MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

new: New object describing user accounts

pull/187/head
chrisr3d 2019-07-08 11:18:21 +02:00
parent d502c254cc
commit b96e7ed8be
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 137 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -150,6 +150,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
* [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform. * [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
* [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction. * [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction.
* [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata. * [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
* [objects/user-account](objects/user-account/definition.json) - Object describing a user account (UNIX, Windows, etc).
* [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration. * [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
* [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused. * [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused.
* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report. * [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.

136
objects/user-account/definition.json Normal file
View File

@ -0,0 +1,136 @@
{
"name": "user-account",
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
"meta-category": "misc",
"description": "",
"version": 1,
"requiredOneOf": [
"password",
"username"
],
"attributes": {
"text": {
"description": "A description of the user account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "text"
},
"username": {
"description": "Username related to the password.",
"ui-priority": 1,
"misp-attributes": "text"
},
"user-id": {
"description": "Identifier of the account.",
"ui-priority": 1,
"misp-attributes": "text"
},
"password": {
"description": "Password related to the username.",
"ui-priority": 1,
"misp-attributes": "text"
},
"display-name": {
"description": "Display name of the account.",
"ui-priority": 1,
"misp-attributes": "text"
},
"account-type": {
"description": "Type of the account.",
"ui-priority": 1,
"misp-attributes": "text",
"sane_default": [
"facebook",
"ldap",
"nis",
"openid",
"radius",
"skype",
"tacacs",
"twitter",
"unix",
"windows-local",
"windows-domain"
]
},
"is_service_account": {
"description": "Specifies if the account is associated with a network service.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "boolean"
},
"privileged": {
"description": "Specifies if the account has privileges such as root rights.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "boolean"
},
"can_escalate_privs": {
"description": "Specifies if the account has the ability to escalate privileges.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "boolean"
},
"disabled": {
"description": "Specifies if the account is desabled.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "boolean"
},
"created": {
"description": "Creation time of the account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "datetime"
},
"expires": {
"description": "Expiration time of the account",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "datetime"
},
"first_login": {
"description": "First time someone logged in to the account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "datetime"
},
"last_login": {
"description": "Last time someone logged in to the account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "datetime"
},
"password_last_changed": {
"description": "Last time the password has been changed.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "datetime"
},
"group-id": {
"description": "Identifier of the primary group of the account, in case of a UNIX account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "text"
},
"group": {
"description": "UNIX group(s) the account is member of.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "text",
"multiple": true
},
"home_dir": {
"description": "Home directory of the UNIX account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "text"
},
"shell": {
"description": "UNIX command shell of the account.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attributes": "text"
}
}
}