fix: jq all the things(tm)

pull/125/head
Alexandre Dulaunoy 2018-10-25 17:31:36 +02:00
parent 38a006b05b
commit b93ad7969f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
22 changed files with 1762 additions and 1762 deletions

View File

@ -1,84 +1,84 @@
{ {
"required": [ "required": [
"message-type", "message-type",
"message" "message"
], ],
"attributes": { "attributes": {
"message-type": { "message-type": {
"description": "the type of message extracted from the forensic-evidence.", "description": "the type of message extracted from the forensic-evidence.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"SMS", "SMS",
"MMS", "MMS",
"Instant Message (IM)", "Instant Message (IM)",
"Voice Message" "Voice Message"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"datetime-sent": { "datetime-sent": {
"description": "date and the time when the message was sent.", "description": "date and the time when the message was sent.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"datetime-received": { "datetime-received": {
"description": "date and time when the message was received.", "description": "date and time when the message was received.",
"multiple": true, "multiple": true,
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"Source": { "Source": {
"description": "Source of the message.(Contact details)", "description": "Source of the message.(Contact details)",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"destination": { "destination": {
"description": "Destination of the message.(Contact details)", "description": "Destination of the message.(Contact details)",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"app-used": { "app-used": {
"description": "Application used to send the message.", "description": "Application used to send the message.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"subject": { "subject": {
"description": "Subject of the message if any.", "description": "Subject of the message if any.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"message": { "message": {
"description": "Message exchanged.", "description": "Message exchanged.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"attachments": { "attachments": {
"description": "External references", "description": "External references",
"multiple": true, "multiple": true,
"ui-priority": 0, "ui-priority": 0,
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"misp-attribute": "link" "misp-attribute": "link"
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.", "description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "6b71f231-c502-467f-bc67-1423cd5bf800", "uuid": "6b71f231-c502-467f-bc67-1423cd5bf800",
"name": "tsk-chats" "name": "tsk-chats"
} }

View File

@ -1,67 +1,67 @@
{ {
"required": [ "required": [
"URL" "URL"
], ],
"attributes": { "attributes": {
"URL": { "URL": {
"description": "The URL saved as bookmark.", "description": "The URL saved as bookmark.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link" "misp-attribute": "link"
}, },
"datetime-bookmarked": { "datetime-bookmarked": {
"description": "date and time when the URL was added to favorites.", "description": "date and time when the URL was added to favorites.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Book mark name. ", "description": "Book mark name. ",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"title": { "title": {
"description": "Title of the web page", "description": "Title of the web page",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"browser": { "browser": {
"description": "Browser used to access the URL.", "description": "Browser used to access the URL.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"IE", "IE",
"Safari", "Safari",
"Chrome", "Chrome",
"Firefox", "Firefox",
"Opera mini", "Opera mini",
"Chromium" "Chromium"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"domain-name": { "domain-name": {
"description": "Domain of the URL.", "description": "Domain of the URL.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"domain-ip": { "domain-ip": {
"description": "IP of the URL domain.", "description": "IP of the URL domain.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-src" "misp-attribute": "ip-src"
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.", "description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373", "uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373",
"name": "tsk-web-bookmark" "name": "tsk-web-bookmark"
} }

View File

@ -1,67 +1,67 @@
{ {
"required": [ "required": [
"URL", "URL",
"name", "name",
"value" "value"
], ],
"attributes": { "attributes": {
"URL": { "URL": {
"description": "The website URL that created the cookie.", "description": "The website URL that created the cookie.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link" "misp-attribute": "link"
}, },
"datetime-created": { "datetime-created": {
"description": "date and time when the cookie was created.", "description": "date and time when the cookie was created.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Name of the cookie ", "description": "Name of the cookie ",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"value": { "value": {
"description": "Value assigned to the cookie.", "description": "Value assigned to the cookie.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"browser": { "browser": {
"description": "Browser on which the cookie was created.", "description": "Browser on which the cookie was created.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"IE", "IE",
"Safari", "Safari",
"Chrome", "Chrome",
"Firefox", "Firefox",
"Opera mini", "Opera mini",
"Chromium" "Chromium"
], ],
"misp-attribute": "text" "misp-attribute": "text"
}, },
"domain-name": { "domain-name": {
"description": "Domain of the URL that created the cookie.", "description": "Domain of the URL that created the cookie.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"domain-ip": { "domain-ip": {
"description": "IP of the domain that created the URL.", "description": "IP of the domain that created the URL.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-src" "misp-attribute": "ip-src"
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.", "description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d", "uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d",
"name": "tsk-web-cookie" "name": "tsk-web-cookie"
} }

