From f8226fc2004dc4e9f4a5eb18cec12135404a3be5 Mon Sep 17 00:00:00 2001 From: aksha Date: Tue, 2 Oct 2018 10:14:19 +0100 Subject: [PATCH] Fix: Regripper object templates fixed --- objects/regripper-NTUser/definition.json | 28 ++++---- .../definition.json | 21 ++++-- .../definition.json | 11 +-- .../definition.json | 17 +++-- .../definition.json | 11 +-- .../definition.json | 8 ++- .../definition.json | 11 +-- .../definition.json | 9 ++- .../definition.json | 26 +++++-- .../definition.json | 14 ++-- .../definition.json | 67 +++++++++++++------ .../definition.json | 15 +++-- .../definition.json | 39 ++++++++--- .../definition.json | 38 +++++++---- .../definition.json | 15 +++-- 15 files changed, 222 insertions(+), 108 deletions(-) diff --git a/objects/regripper-NTUser/definition.json b/objects/regripper-NTUser/definition.json index 264aae9..6eb7193 100644 --- a/objects/regripper-NTUser/definition.json +++ b/objects/regripper-NTUser/definition.json @@ -14,7 +14,8 @@ "key-last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "logon-user-name": { "description": "Name assigned to the user profile.", @@ -25,65 +26,68 @@ "description": "List of recent folders accessed by the user.", "ui-priority": 0, "misp-attribute": "text", - "multiple":"true" + "multiple":true }, "recent-files-accessed": { "description": "List of recent files accessed by the user.", "ui-priority": 0, "misp-attribute": "text", - "multiple":"true" + "multiple":true }, "typed-urls": { "description": "Urls typed by the user in internet explorer", "ui-priority": 0, "misp-attribute": "text", - "multiple":"true" + "multiple":true }, "applications-installed": { "description": "List of applications installed.", "ui-priority": 0, "misp-attribute": "text", - "multiple":"true" + "multiple":true }, "applications-run": { "description": "List of applications set to run on the system.", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true }, "external-devices": { "description": "List of external devices connected to the system by the user.", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true }, "user-init": { "description": "Applications or processes set to run when the user logs onto the windows system.", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true }, "nukeOnDelete": { "description": "Determines if the Recycle bin option has been disabled.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "network-connected-to": { "description": "List of networks the user connected the system to.", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true }, "mount-points": { "description": "Details of the mount points created on the system.", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true, + "disable_correlation": true }, "comments": { "description": "Additional information related to the user profile", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true } }, diff --git a/objects/regripper-sam-hive-single-user/definition.json b/objects/regripper-sam-hive-single-user/definition.json index eb32b5b..2cf93d9 100644 --- a/objects/regripper-sam-hive-single-user/definition.json +++ b/objects/regripper-sam-hive-single-user/definition.json @@ -16,7 +16,8 @@ "key-last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "user-name": { "description": "User name assigned to the user profile.", @@ -31,22 +32,32 @@ "last-login-time": { "description": "Date and time when the user last logged onto the system.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "pwd-reset-time": { "description": "Date and time when the password was last reset.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "pwd-fail-date": { "description": "Date and time when a password last failed for this user profile.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "login-count": { "description": "Number of times the user logged-in onto the system.", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "counter", + "disable_correlation": true + }, + "comments": { + "description": "Full name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true } }, diff --git a/objects/regripper-sam-hive-user-group/definition.json b/objects/regripper-sam-hive-user-group/definition.json index 1e41a1c..bcd2996 100644 --- a/objects/regripper-sam-hive-user-group/definition.json +++ b/objects/regripper-sam-hive-user-group/definition.json @@ -14,7 +14,8 @@ "key-last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "group-name": { "description": "Name assigned to the profile.", @@ -29,18 +30,20 @@ "last-write-date-time": { "description": "Date and time when the group key was updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "group-comment": { "description": "Name assigned to the profile.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "group-users": { "description": "Users belonging to the group", "ui-priority": 0, "misp-attribute": "text", - "multiple": "true" + "multiple": true } }, diff --git a/objects/regripper-software-hive-BHO/definition.json b/objects/regripper-software-hive-BHO/definition.json index 4b70d4a..7c64241 100644 --- a/objects/regripper-software-hive-BHO/definition.json +++ b/objects/regripper-software-hive-BHO/definition.json @@ -12,7 +12,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "BHO-name": { "description": "Name of the browser helper object.", @@ -22,27 +23,31 @@ "BHO-key-last-write-time": { "description": "Date and time when the BHO key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "class": { "description": "Class to which the BHO belongs to.