From e3556784b5c06d072f5bf06af6b233acd05f131e Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Thu, 22 Jun 2023 15:39:02 +0200 Subject: [PATCH] wip: [task] New object template for tasks as described in STIX 2.1 Incident object extensions --- objects/task/definition.json | 122 +++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 objects/task/definition.json diff --git a/objects/task/definition.json b/objects/task/definition.json new file mode 100644 index 0000000..2b0774a --- /dev/null +++ b/objects/task/definition.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "description": { + "description": "Description of the task.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "end_time": { + "description": "The date and time the event was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "error": { + "description": "Details about any failure or deviation that occurred in the task.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "name": { + "description": "Name of the task.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "outcome": { + "description": "Outcome of the task", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "cancelled", + "failed", + "ongoing", + "pending", + "successful", + "unknown" + ], + "ui-priority": 0 + }, + "priority": { + "description": "Priority or importance of the task.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the event was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "task_type": { + "description": "Type of task.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "sane_default": [ + "administrative", + "attribution", + "containment", + "declared", + "detected", + "eradication", + "escalated", + "exercised-control", + "external-intelligence", + "external-outreach", + "external-support", + "implemented-control", + "negotiation", + "playbook-execution", + "playbook-step-execution", + "recovery", + "reported", + "routine-updates", + "victim-notification" + ], + "ui-priority": 0 + } + }, + "description": "Task object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "task", + "required": [ + "outcome" + ], + "uuid": "384734e7-8710-4ab0-901a-6f0e73a551e6", + "version": 1 +} \ No newline at end of file