View File

@ -1,55 +1,55 @@
{ {
"required": [ "required": [
"URL", "URL",
"name" "name"
], ],
"attributes": { "attributes": {
"URL": { "URL": {
"description": "The URL used to download the file.", "description": "The URL used to download the file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link" "misp-attribute": "link"
}, },
"datetime-accessed": { "datetime-accessed": {
"description": "date and time when the file was downloaded.", "description": "date and time when the file was downloaded.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Name of the file downloaded.", "description": "Name of the file downloaded.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"path-downloadedTo": { "path-downloadedTo": {
"description": "Location the file was downloaded to.", "description": "Location the file was downloaded to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"pathID": { "pathID": {
"description": "Id of the attribute file where the information is gathered from.", "description": "Id of the attribute file where the information is gathered from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"attachment": { "attachment": {
"description": "The downloaded file itself.", "description": "The downloaded file itself.",
"ui-priority": 1, "ui-priority": 1,
"misp-attribute": "attachment", "misp-attribute": "attachment",
"disable_correlation": true "disable_correlation": true
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An Object Template to add web-downloads", "description": "An Object Template to add web-downloads",
"meta-category": "File", "meta-category": "File",
"uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26", "uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26",
"name": "tsk-web-downloads" "name": "tsk-web-downloads"
} }

View File

@ -1,68 +1,68 @@
{ {
"required": [ "required": [
"URL", "URL",
"datetime-accessed" "datetime-accessed"
], ],
"attributes": { "attributes": {
"URL": { "URL": {
"description": "The URL accessed.", "description": "The URL accessed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link" "misp-attribute": "link"
}, },
"datetime-accessed": { "datetime-accessed": {
"description": "date and the time when the URL was accessed.", "description": "date and the time when the URL was accessed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"referrer": { "referrer": {
"description": "where the URL was referred from ", "description": "where the URL was referred from ",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"title": { "title": {
"description": "Title of the web page", "description": "Title of the web page",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"domain-name": { "domain-name": {
"description": "Domain of the URL.", "description": "Domain of the URL.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"domain-ip": { "domain-ip": {
"description": "IP of the URL domain.", "description": "IP of the URL domain.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-src" "misp-attribute": "ip-src"
}, },
"browser": { "browser": {
"description": "Browser used to access the URL.", "description": "Browser used to access the URL.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"IE", "IE",
"Safari", "Safari",
"Chrome", "Chrome",
"Firefox", "Firefox",
"Opera mini", "Opera mini",
"Chromium" "Chromium"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An Object Template to share web history information", "description": "An Object Template to share web history information",
"meta-category": "misc", "meta-category": "misc",
"uuid": "e1325e52-e52e-49b1-89ad-d503c127c698", "uuid": "e1325e52-e52e-49b1-89ad-d503c127c698",
"name": "tsk-web-history" "name": "tsk-web-history"
} }

View File

@ -1,66 +1,66 @@
{ {
"required": [ "required": [
"domain", "domain",
"text" "text"
], ],
"attributes": { "attributes": {
"domain": { "domain": {
"description": "The domain of the search engine.", "description": "The domain of the search engine.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"sane_default": [ "sane_default": [
"Google", "Google",
"Yahoo", "Yahoo",
"Bing", "Bing",
"Alta Vista", "Alta Vista",
"MSN" "MSN"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"text": { "text": {
"description": "the search word or sentence.", "description": "the search word or sentence.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"datetime-searched": { "datetime-searched": {
"description": "date and time when the search was conducted.", "description": "date and time when the search was conducted.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"browser": { "browser": {
"description": "Browser used.", "description": "Browser used.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"IE", "IE",
"Safari", "Safari",
"Chrome", "Chrome",
"Firefox", "Firefox",
"Opera mini", "Opera mini",
"Chromium" "Chromium"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"username": { "username": {
"description": "User name or ID associated with the search.", "description": "User name or ID associated with the search.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"categories": [ "categories": [
"External analysis" "External analysis"
], ],
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "An Object Template to share web search query information", "description": "An Object Template to share web search query information",
"meta-category": "misc", "meta-category": "misc",
"uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e", "uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e",
"name": "tsk-web-search-query" "name": "tsk-web-search-query"
} }

