diff --git a/objects/ADS/definition.json b/objects/ADS/definition.json index a37afdd..2d23077 100644 --- a/objects/ADS/definition.json +++ b/objects/ADS/definition.json @@ -1,5 +1,10 @@ { "attributes": { + "acd-element": { + "description": "lists the steps required to generate a representative true positive event which triggers this alert.", + "misp-attribute": "text", + "ui-priority": 0 + }, "additional_resources": { "description": "Any other internal, external, or technical references that may be useful for understanding the ADS.", "misp-attribute": "url", @@ -61,11 +66,6 @@ "description": "lists the steps required to generate a representative true positive event which triggers this alert.", "misp-attribute": "text", "ui-priority": 5 - }, - "acd-element": { - "description": "lists the steps required to generate a representative true positive event which triggers this alert.", - "misp-attribute": "text", - "ui-priority": 0 } }, "description": "An object defining ADS - Alerting and Detection Strategy by PALANTIR. Can be used for detection engineering.", @@ -78,4 +78,4 @@ ], "uuid": "07a7f4cf-e738-47ad-b045-34c3b382f3b4", "version": 1 -} +} \ No newline at end of file diff --git a/objects/groups/definition.json b/objects/groups/definition.json index a9aa6b4..68f1fd0 100644 --- a/objects/groups/definition.json +++ b/objects/groups/definition.json @@ -1,12 +1,5 @@ { "attributes": { - "names": { - "description": "Names or nicknames for group.", - "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 0 - }, "country": { "description": "Country of group - group location where it operates from.", "disable_correlation": false, @@ -14,20 +7,6 @@ "multiple": true, "ui-priority": 1 }, - "sponsor": { - "description": "Sponsor of group ie. country, state, criminal ring, cartel etc..", - "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 2 - }, - "motivation": { - "description": "Motivation behind group ie. espionage, ransomware, other criminal activity, hacktivism . . .", - "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 3 - }, "description": { "description": "Description of group activities or TTP used for group actions.", "disable_correlation": false, @@ -35,6 +14,27 @@ "multiple": false, "ui-priority": 4 }, + "more informations": { + "description": "List more informations by url - reports, group links etc..", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 7 + }, + "motivation": { + "description": "Motivation behind group ie. espionage, ransomware, other criminal activity, hacktivism . . .", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 3 + }, + "names": { + "description": "Names or nicknames for group.", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, "observed": { "description": "What sector is this group active at? Government, telecommunication etc and country of activity.", "disable_correlation": false, @@ -42,19 +42,19 @@ "multiple": true, "ui-priority": 5 }, + "sponsor": { + "description": "Sponsor of group ie. country, state, criminal ring, cartel etc..", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 2 + }, "tools used": { "description": "What known tools are used by group.", "disable_correlation": false, "misp-attribute": "text", "multiple": true, "ui-priority": 6 - }, - "more informations": { - "description": "List more informations by url - reports, group links etc..", - "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 7 } }, "description": "Adversary group cards inspired by ThaiCERT", @@ -65,4 +65,4 @@ ], "uuid": "f42db88d-1889-4c2f-a903-971cf8e65174", "version": 1 -} +} \ No newline at end of file diff --git a/objects/persnona/definition.json b/objects/persnona/definition.json index 475f153..d3438d3 100644 --- a/objects/persnona/definition.json +++ b/objects/persnona/definition.json @@ -1,18 +1,11 @@ { "attributes": { - "photo": { - "description": "Photo of PersNOna, url where is photo uploaded or website of fake profile as LinkedIn etc.", + "actions": { + "description": "Actions by this PersNOna or engagement with adversary or relateda party.", "disable_correlation": false, - "misp-attribute": "url", - "multiple": false, - "ui-priority": 0 - }, - "name": { - "description": "Name - full name of PersNOna.", - "disable_correlation": false, - "misp-attribute": "full-name", + "misp-attribute": "text", "multiple": true, - "ui-priority": 1 + "ui-priority": 7 }, "alias": { "description": "Aliases or Nicknames of fake PesNOna on differenet media.", @@ -28,26 +21,12 @@ "multiple": true, "ui-priority": 2 }, - "location": { - "description": "Location, where PersNOna is right now at home, home town, county, country etc.", - "disable_correlation": true, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 3 - }, - "responsi": { - "description": "Responsibilities of PersNOna, who this PersNOna communicates with, what should discuss and how far.", + "conversations": { + "description": "Conversations with targets", "disable_correlation": false, "misp-attribute": "text", "multiple": true, - "ui-priority": 4 - }, - "goals": { - "description": "Goals of creating of this PersNOna.", - "disable_correlation": true, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 5 + "ui-priority": 10 }, "critical_tasks": { "description": "Critical Tasks or tasks which this PersNOna has to accomplish.", @@ -56,19 +35,33 @@ "multiple": true, "ui-priority": 6 }, - "actions": { - "description": "Actions by this PersNOna or engagement with adversary or relateda party.", - "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 7 - }, - "questions": { - "description": "Questions, which have to be answered by this profile goal.", + "goals": { + "description": "Goals of creating of this PersNOna.", "disable_correlation": true, "misp-attribute": "text", "multiple": true, - "ui-priority": 8 + "ui-priority": 5 + }, + "location": { + "description": "Location, where PersNOna is right now at home, home town, county, country etc.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 3 + }, + "media": { + "description": "Media where is PersNOna active ie. facebook, telegram etc.", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 10 + }, + "name": { + "description": "Name - full name of PersNOna.", + "disable_correlation": false, + "misp-attribute": "full-name", + "multiple": true, + "ui-priority": 1 }, "oppportunities": { "description": "Opportunities for another development, introducing another PersNOna etc.", @@ -77,19 +70,26 @@ "multiple": true, "ui-priority": 9 }, - "conversations": { - "description": "Conversations with targets", + "photo": { + "description": "Photo of PersNOna, url where is photo uploaded or website of fake profile as LinkedIn etc.", "disable_correlation": false, - "misp-attribute": "text", - "multiple": true, - "ui-priority": 10 + "misp-attribute": "url", + "multiple": false, + "ui-priority": 0 }, - "media": { - "description": "Media where is PersNOna active ie. facebook, telegram etc.", + "questions": { + "description": "Questions, which have to be answered by this profile goal.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 8 + }, + "responsi": { + "description": "Responsibilities of PersNOna, who this PersNOna communicates with, what should discuss and how far.", "disable_correlation": false, "misp-attribute": "text", "multiple": true, - "ui-priority": 10 + "ui-priority": 4 } }, "description": "Fake persona with tasks", @@ -100,4 +100,4 @@ ], "uuid": "a80828dc-07bf-4d5c-ab82-8160ee5bdd6d", "version": 1 -} +} \ No newline at end of file