MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image.

pull/257/head
VVX7 2020-05-29 21:10:02 -04:00
parent a6b146dbbc
commit cf5687b50d
8 changed files with 681 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
objects/image/definition.json Normal file
View File

@ -0,0 +1,50 @@
{
"attributes": {
"archive": {
"description": "Archive of the image (Internet Archive, Archive.is, etc).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "The image file.",
"misp-attribute": "attachment",
"ui-priority": 1
},
"filename": {
"description": "The image filename.",
"misp-attribute": "filename",
"ui-priority": 1
},
"image-text": {
"description": "Raw text of image",
"misp-attribute": "text",
"ui-priority": 1
},
"link": {
"description": "Original link into the image (Supposed harmless)",
"misp-attribute": "link",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the image (potentially malicious)",
"misp-attribute": "url",
"ui-priority": 1
},
"username": {
"description": "Username who posted the image.",
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "Object describing an image file.",
"meta-category": "file",
"name": "image",
"requiredOneOf": [
"attachment",
"archive",
"link"
],
"uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82",
"version": 1
}

111
objects/twitter-account/definition.json Normal file
View File

@ -0,0 +1,111 @@
{
"attributes": {
"archive": {
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"description": {
"description": "A description of the user.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"displayed-name": {
"description": "Displayed name.",
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the user description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the user description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"followers": {
"description": "number of followers.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"friends": {
"description": "Number of friends.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"hashtag": {
"description": "Hashtag embedded in the user description.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"id": {
"description": "Numeric account id.",
"misp-attribute": "text",
"ui-priority": 1
},
"link": {
"description": "Original link to the user (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"listed": {
"description": "Number of lists the user is on.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"location": {
"description": "User description of location.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"name": {
"description": "User's screen name (without the @).",
"misp-attribute": "text",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the user (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"verified": {
"description": "User verified.",
"misp-attribute": "text",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
}
},
"description": "Twitter account.",
"meta-category": "misc",
"name": "twitter-account",
"requiredOneOf": [
"name",
"id",
"description",
"archive",
"link"
],
"uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb",
"version": 1
}

88
objects/twitter-list/definition.json Normal file
View File

@ -0,0 +1,88 @@
{
"attributes": {
"archive": {
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"description": {
"description": "A description of the list.",
"misp-attribute": "text",
"ui-priority": 1
},
"displayed-name": {
"description": "Displayed name.",
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"to_ids": false,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag embedded in the description.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"id": {
"description": "Numeric list id.",
"misp-attribute": "text",
"ui-priority": 1
},
"link": {
"description": "Original link to the list (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"name": {
"description": "List's screen name (without the @).",
"misp-attribute": "text",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the list (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"user-id": {
"description": "Id of the account that manages this list.",
"misp-attribute": "text",
"ui-priority": 0
},
"user-name": {
"description": "Name of the account that manages this list (without the @).",
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "Twitter list.",
"meta-category": "misc",
"name": "twitter-list",
"requiredOneOf": [
"name",
"id",
"description",
"archive",
"link"
],
"uuid": "7ae81d5c-d9d8-4812-88a7-5f14fba241da",
"version": 1
}

120
objects/twitter-post/definition.json Normal file
View File

@ -0,0 +1,120 @@
{
"attributes": {
"archive": {
"description": "Archive of the original tweet (Internet Archive, Archive.is, etc).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "The tweet file or screen capture.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"embedded-link": {
"description": "Link in the tweet",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Safe link in the tweet",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag embedded in the tweet",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"in-reply-to-display-name": {
"description": "The user display name of the tweet this post shares.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"in-reply-to-status-id": {
"description": "The twitter ID of the tweet that this post shares.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"in-reply-to-user-id": {
"description": "The user ID of the tweet this post shares.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"language": {
"description": "The language of the post.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"link": {
"description": "Original link to the post (supposed harmless).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"post": {
"description": "Raw text of the post.",
"misp-attribute": "text",
"ui-priority": 1
},
"post-id": {
"description": "Numeric id of the tweet.",
"misp-attribute": "post-id",
"ui-priority": 0
},
"removal-date": {
"description": "When the tweet was removed.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"source": {
"description": "Source of tweet (android, web etc).",
"misp-attribute": "text",
"ui-priority": 1
},
"url": {
"description": "Original URL of the tweet, e.g. link shortener (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 1
},
"user-id": {
"description": "Id of the account that posted this tweet.",
"misp-attribute": "text",
"ui-priority": 0
},
"user-name": {
"description": "Name of the account that posted this tweet.",
"misp-attribute": "text",
"ui-priority": 0
},
"username-quoted": {
"description": "Username who is quoted in the tweet.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "Twitter post (tweet).",
"meta-category": "misc",
"name": "twitter-post",
"requiredOneOf": [
"post",
"post-id",
"archive",
"url",
"link",
"attachment"
],
"uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e",
"version": 1
}