View File

@ -1,171 +1,171 @@
{ {
"required": [ "required": [
"source", "source",
"type", "type",
"name" "name"
], ],
"attributes": { "attributes": {
"event-id": { "event-id": {
"description": "A unique number which identifies the event.", "description": "A unique number which identifies the event.",
"ui-priority": 1, "ui-priority": 1,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Name of the event.", "description": "Name of the event.",
"ui-priority": 2, "ui-priority": 2,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"event-channel": { "event-channel": {
"description": " Channel through which the event occurred", "description": " Channel through which the event occurred",
"ui-priority": 3, "ui-priority": 3,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true, "disable_correlation": true,
"sane-default": [ "sane-default": [
"Application", "Application",
"System", "System",
"Security", "Security",
"Setup", "Setup",
"other" "other"
] ]
}, },
"event-type": { "event-type": {
"description": "Event-type assigned to the event", "description": "Event-type assigned to the event",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true, "disable_correlation": true,
"sane-default": [ "sane-default": [
"Admin", "Admin",
"Operational", "Operational",
"Audit", "Audit",
"Analytic", "Analytic",
"Debug", "Debug",
"other" "other"
] ]
}, },
"source": { "source": {
"description": "The source of the event log - application/software that logged the event.", "description": "The source of the event log - application/software that logged the event.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"event-date-time": { "event-date-time": {
"description": "Date and time when the event was logged.", "description": "Date and time when the event was logged.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"level": { "level": {
"description": "Determines the event severity.", "description": "Determines the event severity.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"Information", "Information",
"Warning", "Warning",
"Error", "Error",
"Critical", "Critical",
"Success Audit", "Success Audit",
"Failure Audit" "Failure Audit"
] ]
}, },
"Computer": { "Computer": {
"description": "Computer name on which the event occurred", "description": "Computer name on which the event occurred",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"User": { "User": {
"description": "Name or the User ID the event is associated with.", "description": "Name or the User ID the event is associated with.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Operational-code": { "Operational-code": {
"description": "The opcode (numeric value or name) associated with the activity carried out by the event.", "description": "The opcode (numeric value or name) associated with the activity carried out by the event.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"log": { "log": {
"description": "Log file where the event was recorded.", "description": "Log file where the event was recorded.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"task-category": { "task-category": {
"description": "Activity by the event publisher", "description": "Activity by the event publisher",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Keywords": { "Keywords": {
"description": "Tags used for the event for the purpose of filtering or searching.", "description": "Tags used for the event for the purpose of filtering or searching.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"Network", "Network",
"Security", "Security",
"Resource not found", "Resource not found",
"other" "other"
] ]
}, },
"Processor-ID": { "Processor-ID": {
"description": "ID of the processor that processed the event.", "description": "ID of the processor that processed the event.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Thread-ID": { "Thread-ID": {
"description": "Thread id that generated the event.", "description": "Thread id that generated the event.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Session-ID": { "Session-ID": {
"description": "Terminal server session ID.", "description": "Terminal server session ID.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Correlation-ID": { "Correlation-ID": {
"description": "Unique activity identity which relates the event to a process. ", "description": "Unique activity identity which relates the event to a process. ",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"Relative-Correlation-ID": { "Relative-Correlation-ID": {
"description": "Related activity ID which identity similar activities which occurred as a part of the event.", "description": "Related activity ID which identity similar activities which occurred as a part of the event.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"kernel-time": { "kernel-time": {
"description": "Execution time of the kernel mode instruction.", "description": "Execution time of the kernel mode instruction.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"user-time": { "user-time": {
"description": "Date and time when the user instruction was executed.", "description": "Date and time when the user instruction was executed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"Event-data": { "Event-data": {
"description": "Event data description.", "description": "Event data description.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Event log object template to share information of the activities conducted on a system. ", "description": "Event log object template to share information of the activities conducted on a system. ",
"meta-category": "misc", "meta-category": "misc",
"uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e", "uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e",
"name": "python-etvx-event-log" "name": "python-etvx-event-log"
} }

