From d50a9eeb13a18fde324d4f2bc976c784f400de49 Mon Sep 17 00:00:00 2001
From: VVX7 <info@VVX7.io>
Date: Wed, 15 Apr 2020 22:57:12 -0400
Subject: [PATCH] new: [object] add scheduled-event, add social-media-group

---
 objects/scheduled-event/definition.json    | 129 +++++++++++++++++++++
 objects/social-media-group/definition.json | 102 ++++++++++++++++
 2 files changed, 231 insertions(+)
 create mode 100644 objects/scheduled-event/definition.json
 create mode 100644 objects/social-media-group/definition.json

diff --git a/objects/scheduled-event/definition.json b/objects/scheduled-event/definition.json
new file mode 100644
index 0000000..b57c53b
--- /dev/null
+++ b/objects/scheduled-event/definition.json
@@ -0,0 +1,129 @@
+{
+  "requiredOneOf": [
+    "event-name",
+    "event-alias",
+    "archive",
+    "attachment"
+  ],
+  "attributes": {
+    "event-name": {
+      "description": "The name of the event.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "event-alias": {
+      "description": "Aliases of event.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "text"
+    },
+    "event-listing": {
+      "description": "Social media and other platforms on which the event is advertised.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "multiple": true,
+      "sane_default": [
+        "Twitter",
+        "Facebook",
+        "Meetup",
+        "Eventbrite",
+        "Other"
+      ]
+    },
+    "username": {
+      "description": "A user account who is going to the event.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "person-name": {
+      "description": "A person who is going to the event.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "administrator": {
+      "description": "A user account who is an owner or admin of the event.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "hashtag": {
+      "description": "Hashtag used to identify or promote the event.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "url": {
+      "description": "Original URL location of the event (potentially malicious).",
+      "ui-priority": 1,
+      "misp-attribute": "url"
+    },
+    "link": {
+      "description": "Original link into the event (supposed harmless).",
+      "ui-priority": 1,
+      "misp-attribute": "link"
+    },
+    "phone-number": {
+      "description": "Phone number of the event contact.",
+      "ui-priority": 10,
+      "misp-attribute": "phone-number",
+      "multiple": true
+    },
+    "fax-number": {
+      "description": "Fax number of the event contact.",
+      "ui-priority": 10,
+      "misp-attribute": "phone-number",
+      "multiple": true
+    },
+    "address": {
+      "description": "Postal address of the event.",
+      "ui-priority": 10,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "e-mail": {
+      "description": "Email address of the event contact.",
+      "ui-priority": 10,
+      "misp-attribute": "email-src",
+      "multiple": true
+    },
+    "embedded-link": {
+      "description": "Link embedded in the event description (potentially malicious).",
+      "ui-priority": 0,
+      "misp-attribute": "url",
+      "multiple": true
+    },
+    "embedded-safe-link": {
+      "description": "Link embedded in the event description (supposed safe).",
+      "ui-priority": 0,
+      "misp-attribute": "link",
+      "multiple": true,
+      "to_ids": false
+    },
+    "archive": {
+      "description": "Archive of the original event (Internet Archive, Archive.is, etc).",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "link"
+    },
+    "attachment": {
+      "description": "A screen capture or other attachment relevant to the event.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "attachment"
+    },
+    "scheduled-date": {
+      "description": "Initial creation of the microblog post",
+      "ui-priority": 0,
+      "multiple": true,
+      "misp-attribute": "datetime"
+    }
+  },
+  "version": 1,
+  "description": "Event object template describing a gathering of individuals in meatspace.",
+  "meta-category": "misc",
+  "uuid": "40ba0098-cfd8-4b54-b5a8-9adcdf47533d",
+  "name": "scheduled-event"
+}
diff --git a/objects/social-media-group/definition.json b/objects/social-media-group/definition.json
new file mode 100644
index 0000000..25a9927
--- /dev/null
+++ b/objects/social-media-group/definition.json
@@ -0,0 +1,102 @@
+{
+  "requiredOneOf": [
+    "group-name",
+    "group-alias",
+    "archive",
+    "description"
+  ],
+  "attributes": {
+    "group-name": {
+      "description": "The name of the group, channel or community.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "description": {
+      "description": "A description of the group, channel or community.",
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "group-alias": {
+      "description": "Aliases of group, channel or community.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "text"
+    },
+    "platform": {
+      "description": "The social media platform used.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "disable_correlation": true,
+      "multiple": true,
+      "sane_default": [
+        "Facebook",
+        "Twitter"
+      ]
+    },
+    "username": {
+      "description": "A user account who is a member of the group.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "administrator": {
+      "description": "A user account who is an owner or admin of the group.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "person-name": {
+      "description": "A person who is a member of the group.",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "hashtag": {
+      "description": "Hashtag used to identify or promote the group.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "url": {
+      "description": "Original URL location of the group (potentially malicious).",
+      "ui-priority": 1,
+      "misp-attribute": "url"
+    },
+    "link": {
+      "description": "Original link into the group (supposed harmless).",
+      "ui-priority": 1,
+      "misp-attribute": "link"
+    },
+    "embedded-link": {
+      "description": "Link embedded in the group description (potentially malicious).",
+      "ui-priority": 0,
+      "misp-attribute": "url",
+      "multiple": true
+    },
+    "embedded-safe-link": {
+      "description": "Link embedded in the group description (supposed safe).",
+      "ui-priority": 0,
+      "misp-attribute": "link",
+      "multiple": true,
+      "to_ids": false
+    },
+    "archive": {
+      "description": "Archive of the original group (Internet Archive, Archive.is, etc).",
+      "ui-priority": 1,
+      "multiple": true,
+      "disable_correlation": true,
+      "misp-attribute": "link"
+    },
+    "attachment": {
+      "description": "A screen capture or exported list of contacts, group members, etc.",
+      "ui-priority": 1,
+      "multiple": true,
+      "misp-attribute": "attachment"
+    }
+  },
+  "version": 1,
+  "description": "Social media group object template describing a public or private group or channel.",
+  "meta-category": "misc",
+  "uuid": "c4939ec4-ab53-4c35-9a98-3d4d4caf5b6c",
+  "name": "social-media-group"
+}