MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

wip: [event] New object template to describe events that can happen during an incident

pull/396/head
Christian Studer 2023-06-22 12:28:47 +02:00
parent 1a05a9f253
commit c5c8f35fb4
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 172 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
objects/event/definition.json Normal file
View File

@ -0,0 +1,172 @@
{
"attributes": {
"description": {
"description": "Description of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the event was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"event_type": {
"description": "Type of event.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"aggregation-information-phishing-schemes",
"benign",
"blocked",
"brute-force-attempt",
"c&c-server-hosting",
"compromised-system",
"confirmed",
"connection-malware-port",
"connection-malware-system",
"content-forbidden-by-law",
"control-system-bypass",
"copyrighted-content",
"data-exfiltration",
"deferred",
"deletion-information",
"denial-of-service",
"destruction",
"dictionary-attack-attempt",
"discarded",
"disruption-data-transmission",
"dissemination-malware-email",
"dissemination-phishing-emails",
"dns-cache-poisoning",
"dns-local-resolver-hijacking",
"dns-spoofing-registered",
"dns-rebinding",
"dns-server-compromise",
"dns-spoofing-unregistered",
"dns-stub-resolver-hijacking",
"dns-zone-transfer",
"domain-name-compromise",
"duplicate",
"email-flooding",
"equipment-loss",
"equipment-theft",
"exploit",
"exploit-attempt",
"exploit-framework-exhausting-resources",
"exploit-tool-exhausting-resources",
"failed",
"file-inclusion",
"file-inclusion-attempt",
"hosting-malware-webpage",
"hosting-phishing-sites",
"illegitimate-use-name",
"illegitimate-use-resources",
"infected-by-known-malware",
"insufficient-data",
"known-malware",
"lame-delegations",
"major",
"modification-information",
"misconfiguration",
"natural",
"network-scanning",
"no-apt",
"packet-flood",
"password-cracking-attempt",
"ransomware",
"refuted",
"scan-probe",
"silently-discarded",
"supply-chain-customer",
"supply-chain-vendor",
"spam",
"sql-injection",
"sql-injection-attempt",
"successful",
"system-probe",
"theft-access-credentials",
"unattributed",
"unauthorized-access-information",
"unauthorized-access-system",
"unauthorized-equipment",
"unauthorized-release",
"unauthorized-use",
"undetermined",
"unintentional",
"unknown-apt",
"unspecified",
"vandalism",
"wiretapping",
"worm-spreading",
"xss",
"xss-attempt"
],
"ui-priority": 0
},
"goal": {
"description": "The assumed objective of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"name": {
"description": "Name of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"start_time": {
"description": "The date and time the event was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"status": {
"description": "Current status of the event.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"not-occurred",
"ongoing",
"occurred",
"pending",
"undetermined"
],
"ui-priority": 1
}
},
"description": "Event object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "event",
"required": [
"status"
],
"uuid": "3853b726-6a9c-43b3-8ffb-23839b07d5a9",
"version": 1
}