { + "description": "Name of the DLL file.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DLL-path": { + "description": "Path where the DLL file is stored.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DLL-last-write-time": { + "description": "Date and time when the DLL file was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the DLL file.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the DLL files installed on the system.", + "meta-category": "misc", + "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", + "name": "regripper-software-hive-appInit-DLLS" +} diff --git a/objects/regripper-software-hive-application-paths/definition.json b/objects/regripper-software-hive-application-paths/definition.json index 3929d42..62aacc5 100644 --- a/objects/regripper-software-hive-application-paths/definition.json +++ b/objects/regripper-software-hive-application-paths/definition.json @@ -1,49 +1,49 @@ -{ - "required": [ - "key", - "executable-file-name", - "path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "executable-file-name": { - "description": "Name of the executable file.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "path": { - "description": "Path of the executable file.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the application installed.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the application paths.", - "meta-category": "misc", - "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", - "name": "regripper-software-hive-application-paths" -} +{ + "required": [ + "key", + "executable-file-name", + "path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "executable-file-name": { + "description": "Name of the executable file.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "path": { + "description": "Path of the executable file.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the application installed.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the application paths.", + "meta-category": "misc", + "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", + "name": "regripper-software-hive-application-paths" +} diff --git a/objects/regripper-software-hive-applications-installed/definition.json b/objects/regripper-software-hive-applications-installed/definition.json index c8229c7..2b7d153 100644 --- a/objects/regripper-software-hive-applications-installed/definition.json +++ b/objects/regripper-software-hive-applications-installed/definition.json @@ -1,57 +1,57 @@ -{ - "required": [ - "key", - "app-name" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-path": { - "description": "Path of the key.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "app-name": { - "description": "Name of the application.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "app-last-write-time": { - "description": "Date and time when the application key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "version": { - "description": "Version of the application.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the application installed.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the applications installed on the system.", - "meta-category": "misc", - "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", - "name": "regripper-software-hive-applications-installed" -} +{ + "required": [ + "key", + "app-name" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "key-path": { + "description": "Path of the key.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "app-name": { + "description": "Name of the application.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "app-last-write-time": { + "description": "Date and time when the application key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "version": { + "description": "Version of the application.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the application installed.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the applications installed on the system.", + "meta-category": "misc", + "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", + "name": "regripper-software-hive-applications-installed" +} diff --git a/objects/regripper-software-hive-command-shell/definition.json b/objects/regripper-software-hive-command-shell/definition.json index 0d060d6..0245221 100644 --- a/objects/regripper-software-hive-command-shell/definition.json +++ b/objects/regripper-software-hive-command-shell/definition.json @@ -1,55 +1,55 @@ -{ - "required": [ - "key", - "shell", - "shell-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "shell": { - "description": "Type of shell used to execute the command.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "exe", - "cmd", - "bat", - "hta", - "pif", - "Other" - ], - "disable_correlation": true - }, - "shell-path": { - "description": "Path of the shell.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "command": { - "description": "Command executed.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the shell commands executed on the system.", - "meta-category": "misc", - "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", - "name": "regripper-software-hive-command-shell" -} +{ + "required": [ + "key", + "shell", + "shell-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "shell": { + "description": "Type of shell used to execute the command.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "exe", + "cmd", + "bat", + "hta", + "pif", + "Other" + ], + "disable_correlation": true + }, + "shell-path": { + "description": "Path of the shell.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "command": { + "description": "Command executed.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the shell commands executed on the system.", + "meta-category": "misc", + "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", + "name": "regripper-software-hive-command-shell" +} diff --git a/objects/regripper-software-hive-general-windows-info/definition.json b/objects/regripper-software-hive-general-windows-info/definition.json index 85b5538..ca14989 100644 --- a/objects/regripper-software-hive-general-windows-info/definition.json +++ b/objects/regripper-software-hive-general-windows-info/definition.json @@ -1,125 +1,125 @@ -{ - "required": [ - "win-cv-path", - "CurrentVersion" - ], - "attributes": { - "win-cv-path": { - "description": "key where the windows information is retrieved from", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "RegisteredOrganization": { - "description": "Name of the registered organization.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "RegisteredOwner": { - "description": "Name of the registered owner.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CurrentVersion": { - "description": "Current version of windows", - "ui-priority": 0, - "disable_correlation": true - }, - "CurrentBuild": { - "description": "Build number of the windows OS.