MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix: Regripper object templates fixed

pull/118/head
aksha 2018-10-02 10:14:19 +01:00
parent 44d92e95be
commit f8226fc200
15 changed files with 222 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
objects/regripper-NTUser/definition.json
View File

@ -14,7 +14,8 @@
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"logon-user-name": {
"description": "Name assigned to the user profile.",
@ -25,65 +26,68 @@
"description": "List of recent folders accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
"multiple":true
},
"recent-files-accessed": {
"description": "List of recent files accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
"multiple":true
},
"typed-urls": {
"description": "Urls typed by the user in internet explorer",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
"multiple":true
},
"applications-installed": {
"description": "List of applications installed.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
"multiple":true
},
"applications-run": {
"description": "List of applications set to run on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true
},
"external-devices": {
"description": "List of external devices connected to the system by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true
},
"user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true
},
"nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"network-connected-to": {
"description": "List of networks the user connected the system to.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true
},
"mount-points": {
"description": "Details of the mount points created on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true,
"disable_correlation": true
},
"comments": {
"description": "Additional information related to the user profile",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
}
},

21
objects/regripper-sam-hive-single-user/definition.json
View File

@ -16,7 +16,8 @@
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"user-name": {
"description": "User name assigned to the user profile.",
@ -31,22 +32,32 @@
"last-login-time": {
"description": "Date and time when the user last logged onto the system.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-reset-time": {
"description": "Date and time when the password was last reset.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"login-count": {
"description": "Number of times the user logged-in onto the system.",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "counter",
"disable_correlation": true
},
"comments": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},

11
objects/regripper-sam-hive-user-group/definition.json
View File

@ -14,7 +14,8 @@
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"group-name": {
"description": "Name assigned to the profile.",
@ -29,18 +30,20 @@
"last-write-date-time": {
"description": "Date and time when the group key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"group-comment": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"group-users": {
"description": "Users belonging to the group",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
"multiple": true
}
},

17
objects/regripper-software-hive-BHO/definition.json
View File

@ -12,7 +12,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"BHO-name": {
"description": "Name of the browser helper object.",
@ -22,27 +23,31 @@
"BHO-key-last-write-time": {
"description": "Date and time when the BHO key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"class": {
"description": "Class to which the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"module": {
"description": "DLL module the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the BHO.",
"ui-priority": 0,
"misp-attribute": "links",
"misp-attribute": "link",
"multiple":true
}
},

11
objects/regripper-software-hive-appInit-DLLS/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"DLL-name": {
"description": "Name of the DLL file.",
@ -28,17 +29,19 @@
"DLL-last-write-time": {
"description": "Date and time when the DLL file was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the DLL file.",
"ui-priority": 0,
"misp-attribute": "links",
"misp-attribute": "link",
"multiple":true
}
},

8
objects/regripper-software-hive-application-paths/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"executable-file-name": {
"description": "Name of the executable file.",
@ -30,12 +31,13 @@
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "links",
"misp-attribute": "link",
"multiple":true
}
},

11
objects/regripper-software-hive-applications-installed/definition.json
View File

@ -17,7 +17,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"app-name": {
"description": "Name of the application.",
@ -27,7 +28,8 @@
"app-last-write-time": {
"description": "Date and time when the application key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"version": {
"description": "Version of the application.",
@ -37,12 +39,13 @@
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "links",
"misp-attribute": "link",
"multiple":true
}
},

9
objects/regripper-software-hive-command-shell/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"shell": {
"description": "Type of shell used to execute the command.",
@ -26,7 +27,8 @@
"hta",
"pif",
"Other"
]
],
"disable_correlation": true
},
"shell-path": {
"description": "Path of the shell.",
@ -41,7 +43,8 @@
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,

26
objects/regripper-software-hive-general-windows-info/definition.json
View File

@ -12,7 +12,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"RegisteredOrganization": {
"description": "Name of the registered organization.",
@ -32,7 +33,7 @@
"CurrentBuild": {
"description": "Build number of the windows OS.",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "text"
},
"SoftwareType": {
"description": "Software type of windows.",
@ -42,27 +43,32 @@
"Application",
"other"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"InstallationType": {
"description": "Type of windows installation.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"InstallDate": {
"description": "Date when windows was installed.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"SystemRoot": {
"description": "Root directory.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"PathName": {
"description": "Path to the root directory.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"EditionID": {
"description": "Windows edition.",
@ -103,6 +109,12 @@
"description": "Windows BuildLabEx string.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,