View File

@ -1,98 +1,98 @@
{ {
"required": [ "required": [
"key" "key"
], ],
"requiredOneOf": [ "requiredOneOf": [
"logon-user-name" "logon-user-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Registry key where the information is retrieved from.", "description": "Registry key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"logon-user-name": { "logon-user-name": {
"description": "Name assigned to the user profile.", "description": "Name assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"recent-folders-accessed": { "recent-folders-accessed": {
"description": "List of recent folders accessed by the user.", "description": "List of recent folders accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"recent-files-accessed": { "recent-files-accessed": {
"description": "List of recent files accessed by the user.", "description": "List of recent files accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"typed-urls": { "typed-urls": {
"description": "Urls typed by the user in internet explorer", "description": "Urls typed by the user in internet explorer",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"applications-installed": { "applications-installed": {
"description": "List of applications installed.", "description": "List of applications installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"applications-run": { "applications-run": {
"description": "List of applications set to run on the system.", "description": "List of applications set to run on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"external-devices": { "external-devices": {
"description": "List of external devices connected to the system by the user.", "description": "List of external devices connected to the system by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"user-init": { "user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.", "description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"nukeOnDelete": { "nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.", "description": "Determines if the Recycle bin option has been disabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"network-connected-to": { "network-connected-to": {
"description": "List of networks the user connected the system to.", "description": "List of networks the user connected the system to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"mount-points": { "mount-points": {
"description": "Details of the mount points created on the system.", "description": "Details of the mount points created on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true, "multiple": true,
"disable_correlation": true "disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional information related to the user profile", "description": "Additional information related to the user profile",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65", "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"name": "regripper-NTUser" "name": "regripper-NTUser"
} }

View File

@ -1,68 +1,68 @@
{ {
"required": [ "required": [
"key" "key"
], ],
"requiredOneOf": [ "requiredOneOf": [
"user-name", "user-name",
"last-login-time", "last-login-time",
"login-count" "login-count"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Registry key where the information is retrieved from.", "description": "Registry key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"user-name": { "user-name": {
"description": "User name assigned to the user profile.", "description": "User name assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"full-user-name": { "full-user-name": {
"description": "Full name assigned to the user profile.", "description": "Full name assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-login-time": { "last-login-time": {
"description": "Date and time when the user last logged onto the system.", "description": "Date and time when the user last logged onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"pwd-reset-time": { "pwd-reset-time": {
"description": "Date and time when the password was last reset.", "description": "Date and time when the password was last reset.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"pwd-fail-date": { "pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.", "description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"login-count": { "login-count": {
"description": "Number of times the user logged-in onto the system.", "description": "Number of times the user logged-in onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"comments": { "comments": {
"description": "Full name assigned to the user profile.", "description": "Full name assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
"name": "regripper-sam-hive-single-user" "name": "regripper-sam-hive-single-user"
} }

View File

@ -1,54 +1,54 @@
{ {
"required": [ "required": [
"key" "key"
], ],
"requiredOneOf": [ "requiredOneOf": [
"group-name" "group-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Registry key where the information is retrieved from.", "description": "Registry key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"group-name": { "group-name": {
"description": "Name assigned to the profile.", "description": "Name assigned to the profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"full-name": { "full-name": {
"description": "Full name assigned to the profile.", "description": "Full name assigned to the profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-date-time": { "last-write-date-time": {
"description": "Date and time when the group key was updated.", "description": "Date and time when the group key was updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"group-comment": { "group-comment": {
"description": "Any group comment added.", "description": "Any group comment added.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"group-users": { "group-users": {
"description": "Users belonging to the group", "description": "Users belonging to the group",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
"name": "regripper-sam-hive-user-group" "name": "regripper-sam-hive-user-group"
} }

View File

@ -1,59 +1,59 @@
{ {
"required": [ "required": [
"key", "key",
"BHO-name" "BHO-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"BHO-name": { "BHO-name": {
"description": "Name of the browser helper object.", "description": "Name of the browser helper object.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"BHO-key-last-write-time": { "BHO-key-last-write-time": {
"description": "Date and time when the BHO key was last updated.", "description": "Date and time when the BHO key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"class": { "class": {
"description": "Class to which the BHO belongs to.", "description": "Class to which the BHO belongs to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"module": { "module": {
"description": "DLL module the BHO belongs to.", "description": "DLL module the BHO belongs to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"references": { "references": {
"description": "References to the BHO.", "description": "References to the BHO.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", "description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2",
"name": "regripper-software-hive-BHO" "name": "regripper-software-hive-BHO"
} }

