From e26e54b54a720ce09394d9461444385821a65295 Mon Sep 17 00:00:00 2001 From: marcnil815 <33084026+marcnil815@users.noreply.github.com> Date: Thu, 21 Feb 2019 16:12:54 +0100 Subject: [PATCH] Create splunk object definition.json Adding misp-object for basic splunk search/correlation search values. --- objects/splunk/definition.json | 58 ++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 objects/splunk/definition.json diff --git a/objects/splunk/definition.json b/objects/splunk/definition.json new file mode 100644 index 0000000..c5a1ea8 --- /dev/null +++ b/objects/splunk/definition.json @@ -0,0 +1,58 @@ +{ + "version": 1, + "description": "Splunk / Splunk ES object", + "meta-category": "misc", + "uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8", + "name": "splunk", + "required": ["search"], + "attributes": { + "search": { + "description": "Search / Correlation search", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "drill-down": { + "description": "Drilldown", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true, + "multiple": true + }, + "response-action": { + "description": "Response action", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true, + "disable_correlation": true, + "sane_default": [ + "notable", + "risk" + ] + }, + "schedule": { + "description": "Schedule", + "ui-priority": 0, + "misp-attribute": "other", + "disable_correlation": true + }, + "earliest": { + "description": "Earliest time", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "latest": { + "description": "Latest time", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "description": { + "description": "Description", + "ui-priority": 0, + "misp-attribute": "comment", + "disable_correlation": true + } + } +}