MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix: Regripper object templates fixed

pull/118/head
aksha 2018-10-02 10:14:19 +01:00
parent 44d92e95be
commit f8226fc200
15 changed files with 222 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
objects/regripper-NTUser/definition.json
View File

@ -14,7 +14,8 @@
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"logon-user-name": { "logon-user-name": {
"description": "Name assigned to the user profile.", "description": "Name assigned to the user profile.",
@ -25,65 +26,68 @@
"description": "List of recent folders accessed by the user.", "description": "List of recent folders accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":"true" "multiple":true
}, },
"recent-files-accessed": { "recent-files-accessed": {
"description": "List of recent files accessed by the user.", "description": "List of recent files accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":"true" "multiple":true
}, },
"typed-urls": { "typed-urls": {
"description": "Urls typed by the user in internet explorer", "description": "Urls typed by the user in internet explorer",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":"true" "multiple":true
}, },
"applications-installed": { "applications-installed": {
"description": "List of applications installed.", "description": "List of applications installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":"true" "multiple":true
}, },
"applications-run": { "applications-run": {
"description": "List of applications set to run on the system.", "description": "List of applications set to run on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true
}, },
"external-devices": { "external-devices": {
"description": "List of external devices connected to the system by the user.", "description": "List of external devices connected to the system by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true
}, },
"user-init": { "user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.", "description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true
}, },
"nukeOnDelete": { "nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.", "description": "Determines if the Recycle bin option has been disabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"network-connected-to": { "network-connected-to": {
"description": "List of networks the user connected the system to.", "description": "List of networks the user connected the system to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true
}, },
"mount-points": { "mount-points": {
"description": "Details of the mount points created on the system.", "description": "Details of the mount points created on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true,
"disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional information related to the user profile", "description": "Additional information related to the user profile",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
} }
}, },

21
objects/regripper-sam-hive-single-user/definition.json
View File

@ -16,7 +16,8 @@
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"user-name": { "user-name": {
"description": "User name assigned to the user profile.", "description": "User name assigned to the user profile.",
@ -31,22 +32,32 @@
"last-login-time": { "last-login-time": {
"description": "Date and time when the user last logged onto the system.", "description": "Date and time when the user last logged onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"pwd-reset-time": { "pwd-reset-time": {
"description": "Date and time when the password was last reset.", "description": "Date and time when the password was last reset.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"pwd-fail-date": { "pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.", "description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"login-count": { "login-count": {
"description": "Number of times the user logged-in onto the system.", "description": "Number of times the user logged-in onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "counter",
"disable_correlation": true
},
"comments": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
} }
}, },

11
objects/regripper-sam-hive-user-group/definition.json
View File

@ -14,7 +14,8 @@
"key-last-write-time": { "key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"group-name": { "group-name": {
"description": "Name assigned to the profile.", "description": "Name assigned to the profile.",
@ -29,18 +30,20 @@
"last-write-date-time": { "last-write-date-time": {
"description": "Date and time when the group key was updated.", "description": "Date and time when the group key was updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"group-comment": { "group-comment": {
"description": "Name assigned to the profile.", "description": "Name assigned to the profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"group-users": { "group-users": {
"description": "Users belonging to the group", "description": "Users belonging to the group",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": "true" "multiple": true
} }
}, },

17
objects/regripper-software-hive-BHO/definition.json
View File

@ -12,7 +12,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"BHO-name": { "BHO-name": {
"description": "Name of the browser helper object.", "description": "Name of the browser helper object.",
@ -22,27 +23,31 @@
"BHO-key-last-write-time": { "BHO-key-last-write-time": {
"description": "Date and time when the BHO key was last updated.", "description": "Date and time when the BHO key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"class": { "class": {
"description": "Class to which the BHO belongs to.", "description": "Class to which the BHO belongs to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"module": { "module": {
"description": "DLL module the BHO belongs to.", "description": "DLL module the BHO belongs to.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"references": { "references": {
"description": "References to the BHO.", "description": "References to the BHO.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "links", "misp-attribute": "link",
"multiple":true "multiple":true
} }
}, },