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "module": { "description": "DLL module the BHO belongs to.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "references": { "description": "References to the BHO.", "ui-priority": 0, - "misp-attribute": "links", + "misp-attribute": "link", "multiple":true } }, diff --git a/objects/regripper-software-hive-appInit-DLLS/definition.json b/objects/regripper-software-hive-appInit-DLLS/definition.json index 9aa9753..3923e35 100644 --- a/objects/regripper-software-hive-appInit-DLLS/definition.json +++ b/objects/regripper-software-hive-appInit-DLLS/definition.json @@ -13,7 +13,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "DLL-name": { "description": "Name of the DLL file.", @@ -28,17 +29,19 @@ "DLL-last-write-time": { "description": "Date and time when the DLL file was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "references": { "description": "References to the DLL file.", "ui-priority": 0, - "misp-attribute": "links", + "misp-attribute": "link", "multiple":true } }, diff --git a/objects/regripper-software-hive-application-paths/definition.json b/objects/regripper-software-hive-application-paths/definition.json index 80787f8..939e39a 100644 --- a/objects/regripper-software-hive-application-paths/definition.json +++ b/objects/regripper-software-hive-application-paths/definition.json @@ -13,7 +13,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "executable-file-name": { "description": "Name of the executable file.", @@ -30,12 +31,13 @@ "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "references": { "description": "References to the application installed.", "ui-priority": 0, - "misp-attribute": "links", + "misp-attribute": "link", "multiple":true } }, diff --git a/objects/regripper-software-hive-applications-installed/definition.json b/objects/regripper-software-hive-applications-installed/definition.json index f3bcddb..55c58ea 100644 --- a/objects/regripper-software-hive-applications-installed/definition.json +++ b/objects/regripper-software-hive-applications-installed/definition.json @@ -17,7 +17,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "app-name": { "description": "Name of the application.", @@ -27,7 +28,8 @@ "app-last-write-time": { "description": "Date and time when the application key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "version": { "description": "Version of the application.", @@ -37,12 +39,13 @@ "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "references": { "description": "References to the application installed.", "ui-priority": 0, - "misp-attribute": "links", + "misp-attribute": "link", "multiple":true } }, diff --git a/objects/regripper-software-hive-command-shell/definition.json b/objects/regripper-software-hive-command-shell/definition.json index fc98778..593308d 100644 --- a/objects/regripper-software-hive-command-shell/definition.json +++ b/objects/regripper-software-hive-command-shell/definition.json @@ -13,7 +13,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "shell": { "description": "Type of shell used to execute the command.", @@ -26,7 +27,8 @@ "hta", "pif", "Other" - ] + ], + "disable_correlation": true }, "shell-path": { "description": "Path of the shell.", @@ -41,7 +43,8 @@ "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-software-hive-general-windows-info/definition.json b/objects/regripper-software-hive-general-windows-info/definition.json index 01dff3e..a05492f 100644 --- a/objects/regripper-software-hive-general-windows-info/definition.json +++ b/objects/regripper-software-hive-general-windows-info/definition.json @@ -12,7 +12,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "RegisteredOrganization": { "description": "Name of the registered organization.", @@ -32,7 +33,7 @@ "CurrentBuild": { "description": "Build number of the windows OS.", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "text" }, "SoftwareType": { "description": "Software type of windows.", @@ -42,27 +43,32 @@ "Application", "other" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "InstallationType": { "description": "Type of windows installation.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "InstallDate": { "description": "Date when windows was installed.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "SystemRoot": { "description": "Root directory.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "PathName": { "description": "Path to the root directory.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "EditionID": { "description": "Windows edition.", @@ -103,6 +109,12 @@ "description": "Windows BuildLabEx string.", "ui-priority": 0, "misp-attribute": "text" + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-software-hive-software-run/definition.json b/objects/regripper-software-hive-software-run/definition.json index 83b968c..95e93cc 100644 --- a/objects/regripper-software-hive-software-run/definition.json +++ b/objects/regripper-software-hive-software-run/definition.json @@ -15,17 +15,20 @@ "Terminal", "Other" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "key-path": { "description": "Path of the key.