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "SoftwareType": { - "description": "Software type of windows.", - "ui-priority": 0, - "sane_default": [ - "System", - "Application", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "InstallationType": { - "description": "Type of windows installation.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "InstallDate": { - "description": "Date when windows was installed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "SystemRoot": { - "description": "Root directory.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "PathName": { - "description": "Path to the root directory.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "EditionID": { - "description": "Windows edition.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "ProductName": { - "description": "Name of the windows version.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "ProductID": { - "description": "ID of the product version.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CSDVersion": { - "description": "Version of the service pack installed.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CurrentBuildType": { - "description": "Current build type of the OS.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildLab": { - "description": "Windows BuildLab string.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildGUID": { - "description": "Build ID.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildLabEx": { - "description": "Windows BuildLabEx string.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", - "meta-category": "misc", - "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", - "name": "regripper-software-hive-windows-general-info" -} +{ + "required": [ + "win-cv-path", + "CurrentVersion" + ], + "attributes": { + "win-cv-path": { + "description": "key where the windows information is retrieved from", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "RegisteredOrganization": { + "description": "Name of the registered organization.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "RegisteredOwner": { + "description": "Name of the registered owner.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CurrentVersion": { + "description": "Current version of windows", + "ui-priority": 0, + "disable_correlation": true + }, + "CurrentBuild": { + "description": "Build number of the windows OS.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "SoftwareType": { + "description": "Software type of windows.", + "ui-priority": 0, + "sane_default": [ + "System", + "Application", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "InstallationType": { + "description": "Type of windows installation.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "InstallDate": { + "description": "Date when windows was installed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "SystemRoot": { + "description": "Root directory.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "PathName": { + "description": "Path to the root directory.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "EditionID": { + "description": "Windows edition.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "ProductName": { + "description": "Name of the windows version.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "ProductID": { + "description": "ID of the product version.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CSDVersion": { + "description": "Version of the service pack installed.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CurrentBuildType": { + "description": "Current build type of the OS.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildLab": { + "description": "Windows BuildLab string.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildGUID": { + "description": "Build ID.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildLabEx": { + "description": "Windows BuildLabEx string.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", + "meta-category": "misc", + "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", + "name": "regripper-software-hive-windows-general-info" +} diff --git a/objects/regripper-software-hive-software-run/definition.json b/objects/regripper-software-hive-software-run/definition.json index 35cb1f5..5e26a8a 100644 --- a/objects/regripper-software-hive-software-run/definition.json +++ b/objects/regripper-software-hive-software-run/definition.json @@ -1,63 +1,63 @@ -{ - "required": [ - "key", - "application-name", - "application-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "sane_default": [ - "Run", - "RunOnce", - "Runservices", - "Terminal", - "Other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "key-path": { - "description": "Path of the key.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "application-name": { - "description": "Name of the application run.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "application-path": { - "description": "Path where the application is installed.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the applications.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information of the applications set to run on the system.", - "meta-category": "misc", - "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", - "name": "regripper-software-hive-software-run" -} +{ + "required": [ + "key", + "application-name", + "application-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "sane_default": [ + "Run", + "RunOnce", + "Runservices", + "Terminal", + "Other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "key-path": { + "description": "Path of the key.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "application-name": { + "description": "Name of the application run.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "application-path": { + "description": "Path where the application is installed.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the applications.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the applications set to run on the system.", + "meta-category": "misc", + "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", + "name": "regripper-software-hive-software-run" +} diff --git a/objects/regripper-software-hive-userprofile-winlogon/definition.json b/objects/regripper-software-hive-userprofile-winlogon/definition.json index e38ebd0..15a3efc 100644 --- a/objects/regripper-software-hive-userprofile-winlogon/definition.json +++ b/objects/regripper-software-hive-userprofile-winlogon/definition.json @@ -1,160 +1,160 @@ -{ - "required": [ - "user-profile-key-path", - "SID" - ], - "attributes": { - "user-profile-key-path": { - "description": "key where the user-profile information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "user-profile-key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "user-profile-path": { - "description": "Path of the user profile on the system", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "SID": { - "description": "Security identifier assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "user-profile-last-write-time": { - "description": "Date and time when the user profile was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "winlogon-key-path": { - "description": "winlogon key referred in order to retrieve default user information", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "winlogon-key-last-write-time": { - "description": "Date and time when the winlogon key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "DefaultUserName": { - "description": "user-name of the default user.