14
objects/regripper-software-hive-software-run/definition.json
View File

@ -15,17 +15,20 @@
"Terminal",
"Other"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"key-path": {
"description": "Path of the key.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"application-name": {
"description": "Name of the application run.",
@ -42,12 +45,13 @@
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the applications.",
"ui-priority": 0,
"misp-attribute": "links",
"misp-attribute": "link",
"multiple":true
}
},

67
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -7,47 +7,56 @@
"user-profile-key-path": {
"description": "key where the user-profile information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"user-profile-key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"user-profile-path": {
"description": "Path of the user profile on the system",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"SID": {
"description": "Security identifier assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"user-profile-last-write-time": {
"description": "Date and time when the user profile was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"winlogon-key-path": {
"description": "winlogon key referred in order to retrieve default user information",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"winlogon-key-last-write-time": {
"description": "Date and time when the winlogon key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"DefaultUserName": {
"description": "user-name of the default user.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"Shell": {
"description": "Shell set to run when the user logs onto the system.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true,
"multiple": true
},
"UserInit": {
@ -60,74 +69,88 @@
"description": "Message title set to display when the user logs-in.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
"multiple": true,
"disable_correlation": true
},
"Legal-notice-text": {
"description": "Message set to display when the user logs-in.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
"multiple": true,
"disable_correlation": true
},
"PreCreateKnownFolders": {
"description": "create known folders key",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"ReportBootOk": {
"description": "Flag to check if the reboot was successful.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"AutoRestartShell": {
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"PasswordExpiryWarining": {
"description": "Number of times the password expiry warning appeared.",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "counter",
"disable_correlation": true
},
"PowerdownAfterShutDown": {
"description": "Flag value- if the system is set to power down after it is shutdown.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"ShutdownWithoutLogon": {
"description": "Value of the flag set to enable shutdown without requiring a user to login.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"WinStationsDisabled": {
"description": "Flag value set to enable/disable logons to the system.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"DisableCAD": {
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"AutoAdminLogon": {
"description": "Flag value to determine if autologon is enabled for a user without entering the password.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"CachedLogonCount": {
"description": "Number of times the user has logged into the system.",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "counter",
"disable_correlation": true
},
"ShutdownFlags": {
"description": "Number of times shutdown is initiated from a process when the user is logged-in.",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "counter",
"disable_correlation": true
},
"Comments":
{
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,

15
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -11,27 +11,32 @@
"Standard Profile",
"other"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"last-write-time": {
"description": "Date and time when the firewall profile policy was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": ""
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,

39
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -11,57 +11,74 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"shutdown-time": {
"description": "Date and time when the system was shutdown.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-date": {
"description": "Standard date - non daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-date": {
"description": "Daylight date - daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,

38
objects/regripper-system-hive-network-information/definition.json
View File

@ -11,12 +11,14 @@
"network-key-last-write-time": {
"description": "Date and time when the network key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"network-key-path": {
"description": "Path of the key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"TCPIP-key": {
"description": "TCPIP key",
@ -26,7 +28,8 @@
"TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"DHCP-domain": {
"description": "Name of the DHCP domain service",
@ -36,32 +39,34 @@
"DHCP-IP-address": {
"description": "DHCP service - IP address",
"ui-priority": 0,
"misp-attribute": "ip-dist"
"misp-attribute": "ip-dst"
},
"DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
"misp-attribute": "ip-dst"
},
"DHCP-name-server": {
"description": "DHCP Name server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
"misp-attribute": "ip-dst"
},
"DHCP-server": {
"description": "DHCP server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dist"
"misp-attribute": "ip-dst"
},
"interface-GUID": {
"description": "GUID value assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"interface-last-write-time": {
"description": "Last date and time when the interface key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"interface-name": {
"description": "Name of the interface.",
@ -71,17 +76,26 @@
"interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"interface-MediaSubType": {
"description": "",
"ui-priority": 0,
"misp-attribute": "number"
"misp-attribute": "text",
"disable_correlation": true
},
"interface-IPcheckingEnabled": {
"description": "",
"ui-priority": 0,
"misp-attribute": "boolean"
"misp-attribute": "boolean",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,

15
objects/regripper-system-hive-service-drivers/definition.json
View File

@ -11,7 +11,8 @@
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
"misp-attribute": "datetime",
"disable_correlation": true
},
"display": {
"description": "Display name/information of the service or the driver.",
@ -34,7 +35,8 @@
"Interactive",
"Other"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"start": {
"description": "When the service/driver starts or executes.",
@ -46,7 +48,8 @@
"Manual",
"Disabled"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"group": {
"description": "Group to which the system/driver belong to.",
@ -77,12 +80,14 @@
"Video Save",
"other"
],
"misp-attribute": "text"
"misp-attribute": "text",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": ""
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,