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "application-name": { "description": "Name of the application run.", @@ -42,12 +45,13 @@ "comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "references": { "description": "References to the applications.", "ui-priority": 0, - "misp-attribute": "links", + "misp-attribute": "link", "multiple":true } }, diff --git a/objects/regripper-software-hive-userprofile-winlogon/definition.json b/objects/regripper-software-hive-userprofile-winlogon/definition.json index 0dd3289..6dcbef9 100644 --- a/objects/regripper-software-hive-userprofile-winlogon/definition.json +++ b/objects/regripper-software-hive-userprofile-winlogon/definition.json @@ -7,47 +7,56 @@ "user-profile-key-path": { "description": "key where the user-profile information is retrieved from.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "user-profile-key-last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "user-profile-path": { "description": "Path of the user profile on the system", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "SID": { "description": "Security identifier assigned to the user profile.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "user-profile-last-write-time": { "description": "Date and time when the user profile was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "winlogon-key-path": { "description": "winlogon key referred in order to retrieve default user information", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "winlogon-key-last-write-time": { "description": "Date and time when the winlogon key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "DefaultUserName": { "description": "user-name of the default user.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "Shell": { "description": "Shell set to run when the user logs onto the system.", "ui-priority": 0, "misp-attribute": "text", + "disable_correlation": true, "multiple": true }, "UserInit": { @@ -60,74 +69,88 @@ "description": "Message title set to display when the user logs-in.", "ui-priority": 0, "misp-attribute": "text", - "multiple": true + "multiple": true, + "disable_correlation": true }, "Legal-notice-text": { "description": "Message set to display when the user logs-in.", "ui-priority": 0, "misp-attribute": "text", - "multiple": true + "multiple": true, + "disable_correlation": true }, "PreCreateKnownFolders": { "description": "create known folders key", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "ReportBootOk": { "description": "Flag to check if the reboot was successful.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "AutoRestartShell": { "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "PasswordExpiryWarining": { "description": "Number of times the password expiry warning appeared.", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "counter", + "disable_correlation": true }, "PowerdownAfterShutDown": { "description": "Flag value- if the system is set to power down after it is shutdown.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "ShutdownWithoutLogon": { "description": "Value of the flag set to enable shutdown without requiring a user to login.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "WinStationsDisabled": { "description": "Flag value set to enable/disable logons to the system.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "DisableCAD": { "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "AutoAdminLogon": { "description": "Flag value to determine if autologon is enabled for a user without entering the password.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "CachedLogonCount": { "description": "Number of times the user has logged into the system.", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "counter", + "disable_correlation": true }, "ShutdownFlags": { "description": "Number of times shutdown is initiated from a process when the user is logged-in.", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "counter", + "disable_correlation": true }, "Comments": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-system-hive-firewall-configuration/definition.json b/objects/regripper-system-hive-firewall-configuration/definition.json index cd44858..94ffeb8 100644 --- a/objects/regripper-system-hive-firewall-configuration/definition.json +++ b/objects/regripper-system-hive-firewall-configuration/definition.json @@ -11,27 +11,32 @@ "Standard Profile", "other" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "last-write-time": { "description": "Date and time when the firewall profile policy was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "enbled-firewall": { "description": "Boolean flag to determine if the firewall is enabled.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "disable-notification": { "description": "Boolean flag to determine if firewall notifications are enabled.