View File

@ -1,53 +1,53 @@
{ {
"required": [ "required": [
"key", "key",
"DLL-name", "DLL-name",
"DLL-path" "DLL-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"DLL-name": { "DLL-name": {
"description": "Name of the DLL file.", "description": "Name of the DLL file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"DLL-path": { "DLL-path": {
"description": "Path where the DLL file is stored.", "description": "Path where the DLL file is stored.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"DLL-last-write-time": { "DLL-last-write-time": {
"description": "Date and time when the DLL file was last updated.", "description": "Date and time when the DLL file was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"references": { "references": {
"description": "References to the DLL file.", "description": "References to the DLL file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the DLL files installed on the system.", "description": "Regripper Object template designed to gather information of the DLL files installed on the system.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859",
"name": "regripper-software-hive-appInit-DLLS" "name": "regripper-software-hive-appInit-DLLS"
} }

View File

@ -1,49 +1,49 @@
{ {
"required": [ "required": [
"key", "key",
"executable-file-name", "executable-file-name",
"path" "path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"executable-file-name": { "executable-file-name": {
"description": "Name of the executable file.", "description": "Name of the executable file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"path": { "path": {
"description": "Path of the executable file.", "description": "Path of the executable file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"references": { "references": {
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the application paths.", "description": "Regripper Object template designed to gather information of the application paths.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8",
"name": "regripper-software-hive-application-paths" "name": "regripper-software-hive-application-paths"
} }

View File

@ -1,57 +1,57 @@
{ {
"required": [ "required": [
"key", "key",
"app-name" "app-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"key-path": { "key-path": {
"description": "Path of the key.", "description": "Path of the key.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"app-name": { "app-name": {
"description": "Name of the application.", "description": "Name of the application.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"app-last-write-time": { "app-last-write-time": {
"description": "Date and time when the application key was last updated.", "description": "Date and time when the application key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"version": { "version": {
"description": "Version of the application.", "description": "Version of the application.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"references": { "references": {
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the applications installed on the system.", "description": "Regripper Object template designed to gather information of the applications installed on the system.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd",
"name": "regripper-software-hive-applications-installed" "name": "regripper-software-hive-applications-installed"
} }

View File

@ -1,55 +1,55 @@
{ {
"required": [ "required": [
"key", "key",
"shell", "shell",
"shell-path" "shell-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"shell": { "shell": {
"description": "Type of shell used to execute the command.", "description": "Type of shell used to execute the command.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default": [ "sane_default": [
"exe", "exe",
"cmd", "cmd",
"bat", "bat",
"hta", "hta",
"pif", "pif",
"Other" "Other"
], ],
"disable_correlation": true "disable_correlation": true
}, },
"shell-path": { "shell-path": {
"description": "Path of the shell.", "description": "Path of the shell.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"command": { "command": {
"description": "Command executed.", "description": "Command executed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the shell commands executed on the system.", "description": "Regripper Object template designed to gather information of the shell commands executed on the system.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978",
"name": "regripper-software-hive-command-shell" "name": "regripper-software-hive-command-shell"
} }

