MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit

pull/257/head
VVX7 2020-05-29 16:34:00 -04:00
parent c6da4c9e66
commit ed7a730a79
4 changed files with 374 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
objects/reddit-account/definition.json Normal file
View File

@ -0,0 +1,79 @@
{
"attributes": {
"account-avatar": {
"description": "A screen capture or exported account avatar.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"account-id": {
"description": "Account id.",
"misp-attribute": "text",
"ui-priority": 1
},
"account-name": {
"description": "Account name (do not include u/).",
"misp-attribute": "text",
"ui-priority": 1
},
"archive": {
"description": "Archive of the account (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"description": {
"description": "A description of the user.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"link": {
"description": "Original link to the account page (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"moderator-of": {
"description": "Subreddits of which this account is a moderator (exclude the r/).",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"trophies": {
"description": "Trophies listed in the account Trophy Case.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"url": {
"description": "Original URL location of the page (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"user-avatar": {
"description": "A user profile picture or avatar.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
}
},
"description": "Reddit account.",
"meta-category": "misc",
"name": "reddit-account",
"requiredOneOf": [
"account-name",
"account-id",
"description",
"archive",
"link"
],
"uuid": "6802f885-2003-494a-b234-61aadce62731",
"version": 1
}

85
objects/reddit-comment/definition.json Normal file
View File

@ -0,0 +1,85 @@
{
"attributes": {
"archive": {
"description": "Archive of the original comment (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported file from the comment.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"comment": {
"description": "The raw text of the comment.",
"misp-attribute": "text",
"ui-priority": 1
},
"creator": {
"description": "The user account that created the post (do not include u/).",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the comment.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the subreddit description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the subreddit description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag used to identify or promote the comment.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"link": {
"description": "Original link to the comment (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"subreddit-name": {
"description": "The name of the subreddit where it was posted (exclude the r/).",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"url": {
"description": "Original URL location of the comment (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"username-quoted": {
"description": "Username who are quoted in the comment (do not include u/).",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "A Reddit post comment.",
"meta-category": "misc",
"name": "reddit-comment",
"requiredOneOf": [
"creator",
"comment",
"archive",
"link"
],
"uuid": "0a7e5fc0-fe6a-43c7-a957-de3269c2eb6c",
"version": 1
}

89
objects/reddit-post/definition.json Normal file
View File

@ -0,0 +1,89 @@
{
"attributes": {
"archive": {
"description": "Archive of the original Reddit post (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported file from the Reddit post.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"creator": {
"description": "The user account that created the post (do not include u/).",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the post.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the subreddit description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the subreddit description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag used to identify or promote the Reddit post.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"link": {
"description": "Original link to the Reddit post (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"post-content": {
"description": "The raw text of the Reddit post.",
"misp-attribute": "text",
"ui-priority": 1
},
"post-title": {
"description": "The title of the Reddit post.",
"misp-attribute": "text",
"ui-priority": 1
},
"subreddit-name": {
"description": "The name of the subreddit where it was posted (exclude the r/).",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"url": {
"description": "Original URL location of the Reddit post (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
},
"username-quoted": {
"description": "Username who are quoted in the Reddit post (do not include u/).",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "A Reddit post.",
"meta-category": "misc",
"name": "reddit-post",
"requiredOneOf": [
"post-title",
"post-content",
"archive",
"link"
],
"uuid": "e5ed7e7f-2e21-44ff-839f-e58d9818f17f",
"version": 1
}

121
objects/reddit-subreddit/definition.json Normal file
View File

@ -0,0 +1,121 @@
{
"attributes": {
"archive": {
"description": "Archive of the original subreddit (Internet Archive, Archive.is, etc).",
"disable_correlation": true,
"misp-attribute": "link",
"multiple": true,
"ui-priority": 1
},
"attachment": {
"description": "A screen capture or exported list of contacts, subreddit members, etc.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"community-icon": {
"description": "A screen capture or exported subreddit community icon.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"creator": {
"description": "The user account that created the subreddit (do not include u/).",
"misp-attribute": "text",
"ui-priority": 1
},
"description": {
"description": "A description of the subreddit.",
"misp-attribute": "text",
"ui-priority": 1
},
"embedded-link": {
"description": "Link embedded in the subreddit description (potentially malicious).",
"misp-attribute": "url",
"multiple": true,
"ui-priority": 0
},
"embedded-safe-link": {
"description": "Link embedded in the subreddit description (supposed safe).",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 0
},
"hashtag": {
"description": "Hashtag used to identify or promote the subreddit.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"header-image": {
"description": "A screen capture or exported subreddit header.",
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"link": {
"description": "Original link to the subreddit (supposed harmless).",
"misp-attribute": "link",
"ui-priority": 1
},
"moderator": {
"description": "A user account who is a moderator of the subreddit (do not include u/).",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"privacy": {
"description": "Subreddit privacy.",
"misp-attribute": "text",
"sane_default": [
"Public",
"Private"
],
"ui-priority": 1
},
"rules": {
"description": "Raw text of the rules of the subreddit.",
"misp-attribute": "text",
"ui-priority": 1
},
"submit-text": {
"description": "The submission form raw text when posting to the subreddit.",
"misp-attribute": "text",
"ui-priority": 1
},
"subreddit-alias": {
"description": "Aliases or previous names of subreddit.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"subreddit-name": {
"description": "The name of the subreddit (exclude the r/).",
"misp-attribute": "text",
"ui-priority": 1
},
"subreddit-type": {
"description": "Subreddit type, e.g. general, buy and sell etc.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"url": {
"description": "Original URL location of the subreddit (potentially malicious).",
"misp-attribute": "url",
"ui-priority": 1
}
},
"description": "Public or private subreddit.",
"meta-category": "misc",
"name": "reddit-subreddit",
"requiredOneOf": [
"subreddit-name",
"description",
"archive",
"link"
],
"uuid": "5a00464c-5379-4e66-ab21-d356ba426155",
"version": 1
}