mirror of https://github.com/MISP/misp-objects
new: [ls20] Added first version of ls20 report objects
parent
b457df2a36
commit
e0040eaa7e
|
@ -0,0 +1,49 @@
|
|||
{
|
||||
"required": [
|
||||
"type"
|
||||
],
|
||||
"attributes": {
|
||||
"monitor": {
|
||||
"description": "Are IOCs in the report being monitored",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "boolean"
|
||||
},
|
||||
"type": {
|
||||
"description": "Interpreted type",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"ddos infrastructure",
|
||||
"false positive",
|
||||
"brute-force",
|
||||
"phishing",
|
||||
"malware url",
|
||||
"defacement",
|
||||
"c&c",
|
||||
"malware configuration",
|
||||
"backdoor",
|
||||
"attack",
|
||||
"mitm",
|
||||
"need more information",
|
||||
"artifact",
|
||||
"exploit url",
|
||||
"hijack",
|
||||
"dropzone",
|
||||
"scanner"
|
||||
]
|
||||
},
|
||||
"comment": {
|
||||
"description": "Additional comments",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "LS20 Object meant for yellow teams to provide feedback on threat-reports to blue teams",
|
||||
"meta-category": "locked-shield",
|
||||
"uuid": "271475d3-e9d6-4055-8c47-217588355406",
|
||||
"name": "ls20-threat-report-feedback"
|
||||
}
|
|
@ -0,0 +1,112 @@
|
|||
{
|
||||
"required": [
|
||||
"description",
|
||||
"zone"
|
||||
],
|
||||
"attributes": {
|
||||
"description": {
|
||||
"description": "A description of the threat",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"zone": {
|
||||
"description": "The zone the threat is impacting",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"capability": {
|
||||
"description": "The capability affected",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"military port",
|
||||
"shipping",
|
||||
"water purification",
|
||||
"power distribution",
|
||||
"power generation",
|
||||
"noc",
|
||||
"military hq office"
|
||||
]
|
||||
},
|
||||
"phase": {
|
||||
"description": "The phase",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "counter",
|
||||
"multiple": true
|
||||
},
|
||||
"ip": {
|
||||
"description": "IP Address",
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
],
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "ip-src",
|
||||
"multiple": true
|
||||
},
|
||||
"url": {
|
||||
"description": "URL",
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
],
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url",
|
||||
"multiple": true
|
||||
},
|
||||
"domain": {
|
||||
"description": "Domain name",
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"External analysis"
|
||||
],
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "domain",
|
||||
"multiple": true
|
||||
},
|
||||
"registry-key": {
|
||||
"description": "Registry key",
|
||||
"categories": [
|
||||
"Persistence mechanism"
|
||||
],
|
||||
"ui-priority": 0,
|
||||
"multiple": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"path": {
|
||||
"description": "Path of the filename",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"md5": {
|
||||
"description": "MD5 hash (128 bits)",
|
||||
"ui-priority": 1,
|
||||
"multiple": true,
|
||||
"misp-attribute": "md5"
|
||||
},
|
||||
"sha1": {
|
||||
"description": "Secure Hash Algorithm 1 (160 bits)",
|
||||
"ui-priority": 1,
|
||||
"multiple": true,
|
||||
"misp-attribute": "sha1"
|
||||
},
|
||||
"sha256": {
|
||||
"description": "Secure Hash Algorithm 2 (256 bits)",
|
||||
"ui-priority": 1,
|
||||
"multiple": true,
|
||||
"misp-attribute": "sha256"
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "LS20 Object to inform the command center analysts about the adversary infrastructure and how it is being used to attack you",
|
||||
"meta-category": "locked-shield",
|
||||
"uuid": "359d4790-dd73-4d8c-bfb4-9e4039c8bf8c",
|
||||
"name": "ls20-threat-report"
|
||||
}
|
Loading…
Reference in New Issue