mirror of https://github.com/MISP/misp-objects
new: New object describing user accounts
chrisr3d
parent
d502c254cc
commit
b96e7ed8be
|
|
@ -150,6 +150,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
|
|||
* [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform.
|
||||
* [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction.
|
||||
* [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
|
||||
* [objects/user-account](objects/user-account/definition.json) - Object describing a user account (UNIX, Windows, etc).
|
||||
* [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration.
|
||||
* [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused.
|
||||
* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,136 @@
|
|||
{
|
||||
"name": "user-account",
|
||||
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
|
||||
"meta-category": "misc",
|
||||
"description": "",
|
||||
"version": 1,
|
||||
"requiredOneOf": [
|
||||
"password",
|
||||
"username"
|
||||
],
|
||||
"attributes": {
|
||||
"text": {
|
||||
"description": "A description of the user account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"username": {
|
||||
"description": "Username related to the password.",
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"user-id": {
|
||||
"description": "Identifier of the account.",
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"password": {
|
||||
"description": "Password related to the username.",
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"display-name": {
|
||||
"description": "Display name of the account.",
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"account-type": {
|
||||
"description": "Type of the account.",
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text",
|
||||
"sane_default": [
|
||||
"facebook",
|
||||
"ldap",
|
||||
"nis",
|
||||
"openid",
|
||||
"radius",
|
||||
"skype",
|
||||
"tacacs",
|
||||
"twitter",
|
||||
"unix",
|
||||
"windows-local",
|
||||
"windows-domain"
|
||||
]
|
||||
},
|
||||
"is_service_account": {
|
||||
"description": "Specifies if the account is associated with a network service.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "boolean"
|
||||
},
|
||||
"privileged": {
|
||||
"description": "Specifies if the account has privileges such as root rights.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "boolean"
|
||||
},
|
||||
"can_escalate_privs": {
|
||||
"description": "Specifies if the account has the ability to escalate privileges.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "boolean"
|
||||
},
|
||||
"disabled": {
|
||||
"description": "Specifies if the account is desabled.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "boolean"
|
||||
},
|
||||
"created": {
|
||||
"description": "Creation time of the account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "datetime"
|
||||
},
|
||||
"expires": {
|
||||
"description": "Expiration time of the account",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "datetime"
|
||||
},
|
||||
"first_login": {
|
||||
"description": "First time someone logged in to the account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "datetime"
|
||||
},
|
||||
"last_login": {
|
||||
"description": "Last time someone logged in to the account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "datetime"
|
||||
},
|
||||
"password_last_changed": {
|
||||
"description": "Last time the password has been changed.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "datetime"
|
||||
},
|
||||
"group-id": {
|
||||
"description": "Identifier of the primary group of the account, in case of a UNIX account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"group": {
|
||||
"description": "UNIX group(s) the account is member of.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"home_dir": {
|
||||
"description": "Home directory of the UNIX account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
},
|
||||
"shell": {
|
||||
"description": "UNIX command shell of the account.",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 1,
|
||||
"misp-attributes": "text"
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue