From 71419a999a361519960f6f685f79d3bdb12552a7 Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 11:55:38 +0530
Subject: [PATCH 1/8] new-object : Organization "Defines an organization"
---
objects/organization/definition.json | 79 ++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
create mode 100644 objects/organization/definition.json
diff --git a/objects/organization/definition.json b/objects/organization/definition.json
new file mode 100644
index 0000000..4d8bac1
--- /dev/null
+++ b/objects/organization/definition.json
@@ -0,0 +1,79 @@
+{
+ "requiredOneOf": [
+ "name",
+ "alias"
+ ],
+ "attributes": {
+ "name": {
+ "description": "Name of the organization",
+ "disable_correlation": false,
+ "ui-priority": 100,
+ "misp-attribute": "text"
+ },
+ "alias": {
+ "description": "Alias of the organization",
+ "ui-priority": 99,
+ "misp-attribute": "text",
+ "multiple" : true
+ },
+
+ "type-of-organizarion" : {
+ "description" : "Type of the organization",
+ "ui-priority" : 97,
+ "misp-attribute" : "text"
+ },
+ "date-of-inception": {
+ "description": "Date of inception of the organization",
+ "ui-priority": 0,
+ "misp-attribute": "date-of-birth"
+ },
+
+ "phone-number": {
+ "description": "Phone number of the organization.",
+ "ui-priority": 10,
+ "misp-attribute": "phone-number",
+ "multiple": true
+ },
+ "fax-number": {
+ "description": "Fax number of the organization.",
+ "ui-priority": 10,
+ "misp-attribute": "phone-number",
+ "multiple": true
+ },
+ "address": {
+ "description": "Postal address of the organization.",
+ "ui-priority": 10,
+ "misp-attribute": "text",
+ "multiple": true
+ },
+
+ "e-mail": {
+ "description": "Email address of the organization.",
+ "ui-priority": 10,
+ "misp-attribute": "email-src",
+ "multiple": true
+ },
+
+ "role": {
+ "description": "The role of a person.",
+ "ui-priority": 0,
+ "misp-attribute": "text",
+ "multiple": true,
+ "values_list": [
+ "Suspect",
+ "Victim",
+ "Defendent",
+ "Accused",
+ "Culprit",
+ "Accomplice",
+ "Target"
+ ],
+ "disable_correlation": true
+ }
+ },
+ "version": 10,
+ "description": "An object which describes a person or an identity.",
+ "meta-category": "organization",
+ "uuid": "ec8f8ca1-7f82-4d79-a9d0-2254303de686",
+ "name": "organization"
+}
From 161f72678a66e48a46bc73b95b9e34a7f6ab8b25 Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 12:05:51 +0530
Subject: [PATCH 2/8] modified : person object "changed UI priority of the
attributes" modified : report object "added attachment to report"
---
objects/person/definition.json | 13 +++++++------
objects/report/definition.json | 10 ++++++++--
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/objects/person/definition.json b/objects/person/definition.json
index 220f7b3..59de239 100644
--- a/objects/person/definition.json
+++ b/objects/person/definition.json
@@ -13,17 +13,17 @@
},
"last-name": {
"description": "Last name of a natural person.",
- "ui-priority": 0,
+ "ui-priority": 100,
"misp-attribute": "last-name"
},
"middle-name": {
"description": "Middle name of a natural person.",
- "ui-priority": 0,
+ "ui-priority": 99,
"misp-attribute": "middle-name"
},
"first-name": {
"description": "First name of a natural person.",
- "ui-priority": 0,
+ "ui-priority": 98,
"misp-attribute": "first-name",
"disable_correlation": true
},
@@ -34,13 +34,13 @@
},
"title": {
"description": "Title of the natural person such as Dr. or equivalent.",
- "ui-priority": 0,
+ "ui-priority": 101,
"misp-attribute": "text",
"disable_correlation": true
},
"alias": {
"description": "Alias name or known as.",
- "ui-priority": 0,
+ "ui-priority": 97,
"misp-attribute": "text",
"multiple": true
},
@@ -182,7 +182,8 @@
"Accused",
"Culprit",
"Accomplice",
- "Witness"
+ "Witness",
+ "Target"
],
"disable_correlation": true
}
diff --git a/objects/report/definition.json b/objects/report/definition.json
index cce9d89..8b83a4d 100644
--- a/objects/report/definition.json
+++ b/objects/report/definition.json
@@ -5,7 +5,7 @@
"attributes": {
"summary": {
"description": "Free text summary of the report",
- "ui-priority": 1,
+ "ui-priority": 100,
"misp-attribute": "text",
"categories": [
"Other",
@@ -21,7 +21,13 @@
"Internal reference",
"Other"
]
- }
+ },
+ "report-file(s)": {
+ "description": "Attachment(s) that is related to the report",
+ "ui-priority": 99,
+ "misp-attribute": "attachment",
+ "multiple": true
+ },
},
"version": 1,
"description": "Metadata used to generate an executive level report",
From 26987ca80a071037497d625437ea0fa1ae71da6d Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 12:11:43 +0530
Subject: [PATCH 3/8] added : meta_category "organization" #162
---
schema_objects.json | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/schema_objects.json b/schema_objects.json
index 0d80fa0..57d9c4f 100644
--- a/schema_objects.json
+++ b/schema_objects.json
@@ -68,7 +68,8 @@
"financial",
"misc",
"internal",
- "vulnerability"
+ "vulnerability",
+ "organization"
]
},
"name": {
From 23ab7351199fbdfa521a99a0fc4ef066188ebc9e Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 13:32:56 +0530
Subject: [PATCH 4/8] - added : attachment attribute to annotation - added :
new object type device
---
objects/annotation/definition.json | 8 +++-
objects/device/definition.json | 61 ++++++++++++++++++++++++++++
objects/organization/definition.json | 8 ++--
3 files changed, 72 insertions(+), 5 deletions(-)
create mode 100644 objects/device/definition.json
diff --git a/objects/annotation/definition.json b/objects/annotation/definition.json
index d062eca..2231bbc 100644
--- a/objects/annotation/definition.json
+++ b/objects/annotation/definition.json
@@ -61,7 +61,13 @@
"description": "Last update of the annotation",
"ui-priority": 0,
"misp-attribute": "datetime"
- }
+ },
+ "attachment" : {
+ "description" : "An attachment to support the annotation",
+ "ui-priority" : 0,
+ "misp-attribute": "attachment",
+ "multiple" : true
+ },
},
"version": 2,
"description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",
diff --git a/objects/device/definition.json b/objects/device/definition.json
new file mode 100644
index 0000000..dbe58ad
--- /dev/null
+++ b/objects/device/definition.json
@@ -0,0 +1,61 @@
+{
+ "requiredOneOf": [
+ "name"
+ ],
+ "attributes": {
+ "description": {
+ "description": "Description of the Device",
+ "ui-priority": 0,
+ "misp-attribute": "text",
+ "disable_correlation" : true
+ },
+ "name" : {
+ "description" : "Name of the Device",
+ "ui-priority" : 101,
+ "misp-attribute" : "text",
+ },
+ "alias" : {
+ "description" : "Alias of the Device",
+ "ui-priority" : 100,
+ "misp-attribute" : "text",
+ "multiple" : true
+ },
+ "device-type": {
+ "description": "Type of the device",
+ "ui-priority": 99,
+ "misp-attribute": "text",
+ "disable_correlation": true,
+ "categories": [
+ "PC",
+ "Mobile",
+ "Laptop",
+ "HID",
+ "TV",
+ "IoT",
+ "Hardware",
+ "Other"
+ ]
+ },
+ "ip-address": {
+ "description": "Device IP address",
+ "ui-priority": 0,
+ "misp-attribute": "ip-src"
+ },
+ "analysis-date": {
+ "description": "Date of device analysis",
+ "ui-priority": 0,
+ "misp-attribute": "datetime"
+ },
+ "attachment" : {
+ "description" : "An attachment",
+ "ui-priority" : 0,
+ "misp-attribute": "attachment",
+ "multiple" : true
+ },
+ },
+ "version": 3,
+ "description": "An object to define a device",
+ "meta-category": "device",
+ "uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52",
+ "name": "Device"
+}
diff --git a/objects/organization/definition.json b/objects/organization/definition.json
index 4d8bac1..b14bafc 100644
--- a/objects/organization/definition.json
+++ b/objects/organization/definition.json
@@ -55,7 +55,7 @@
},
"role": {
- "description": "The role of a person.",
+ "description": "The role of the organization.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true,
@@ -71,9 +71,9 @@
"disable_correlation": true
}
},
- "version": 10,
- "description": "An object which describes a person or an identity.",
+ "version": 1,
+ "description": "An object which describes an organization.",
"meta-category": "organization",
- "uuid": "ec8f8ca1-7f82-4d79-a9d0-2254303de686",
+ "uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a",
"name": "organization"
}
From df91c999e60fdc9bfb9a50003a8610648c371add Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 13:45:05 +0530
Subject: [PATCH 5/8] fixed typos and ran jq_all_things
---
objects/annotation/definition.json | 10 +++++-----
objects/device/definition.json | 30 ++++++++++++++--------------
objects/organization/definition.json | 14 +++++--------
objects/report/definition.json | 2 +-
4 files changed, 26 insertions(+), 30 deletions(-)
diff --git a/objects/annotation/definition.json b/objects/annotation/definition.json
index 2231bbc..cfadfc1 100644
--- a/objects/annotation/definition.json
+++ b/objects/annotation/definition.json
@@ -62,12 +62,12 @@
"ui-priority": 0,
"misp-attribute": "datetime"
},
- "attachment" : {
- "description" : "An attachment to support the annotation",
- "ui-priority" : 0,
+ "attachment": {
+ "description": "An attachment to support the annotation",
+ "ui-priority": 0,
"misp-attribute": "attachment",
- "multiple" : true
- },
+ "multiple": true
+ }
},
"version": 2,
"description": "An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.",
diff --git a/objects/device/definition.json b/objects/device/definition.json
index dbe58ad..50653ec 100644
--- a/objects/device/definition.json
+++ b/objects/device/definition.json
@@ -7,18 +7,18 @@
"description": "Description of the Device",
"ui-priority": 0,
"misp-attribute": "text",
- "disable_correlation" : true
+ "disable_correlation": true
},
- "name" : {
- "description" : "Name of the Device",
- "ui-priority" : 101,
- "misp-attribute" : "text",
+ "name": {
+ "description": "Name of the Device",
+ "ui-priority": 101,
+ "misp-attribute": "text"
},
- "alias" : {
- "description" : "Alias of the Device",
- "ui-priority" : 100,
- "misp-attribute" : "text",
- "multiple" : true
+ "alias": {
+ "description": "Alias of the Device",
+ "ui-priority": 100,
+ "misp-attribute": "text",
+ "multiple": true
},
"device-type": {
"description": "Type of the device",
@@ -46,12 +46,12 @@
"ui-priority": 0,
"misp-attribute": "datetime"
},
- "attachment" : {
- "description" : "An attachment",
- "ui-priority" : 0,
+ "attachment": {
+ "description": "An attachment",
+ "ui-priority": 0,
"misp-attribute": "attachment",
- "multiple" : true
- },
+ "multiple": true
+ }
},
"version": 3,
"description": "An object to define a device",
diff --git a/objects/organization/definition.json b/objects/organization/definition.json
index b14bafc..923bdc2 100644
--- a/objects/organization/definition.json
+++ b/objects/organization/definition.json
@@ -14,20 +14,18 @@
"description": "Alias of the organization",
"ui-priority": 99,
"misp-attribute": "text",
- "multiple" : true
+ "multiple": true
},
-
- "type-of-organizarion" : {
- "description" : "Type of the organization",
- "ui-priority" : 97,
- "misp-attribute" : "text"
+ "type-of-organizarion": {
+ "description": "Type of the organization",
+ "ui-priority": 97,
+ "misp-attribute": "text"
},
"date-of-inception": {
"description": "Date of inception of the organization",
"ui-priority": 0,
"misp-attribute": "date-of-birth"
},
-
"phone-number": {
"description": "Phone number of the organization.",
"ui-priority": 10,
@@ -46,14 +44,12 @@
"misp-attribute": "text",
"multiple": true
},
-
"e-mail": {
"description": "Email address of the organization.",
"ui-priority": 10,
"misp-attribute": "email-src",
"multiple": true
},
-
"role": {
"description": "The role of the organization.",
"ui-priority": 0,
diff --git a/objects/report/definition.json b/objects/report/definition.json
index 8b83a4d..053677d 100644
--- a/objects/report/definition.json
+++ b/objects/report/definition.json
@@ -27,7 +27,7 @@
"ui-priority": 99,
"misp-attribute": "attachment",
"multiple": true
- },
+ }
},
"version": 1,
"description": "Metadata used to generate an executive level report",
From 63fff149f0ed47019085f16cbd23bc181e2b8125 Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 13:49:16 +0530
Subject: [PATCH 6/8] added requiredOneOf to device definition
---
objects/device/definition.json | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/objects/device/definition.json b/objects/device/definition.json
index 50653ec..a25a617 100644
--- a/objects/device/definition.json
+++ b/objects/device/definition.json
@@ -1,6 +1,7 @@
{
"requiredOneOf": [
- "name"
+ "name",
+ "alias"
],
"attributes": {
"description": {
From 6917beee5fe85440649c7848d6d768c102c95815 Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 14:02:26 +0530
Subject: [PATCH 7/8] reverted device to misc category
---
objects/device/definition.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/objects/device/definition.json b/objects/device/definition.json
index a25a617..4826bdd 100644
--- a/objects/device/definition.json
+++ b/objects/device/definition.json
@@ -56,7 +56,7 @@
},
"version": 3,
"description": "An object to define a device",
- "meta-category": "device",
+ "meta-category": "misc",
"uuid": "0c64b41a-e583-4f4d-ac92-d484163b9e52",
"name": "Device"
}
From 9f3fb14ed548c6a5f3a664fb4823a3719d4db688 Mon Sep 17 00:00:00 2001
From: haxpak <haxpak@gmail.com>
Date: Sat, 13 Apr 2019 14:57:55 +0530
Subject: [PATCH 8/8] changed organization meta category to misc
---
objects/organization/definition.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/objects/organization/definition.json b/objects/organization/definition.json
index 923bdc2..966a8f5 100644
--- a/objects/organization/definition.json
+++ b/objects/organization/definition.json
@@ -69,7 +69,7 @@
},
"version": 1,
"description": "An object which describes an organization.",
- "meta-category": "organization",
+ "meta-category": "misc",
"uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a",
"name": "organization"
}