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Shell": { - "description": "Shell set to run when the user logs onto the system.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true, - "multiple": true - }, - "UserInit": { - "description": "Applications and files set to run when the user logs onto the system (User logon activity).", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - }, - "Legal-notice-caption": { - "description": "Message title set to display when the user logs-in.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true, - "disable_correlation": true - }, - "Legal-notice-text": { - "description": "Message set to display when the user logs-in.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true, - "disable_correlation": true - }, - "PreCreateKnownFolders": { - "description": "create known folders key", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "ReportBootOk": { - "description": "Flag to check if the reboot was successful.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "AutoRestartShell": { - "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "PasswordExpiryWarining": { - "description": "Number of times the password expiry warning appeared.", - "ui-priority": 0, - "misp-attribute": "counter", - "disable_correlation": true - }, - "PowerdownAfterShutDown": { - "description": "Flag value- if the system is set to power down after it is shutdown.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "ShutdownWithoutLogon": { - "description": "Value of the flag set to enable shutdown without requiring a user to login.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "WinStationsDisabled": { - "description": "Flag value set to enable/disable logons to the system.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "DisableCAD": { - "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "AutoAdminLogon": { - "description": "Flag value to determine if autologon is enabled for a user without entering the password.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "CachedLogonCount": { - "description": "Number of times the user has logged into the system.", - "ui-priority": 0, - "misp-attribute": "counter", - "disable_correlation": true - }, - "ShutdownFlags": { - "description": "Number of times shutdown is initiated from a process when the user is logged-in.", - "ui-priority": 0, - "misp-attribute": "counter", - "disable_correlation": true - }, - "Comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.", - "meta-category": "misc", - "uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59", - "name": "regripper-software-hive-userprofile-winlogon" -} +{ + "required": [ + "user-profile-key-path", + "SID" + ], + "attributes": { + "user-profile-key-path": { + "description": "key where the user-profile information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "user-profile-key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "user-profile-path": { + "description": "Path of the user profile on the system", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "SID": { + "description": "Security identifier assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "user-profile-last-write-time": { + "description": "Date and time when the user profile was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "winlogon-key-path": { + "description": "winlogon key referred in order to retrieve default user information", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "winlogon-key-last-write-time": { + "description": "Date and time when the winlogon key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "DefaultUserName": { + "description": "user-name of the default user.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Shell": { + "description": "Shell set to run when the user logs onto the system.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true + }, + "UserInit": { + "description": "Applications and files set to run when the user logs onto the system (User logon activity).", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "Legal-notice-caption": { + "description": "Message title set to display when the user logs-in.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true, + "disable_correlation": true + }, + "Legal-notice-text": { + "description": "Message set to display when the user logs-in.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true, + "disable_correlation": true + }, + "PreCreateKnownFolders": { + "description": "create known folders key", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "ReportBootOk": { + "description": "Flag to check if the reboot was successful.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "AutoRestartShell": { + "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "PasswordExpiryWarining": { + "description": "Number of times the password expiry warning appeared.", + "ui-priority": 0, + "misp-attribute": "counter", + "disable_correlation": true + }, + "PowerdownAfterShutDown": { + "description": "Flag value- if the system is set to power down after it is shutdown.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "ShutdownWithoutLogon": { + "description": "Value of the flag set to enable shutdown without requiring a user to login.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "WinStationsDisabled": { + "description": "Flag value set to enable/disable logons to the system.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "DisableCAD": { + "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "AutoAdminLogon": { + "description": "Flag value to determine if autologon is enabled for a user without entering the password.