View File

@ -1,125 +1,125 @@
{ {
"required": [ "required": [
"win-cv-path", "win-cv-path",
"CurrentVersion" "CurrentVersion"
], ],
"attributes": { "attributes": {
"win-cv-path": { "win-cv-path": {
"description": "key where the windows information is retrieved from", "description": "key where the windows information is retrieved from",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"RegisteredOrganization": { "RegisteredOrganization": {
"description": "Name of the registered organization.", "description": "Name of the registered organization.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"RegisteredOwner": { "RegisteredOwner": {
"description": "Name of the registered owner.", "description": "Name of the registered owner.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"CurrentVersion": { "CurrentVersion": {
"description": "Current version of windows", "description": "Current version of windows",
"ui-priority": 0, "ui-priority": 0,
"disable_correlation": true "disable_correlation": true
}, },
"CurrentBuild": { "CurrentBuild": {
"description": "Build number of the windows OS.", "description": "Build number of the windows OS.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"SoftwareType": { "SoftwareType": {
"description": "Software type of windows.", "description": "Software type of windows.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"System", "System",
"Application", "Application",
"other" "other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"InstallationType": { "InstallationType": {
"description": "Type of windows installation.", "description": "Type of windows installation.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"InstallDate": { "InstallDate": {
"description": "Date when windows was installed.", "description": "Date when windows was installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"SystemRoot": { "SystemRoot": {
"description": "Root directory.", "description": "Root directory.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"PathName": { "PathName": {
"description": "Path to the root directory.", "description": "Path to the root directory.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"EditionID": { "EditionID": {
"description": "Windows edition.", "description": "Windows edition.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"ProductName": { "ProductName": {
"description": "Name of the windows version.", "description": "Name of the windows version.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"ProductID": { "ProductID": {
"description": "ID of the product version.", "description": "ID of the product version.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"CSDVersion": { "CSDVersion": {
"description": "Version of the service pack installed.", "description": "Version of the service pack installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"CurrentBuildType": { "CurrentBuildType": {
"description": "Current build type of the OS.", "description": "Current build type of the OS.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"BuildLab": { "BuildLab": {
"description": "Windows BuildLab string.", "description": "Windows BuildLab string.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"BuildGUID": { "BuildGUID": {
"description": "Build ID.", "description": "Build ID.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"BuildLabEx": { "BuildLabEx": {
"description": "Windows BuildLabEx string.", "description": "Windows BuildLabEx string.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "", "misp-attribute": "",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", "description": "Regripper Object template designed to gather general windows information extracted from the software-hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1",
"name": "regripper-software-hive-windows-general-info" "name": "regripper-software-hive-windows-general-info"
} }

View File

@ -1,63 +1,63 @@
{ {
"required": [ "required": [
"key", "key",
"application-name", "application-name",
"application-path" "application-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"Run", "Run",
"RunOnce", "RunOnce",
"Runservices", "Runservices",
"Terminal", "Terminal",
"Other" "Other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"key-path": { "key-path": {
"description": "Path of the key.", "description": "Path of the key.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"application-name": { "application-name": {
"description": "Name of the application run.", "description": "Name of the application run.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"application-path": { "application-path": {
"description": "Path where the application is installed.", "description": "Path where the application is installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"references": { "references": {
"description": "References to the applications.", "description": "References to the applications.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information of the applications set to run on the system.", "description": "Regripper Object template designed to gather information of the applications set to run on the system.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94",
"name": "regripper-software-hive-software-run" "name": "regripper-software-hive-software-run"
} }

View File

@ -1,160 +1,160 @@
{ {
"required": [ "required": [
"user-profile-key-path", "user-profile-key-path",
"SID" "SID"
], ],
"attributes": { "attributes": {
"user-profile-key-path": { "user-profile-key-path": {
"description": "key where the user-profile information is retrieved from.", "description": "key where the user-profile information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"user-profile-key-last-write-time": { "user-profile-key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"user-profile-path": { "user-profile-path": {
"description": "Path of the user profile on the system", "description": "Path of the user profile on the system",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"SID": { "SID": {
"description": "Security identifier assigned to the user profile.", "description": "Security identifier assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"user-profile-last-write-time": { "user-profile-last-write-time": {
"description": "Date and time when the user profile was last updated.", "description": "Date and time when the user profile was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"winlogon-key-path": { "winlogon-key-path": {
"description": "winlogon key referred in order to retrieve default user information", "description": "winlogon key referred in order to retrieve default user information",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"winlogon-key-last-write-time": { "winlogon-key-last-write-time": {
"description": "Date and time when the winlogon key was last updated.", "description": "Date and time when the winlogon key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"DefaultUserName": { "DefaultUserName": {
"description": "user-name of the default user.", "description": "user-name of the default user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Shell": { "Shell": {
"description": "Shell set to run when the user logs onto the system.", "description": "Shell set to run when the user logs onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true, "disable_correlation": true,
"multiple": true "multiple": true
}, },
"UserInit": { "UserInit": {
"description": "Applications and files set to run when the user logs onto the system (User logon activity).", "description": "Applications and files set to run when the user logs onto the system (User logon activity).",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"Legal-notice-caption": { "Legal-notice-caption": {
"description": "Message title set to display when the user logs-in.", "description": "Message title set to display when the user logs-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true, "multiple": true,
"disable_correlation": true "disable_correlation": true
}, },
"Legal-notice-text": { "Legal-notice-text": {
"description": "Message set to display when the user logs-in.", "description": "Message set to display when the user logs-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true, "multiple": true,
"disable_correlation": true "disable_correlation": true
}, },
"PreCreateKnownFolders": { "PreCreateKnownFolders": {
"description": "create known folders key", "description": "create known folders key",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"ReportBootOk": { "ReportBootOk": {
"description": "Flag to check if the reboot was successful.", "description": "Flag to check if the reboot was successful.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"AutoRestartShell": { "AutoRestartShell": {
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"PasswordExpiryWarining": { "PasswordExpiryWarining": {
"description": "Number of times the password expiry warning appeared.", "description": "Number of times the password expiry warning appeared.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"PowerdownAfterShutDown": { "PowerdownAfterShutDown": {
"description": "Flag value- if the system is set to power down after it is shutdown.", "description": "Flag value- if the system is set to power down after it is shutdown.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"ShutdownWithoutLogon": { "ShutdownWithoutLogon": {
"description": "Value of the flag set to enable shutdown without requiring a user to login.", "description": "Value of the flag set to enable shutdown without requiring a user to login.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"WinStationsDisabled": { "WinStationsDisabled": {
"description": "Flag value set to enable/disable logons to the system.", "description": "Flag value set to enable/disable logons to the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"DisableCAD": { "DisableCAD": {
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"AutoAdminLogon": { "AutoAdminLogon": {
"description": "Flag value to determine if autologon is enabled for a user without entering the password.", "description": "Flag value to determine if autologon is enabled for a user without entering the password.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"CachedLogonCount": { "CachedLogonCount": {
"description": "Number of times the user has logged into the system.", "description": "Number of times the user has logged into the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"ShutdownFlags": { "ShutdownFlags": {
"description": "Number of times shutdown is initiated from a process when the user is logged-in.", "description": "Number of times shutdown is initiated from a process when the user is logged-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"Comments": { "Comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.", "description": "Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59", "uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59",
"name": "regripper-software-hive-userprofile-winlogon" "name": "regripper-software-hive-userprofile-winlogon"
} }