77
objects/youtube-channel/definition.json Normal file
View File

@ -0,0 +1,77 @@
{
"attributes": {
"about": {
"description": "About page of the channel.",
"misp-attribute": "text",
"ui-priority": 1
},
"archive": {
"description": "Archive of the channel (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"channel-avatar": {
"description": "A screen capture or exported channel avatar.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"channel-banner": {
"description": "A screen capture or exported channel header.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"channel-id": {
"description": "Channel id.",
"misp-attribute": "text",
"ui-priority": 1
},
"channel-name": {
"description": "Channel name.",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the channel.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"featured-channel": {
"description": "Featured channel names.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"link": {
"description": "Original link to the channel page (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the page (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
}
},
"description": "A YouTube channel.",
"meta-category": "misc",
"name": "youtube-channel",
"requiredOneOf": [
"channel-name",
"channel-id",
"archive",
"link"
],
"uuid": "cb9f492b-9930-4388-98e1-5d0cdcfa51df",
"version": 1
}

88
objects/youtube-comment/definition.json Normal file
View File

@ -0,0 +1,88 @@
{
"attributes": {
"archive": {
"description": "Archive of the original comment (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported comment.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"channel-name": {
"description": "The name of the channel where it was posted.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"comment": {
"description": "The raw text of the YouTube video comment.",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the comment.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the comment (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the comment (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag used in the comment.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"link": {
"description": "Original link to the comment (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the comment (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"user-account": {
"description": "The user account that commented on the YouTube video.",
"misp-attribute": "text",
"ui-priority": 1
},
"username-quoted": {
"description": "Username who are quoted in the comment.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"video-title": {
"description": "The title of the YouTube video.",
"misp-attribute": "text",
"ui-priority": 1
}
},
"description": "A YouTube video comment.",
"meta-category": "misc",
"name": "youtube-comment",
"requiredOneOf": [
"comment",
"archive",
"link"
],
"uuid": "218bc1ae-c5ee-452b-895d-a26e0beaa550",
"version": 1
}

59
objects/youtube-playlist/definition.json Normal file
View File

@ -0,0 +1,59 @@
{
"attributes": {
"archive": {
"description": "Archive of the playlist (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"description": {
"description": "A description of the playlist.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"link": {
"description": "Original link to the playlist page (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"playlist-id": {
"description": "Playlist id.",
"misp-attribute": "text",
"ui-priority": 1
},
"playlist-name": {
"description": "Playlist name.",
"misp-attribute": "text",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the page (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"video-link": {
"description": "Link to the video in playlist (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
}
},
"description": "A YouTube playlist.",
"meta-category": "misc",
"name": "youtube-playlist",
"requiredOneOf": [
"playlist-name",
"playlist-id",
"archive",
"link"
],
"uuid": "5a5e7441-c048-4e4b-bab7-642a91d30935",
"version": 1
}

88
objects/youtube-video/definition.json Normal file
View File

@ -0,0 +1,88 @@
{
"attributes": {
"archive": {
"description": "Archive of the original YouTube video (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported YouTube video.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"channel-name": {
"description": "The name of the channel where it was posted.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"creator": {
"description": "The user account that created the YouTube video.",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the YouTube video.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the YouTube video description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the YouTube video description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag used to identify or promote the YouTube video.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"link": {
"description": "Original link to the YouTube video (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"url": {
"description": "Original URL location of the YouTube video (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"username-quoted": {
"description": "Username who are quoted in the YouTube video or description.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"video-title": {
"description": "The title of the YouTube video.",
"misp-attribute": "text",
"ui-priority": 1
},
"video-transcript": {
"description": "The YouTube video transcript (closed captions).",
"misp-attribute": "text",
"ui-priority": 1
}
},
"description": "A YouTube video.",
"meta-category": "misc",
"name": "youtube-video",
"requiredOneOf": [
"video-title",
"archive",
"link"
],
"uuid": "2bd68462-a509-4320-b5c6-760a57fd1a80",
"version": 1
}