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "CachedLogonCount": { + "description": "Number of times the user has logged into the system.", + "ui-priority": 0, + "misp-attribute": "counter", + "disable_correlation": true + }, + "ShutdownFlags": { + "description": "Number of times shutdown is initiated from a process when the user is logged-in.", + "ui-priority": 0, + "misp-attribute": "counter", + "disable_correlation": true + }, + "Comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.", + "meta-category": "misc", + "uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59", + "name": "regripper-software-hive-userprofile-winlogon" +} diff --git a/objects/regripper-system-hive-firewall-configuration/definition.json b/objects/regripper-system-hive-firewall-configuration/definition.json index fdd0663..abac192 100644 --- a/objects/regripper-system-hive-firewall-configuration/definition.json +++ b/objects/regripper-system-hive-firewall-configuration/definition.json @@ -1,50 +1,50 @@ -{ - "required": [ - "profile" - ], - "attributes": { - "profile": { - "description": "Firewall Profile type", - "ui-priority": 0, - "sane-default": [ - "Domain Profile", - "Standard Profile", - "Network Profile", - "Public Profile", - "Private Profile", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "last-write-time": { - "description": "Date and time when the firewall profile policy was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "enbled-firewall": { - "description": "Boolean flag to determine if the firewall is enabled.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "disable-notification": { - "description": "Boolean flag to determine if firewall notifications are enabled.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", - "meta-category": "misc", - "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", - "name": "regripper-system-hive-firewall-configuration" -} +{ + "required": [ + "profile" + ], + "attributes": { + "profile": { + "description": "Firewall Profile type", + "ui-priority": 0, + "sane-default": [ + "Domain Profile", + "Standard Profile", + "Network Profile", + "Public Profile", + "Private Profile", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "last-write-time": { + "description": "Date and time when the firewall profile policy was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "enbled-firewall": { + "description": "Boolean flag to determine if the firewall is enabled.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "disable-notification": { + "description": "Boolean flag to determine if firewall notifications are enabled.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", + "meta-category": "misc", + "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", + "name": "regripper-system-hive-firewall-configuration" +} diff --git a/objects/regripper-system-hive-general-configuration/definition.json b/objects/regripper-system-hive-general-configuration/definition.json index 04a67fc..b2fe81b 100644 --- a/objects/regripper-system-hive-general-configuration/definition.json +++ b/objects/regripper-system-hive-general-configuration/definition.json @@ -1,89 +1,89 @@ -{ - "required": [ - "computer-name" - ], - "attributes": { - "computer-name": { - "description": "name of the computer under analysis", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "shutdown-time": { - "description": "Date and time when the system was shutdown.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-last-write-time": { - "description": "Date and time when the timezone key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-bias": { - "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-standard-name": { - "description": "Timezone standard name used during non-daylight saving months.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-standard-date": { - "description": "Standard date - non daylight saving months", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-standard-bias": { - "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-daylight-name": { - "description": "Timezone name used during daylight saving months.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-daylight-date": { - "description": "Daylight date - daylight saving months", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-daylight-bias": { - "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "fDenyTSConnections:": { - "description": "Specifies whether remote connections are enabled or disabled on the system.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to present general system properties extracted from the system-hive.", - "meta-category": "misc", - "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", - "name": "regripper-system-hive-general-configuration" -} +{ + "required": [ + "computer-name" + ], + "attributes": { + "computer-name": { + "description": "name of the computer under analysis", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "shutdown-time": { + "description": "Date and time when the system was shutdown.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-last-write-time": { + "description": "Date and time when the timezone key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-bias": { + "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-standard-name": { + "description": "Timezone standard name used during non-daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-standard-date": { + "description": "Standard date - non daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-standard-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-daylight-name": { + "description": "Timezone name used during daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-daylight-date": { + "description": "Daylight date - daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-daylight-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "fDenyTSConnections:": { + "description": "Specifies whether remote connections are enabled or disabled on the system.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present general system properties extracted from the system-hive.", + "meta-category": "misc", + "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", + "name": "regripper-system-hive-general-configuration" +} diff --git a/objects/regripper-system-hive-network-information/definition.json b/objects/regripper-system-hive-network-information/definition.json index dfd3e85..7676c59 100644 --- a/objects/regripper-system-hive-network-information/definition.json +++ b/objects/regripper-system-hive-network-information/definition.json @@ -1,106 +1,106 @@ -{ - "required": [ - "network-key" - ], - "attributes": { - "network-key": { - "description": "Registry key assigned to the network", - "ui-priority": 0, - "misp-attribute": "text" - }, - "network-key-last-write-time": { - "description": "Date and time when the network key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "network-key-path": { - "description": "Path of the key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "TCPIP-key": { - "description": "TCPIP key", - "ui-priority": 0, - "misp-attribute": "text" - }, - "TCPIP-key-last-write-time": { - "description": "Datetime when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "DHCP-domain": { - "description": "Name of the DHCP domain service", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DHCP-IP-address": { - "description": "DHCP service - IP address", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-subnet-mask": { - "description": "DHCP subnet mask - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-name-server": { - "description": "DHCP Name server - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-server": { - "description": "DHCP server - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "interface-GUID": { - "description": "GUID value assigned to the interface.