View File

@ -1,50 +1,50 @@
{ {
"required": [ "required": [
"profile" "profile"
], ],
"attributes": { "attributes": {
"profile": { "profile": {
"description": "Firewall Profile type", "description": "Firewall Profile type",
"ui-priority": 0, "ui-priority": 0,
"sane-default": [ "sane-default": [
"Domain Profile", "Domain Profile",
"Standard Profile", "Standard Profile",
"Network Profile", "Network Profile",
"Public Profile", "Public Profile",
"Private Profile", "Private Profile",
"other" "other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the firewall profile policy was last updated.", "description": "Date and time when the firewall profile policy was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"enbled-firewall": { "enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.", "description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"disable-notification": { "disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.", "description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"name": "regripper-system-hive-firewall-configuration" "name": "regripper-system-hive-firewall-configuration"
} }

View File

@ -1,89 +1,89 @@
{ {
"required": [ "required": [
"computer-name" "computer-name"
], ],
"attributes": { "attributes": {
"computer-name": { "computer-name": {
"description": "name of the computer under analysis", "description": "name of the computer under analysis",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"shutdown-time": { "shutdown-time": {
"description": "Date and time when the system was shutdown.", "description": "Date and time when the system was shutdown.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-last-write-time": { "timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.", "description": "Date and time when the timezone key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-bias": { "timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-standard-name": { "timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.", "description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-standard-date": { "timezone-standard-date": {
"description": "Standard date - non daylight saving months", "description": "Standard date - non daylight saving months",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-standard-bias": { "timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-daylight-name": { "timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.", "description": "Timezone name used during daylight saving months.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-daylight-date": { "timezone-daylight-date": {
"description": "Daylight date - daylight saving months", "description": "Daylight date - daylight saving months",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"timezone-daylight-bias": { "timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"fDenyTSConnections:": { "fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.", "description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "", "misp-attribute": "",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present general system properties extracted from the system-hive.", "description": "Regripper Object template designed to present general system properties extracted from the system-hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"name": "regripper-system-hive-general-configuration" "name": "regripper-system-hive-general-configuration"
} }