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true }, "comment": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "" + "misp-attribute": "text", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-system-hive-general-configuration/definition.json b/objects/regripper-system-hive-general-configuration/definition.json index df2a4fe..c007e4a 100644 --- a/objects/regripper-system-hive-general-configuration/definition.json +++ b/objects/regripper-system-hive-general-configuration/definition.json @@ -11,57 +11,74 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "shutdown-time": { "description": "Date and time when the system was shutdown.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "timezone-last-write-time": { "description": "Date and time when the timezone key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "timezone-bias": { "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "timezone-standard-name": { "description": "Timezone standard name used during non-daylight saving months.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "timezone-standard-date": { "description": "Standard date - non daylight saving months", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "timezone-standard-bias": { "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "timezone-daylight-name": { "description": "Timezone name used during daylight saving months.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "timezone-daylight-date": { "description": "Daylight date - daylight saving months", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "timezone-daylight-bias": { "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "fDenyTSConnections:": { "description": "Specifies whether remote connections are enabled or disabled on the system.", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-system-hive-network-information/definition.json b/objects/regripper-system-hive-network-information/definition.json index d2b07b5..3a872e1 100644 --- a/objects/regripper-system-hive-network-information/definition.json +++ b/objects/regripper-system-hive-network-information/definition.json @@ -11,12 +11,14 @@ "network-key-last-write-time": { "description": "Date and time when the network key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "network-key-path": { "description": "Path of the key where the information is retrieved from.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "TCPIP-key": { "description": "TCPIP key", @@ -26,7 +28,8 @@ "TCPIP-key-last-write-time": { "description": "Datetime when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "DHCP-domain": { "description": "Name of the DHCP domain service", @@ -36,32 +39,34 @@ "DHCP-IP-address": { "description": "DHCP service - IP address", "ui-priority": 0, - "misp-attribute": "ip-dist" + "misp-attribute": "ip-dst" }, "DHCP-subnet-mask": { "description": "DHCP subnet mask - IP address.", "ui-priority": 0, - "misp-attribute": "ip-dist" + "misp-attribute": "ip-dst" }, "DHCP-name-server": { "description": "DHCP Name server - IP address.", "ui-priority": 0, - "misp-attribute": "ip-dist" + "misp-attribute": "ip-dst" }, "DHCP-server": { "description": "DHCP server - IP address.", "ui-priority": 0, - "misp-attribute": "ip-dist" + "misp-attribute": "ip-dst" }, "interface-GUID": { "description": "GUID value assigned to the interface.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "interface-last-write-time": { "description": "Last date and time when the interface key was updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "interface-name": { "description": "Name of the interface.", @@ -71,17 +76,26 @@ "interface-PnpInstanceID": { "description": "Plug and Play instance ID assigned to the interface.", "ui-priority": 0, - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "interface-MediaSubType": { "description": "", "ui-priority": 0, - "misp-attribute": "number" + "misp-attribute": "text", + "disable_correlation": true }, "interface-IPcheckingEnabled": { "description": "", "ui-priority": 0, - "misp-attribute": "boolean" + "misp-attribute": "boolean", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true } }, "version": 1, diff --git a/objects/regripper-system-hive-service-drivers/definition.json b/objects/regripper-system-hive-service-drivers/definition.json index 264cbc6..ff7984c 100644 --- a/objects/regripper-system-hive-service-drivers/definition.json +++ b/objects/regripper-system-hive-service-drivers/definition.json @@ -11,7 +11,8 @@ "last-write-time": { "description": "Date and time when the key was last updated.", "ui-priority": 0, - "misp-attribute": "datetime" + "misp-attribute": "datetime", + "disable_correlation": true }, "display": { "description": "Display name/information of the service or the driver.", @@ -34,7 +35,8 @@ "Interactive", "Other" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "start": { "description": "When the service/driver starts or executes.", @@ -46,7 +48,8 @@ "Manual", "Disabled" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "group": { "description": "Group to which the system/driver belong to.", @@ -77,12 +80,14 @@ "Video Save", "other" ], - "misp-attribute": "text" + "misp-attribute": "text", + "disable_correlation": true }, "comment": { "description": "Additional comments.", "ui-priority": 0, - "misp-attribute": "" + "misp-attribute": "", + "disable_correlation": true } }, "version": 1,