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-last-write-time": { - "description": "Last date and time when the interface key was updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "interface-name": { - "description": "Name of the interface.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "interface-PnpInstanceID": { - "description": "Plug and Play instance ID assigned to the interface.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-MediaSubType": { - "description": "", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-IPcheckingEnabled": { - "description": "", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper object template designed to gather network information from the system-hive.", - "meta-category": "misc", - "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", - "name": "regripper-system-hive-network-information." -} +{ + "required": [ + "network-key" + ], + "attributes": { + "network-key": { + "description": "Registry key assigned to the network", + "ui-priority": 0, + "misp-attribute": "text" + }, + "network-key-last-write-time": { + "description": "Date and time when the network key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "network-key-path": { + "description": "Path of the key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "TCPIP-key": { + "description": "TCPIP key", + "ui-priority": 0, + "misp-attribute": "text" + }, + "TCPIP-key-last-write-time": { + "description": "Datetime when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "DHCP-domain": { + "description": "Name of the DHCP domain service", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DHCP-IP-address": { + "description": "DHCP service - IP address", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-subnet-mask": { + "description": "DHCP subnet mask - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-name-server": { + "description": "DHCP Name server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-server": { + "description": "DHCP server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "interface-GUID": { + "description": "GUID value assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-last-write-time": { + "description": "Last date and time when the interface key was updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "interface-name": { + "description": "Name of the interface.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "interface-PnpInstanceID": { + "description": "Plug and Play instance ID assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-MediaSubType": { + "description": "", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-IPcheckingEnabled": { + "description": "", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper object template designed to gather network information from the system-hive.", + "meta-category": "misc", + "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", + "name": "regripper-system-hive-network-information." +} diff --git a/objects/regripper-system-hive-service-drivers/definition.json b/objects/regripper-system-hive-service-drivers/definition.json index 35054ab..b5dcaf5 100644 --- a/objects/regripper-system-hive-service-drivers/definition.json +++ b/objects/regripper-system-hive-service-drivers/definition.json @@ -1,98 +1,98 @@ -{ - "required": [ - "name" - ], - "attributes": { - "name": { - "description": "name of the key", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "display": { - "description": "Display name/information of the service or the driver.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "image-path": { - "description": "Path of the service/drive", - "ui-priority": 0, - "misp-attribute": "text" - }, - "type": { - "description": "Service/driver type.", - "ui-priority": 0, - "sane_default": [ - "Kernel driver", - "File system driver", - "Own process", - "Share process", - "Interactive", - "Other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "start": { - "description": "When the service/driver starts or executes.", - "ui-priority": 0, - "sane_default": [ - "Boot start", - "System start", - "Auto start", - "Manual", - "Disabled" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "group": { - "description": "Group to which the system/driver belong to.", - "ui-priority": 0, - "sane_default": [ - "Base", - "Boot Bus Extender", - "Boot File System", - "Cryptography", - "Extended base", - "Event Log", - "Filter", - "FSFilter Bottom", - "FSFilter Infrastructure", - "File System", - "FSFilter Virtualization", - "Keyboard Port", - "Network", - "NDIS", - "Parallel arbitrator", - "Pointer Port", - "PnP Filter", - "ProfSvc_Group", - "PNP_TDI", - "SCSI Miniport", - "SCSI CDROM Class", - "System Bus Extender", - "Video Save", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } - }, - "version": 1, - "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", - "meta-category": "misc", - "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", - "name": "regripper-system-hive-services-drivers" -} +{ + "required": [ + "name" + ], + "attributes": { + "name": { + "description": "name of the key", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "display": { + "description": "Display name/information of the service or the driver.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "image-path": { + "description": "Path of the service/drive", + "ui-priority": 0, + "misp-attribute": "text" + }, + "type": { + "description": "Service/driver type.", + "ui-priority": 0, + "sane_default": [ + "Kernel driver", + "File system driver", + "Own process", + "Share process", + "Interactive", + "Other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "start": { + "description": "When the service/driver starts or executes.", + "ui-priority": 0, + "sane_default": [ + "Boot start", + "System start", + "Auto start", + "Manual", + "Disabled" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "group": { + "description": "Group to which the system/driver belong to.", + "ui-priority": 0, + "sane_default": [ + "Base", + "Boot Bus Extender", + "Boot File System", + "Cryptography", + "Extended base", + "Event Log", + "Filter", + "FSFilter Bottom", + "FSFilter Infrastructure", + "File System", + "FSFilter Virtualization", + "Keyboard Port", + "Network", + "NDIS", + "Parallel arbitrator", + "Pointer Port", + "PnP Filter", + "ProfSvc_Group", + "PNP_TDI", + "SCSI Miniport", + "SCSI CDROM Class", + "System Bus Extender", + "Video Save", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", + "meta-category": "misc", + "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", + "name": "regripper-system-hive-services-drivers" +}