View File

@ -1,106 +1,106 @@
{ {
"required": [ "required": [
"network-key" "network-key"
], ],
"attributes": { "attributes": {
"network-key": { "network-key": {
"description": "Registry key assigned to the network", "description": "Registry key assigned to the network",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"network-key-last-write-time": { "network-key-last-write-time": {
"description": "Date and time when the network key was last updated.", "description": "Date and time when the network key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"network-key-path": { "network-key-path": {
"description": "Path of the key where the information is retrieved from.", "description": "Path of the key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"TCPIP-key": { "TCPIP-key": {
"description": "TCPIP key", "description": "TCPIP key",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"TCPIP-key-last-write-time": { "TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.", "description": "Datetime when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"DHCP-domain": { "DHCP-domain": {
"description": "Name of the DHCP domain service", "description": "Name of the DHCP domain service",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"DHCP-IP-address": { "DHCP-IP-address": {
"description": "DHCP service - IP address", "description": "DHCP service - IP address",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dst" "misp-attribute": "ip-dst"
}, },
"DHCP-subnet-mask": { "DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.", "description": "DHCP subnet mask - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dst" "misp-attribute": "ip-dst"
}, },
"DHCP-name-server": { "DHCP-name-server": {
"description": "DHCP Name server - IP address.", "description": "DHCP Name server - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dst" "misp-attribute": "ip-dst"
}, },
"DHCP-server": { "DHCP-server": {
"description": "DHCP server - IP address.", "description": "DHCP server - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dst" "misp-attribute": "ip-dst"
}, },
"interface-GUID": { "interface-GUID": {
"description": "GUID value assigned to the interface.", "description": "GUID value assigned to the interface.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"interface-last-write-time": { "interface-last-write-time": {
"description": "Last date and time when the interface key was updated.", "description": "Last date and time when the interface key was updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"interface-name": { "interface-name": {
"description": "Name of the interface.", "description": "Name of the interface.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"interface-PnpInstanceID": { "interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.", "description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"interface-MediaSubType": { "interface-MediaSubType": {
"description": "", "description": "",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"interface-IPcheckingEnabled": { "interface-IPcheckingEnabled": {
"description": "", "description": "",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"disable_correlation": true "disable_correlation": true
}, },
"additional-comments": { "additional-comments": {
"description": "Comments.", "description": "Comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper object template designed to gather network information from the system-hive.", "description": "Regripper object template designed to gather network information from the system-hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"name": "regripper-system-hive-network-information." "name": "regripper-system-hive-network-information."
} }

View File

@ -1,98 +1,98 @@
{ {
"required": [ "required": [
"name" "name"
], ],
"attributes": { "attributes": {
"name": { "name": {
"description": "name of the key", "description": "name of the key",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"display": { "display": {
"description": "Display name/information of the service or the driver.", "description": "Display name/information of the service or the driver.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"image-path": { "image-path": {
"description": "Path of the service/drive", "description": "Path of the service/drive",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"type": { "type": {
"description": "Service/driver type.", "description": "Service/driver type.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"Kernel driver", "Kernel driver",
"File system driver", "File system driver",
"Own process", "Own process",
"Share process", "Share process",
"Interactive", "Interactive",
"Other" "Other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"start": { "start": {
"description": "When the service/driver starts or executes.", "description": "When the service/driver starts or executes.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"Boot start", "Boot start",
"System start", "System start",
"Auto start", "Auto start",
"Manual", "Manual",
"Disabled" "Disabled"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"group": { "group": {
"description": "Group to which the system/driver belong to.", "description": "Group to which the system/driver belong to.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"Base", "Base",
"Boot Bus Extender", "Boot Bus Extender",
"Boot File System", "Boot File System",
"Cryptography", "Cryptography",
"Extended base", "Extended base",
"Event Log", "Event Log",
"Filter", "Filter",
"FSFilter Bottom", "FSFilter Bottom",
"FSFilter Infrastructure", "FSFilter Infrastructure",
"File System", "File System",
"FSFilter Virtualization", "FSFilter Virtualization",
"Keyboard Port", "Keyboard Port",
"Network", "Network",
"NDIS", "NDIS",
"Parallel arbitrator", "Parallel arbitrator",
"Pointer Port", "Pointer Port",
"PnP Filter", "PnP Filter",
"ProfSvc_Group", "ProfSvc_Group",
"PNP_TDI", "PNP_TDI",
"SCSI Miniport", "SCSI Miniport",
"SCSI CDROM Class", "SCSI CDROM Class",
"System Bus Extender", "System Bus Extender",
"Video Save", "Video Save",
"other" "other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "", "misp-attribute": "",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73",
"name": "regripper-system-hive-services-drivers" "name": "regripper-system-hive-services-drivers"
} }