11
objects/regripper-software-hive-appInit-DLLS/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"DLL-name": { "DLL-name": {
"description": "Name of the DLL file.", "description": "Name of the DLL file.",
@ -28,17 +29,19 @@
"DLL-last-write-time": { "DLL-last-write-time": {
"description": "Date and time when the DLL file was last updated.", "description": "Date and time when the DLL file was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"references": { "references": {
"description": "References to the DLL file.", "description": "References to the DLL file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "links", "misp-attribute": "link",
"multiple":true "multiple":true
} }
}, },

8
objects/regripper-software-hive-application-paths/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"executable-file-name": { "executable-file-name": {
"description": "Name of the executable file.", "description": "Name of the executable file.",
@ -30,12 +31,13 @@
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"references": { "references": {
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "links", "misp-attribute": "link",
"multiple":true "multiple":true
} }
}, },

11
objects/regripper-software-hive-applications-installed/definition.json
View File

@ -17,7 +17,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"app-name": { "app-name": {
"description": "Name of the application.", "description": "Name of the application.",
@ -27,7 +28,8 @@
"app-last-write-time": { "app-last-write-time": {
"description": "Date and time when the application key was last updated.", "description": "Date and time when the application key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"version": { "version": {
"description": "Version of the application.", "description": "Version of the application.",
@ -37,12 +39,13 @@
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"references": { "references": {
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "links", "misp-attribute": "link",
"multiple":true "multiple":true
} }
}, },

9
objects/regripper-software-hive-command-shell/definition.json
View File

@ -13,7 +13,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"shell": { "shell": {
"description": "Type of shell used to execute the command.", "description": "Type of shell used to execute the command.",
@ -26,7 +27,8 @@
"hta", "hta",
"pif", "pif",
"Other" "Other"
] ],
"disable_correlation": true
}, },
"shell-path": { "shell-path": {
"description": "Path of the shell.", "description": "Path of the shell.",
@ -41,7 +43,8 @@
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

26
objects/regripper-software-hive-general-windows-info/definition.json
View File

@ -12,7 +12,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"RegisteredOrganization": { "RegisteredOrganization": {
"description": "Name of the registered organization.", "description": "Name of the registered organization.",
@ -32,7 +33,7 @@
"CurrentBuild": { "CurrentBuild": {
"description": "Build number of the windows OS.", "description": "Build number of the windows OS.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "text"
}, },
"SoftwareType": { "SoftwareType": {
"description": "Software type of windows.", "description": "Software type of windows.",
@ -42,27 +43,32 @@
"Application", "Application",
"other" "other"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"InstallationType": { "InstallationType": {
"description": "Type of windows installation.", "description": "Type of windows installation.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"InstallDate": { "InstallDate": {
"description": "Date when windows was installed.", "description": "Date when windows was installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"SystemRoot": { "SystemRoot": {
"description": "Root directory.", "description": "Root directory.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"PathName": { "PathName": {
"description": "Path to the root directory.", "description": "Path to the root directory.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"EditionID": { "EditionID": {
"description": "Windows edition.", "description": "Windows edition.",
@ -103,6 +109,12 @@
"description": "Windows BuildLabEx string.", "description": "Windows BuildLabEx string.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

14
objects/regripper-software-hive-software-run/definition.json
View File

@ -15,17 +15,20 @@
"Terminal", "Terminal",
"Other" "Other"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"key-path": { "key-path": {
"description": "Path of the key.", "description": "Path of the key.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"application-name": { "application-name": {
"description": "Name of the application run.", "description": "Name of the application run.",
@ -42,12 +45,13 @@
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"references": { "references": {
"description": "References to the applications.", "description": "References to the applications.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "links", "misp-attribute": "link",
"multiple":true "multiple":true
} }
}, },

67
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -7,47 +7,56 @@
"user-profile-key-path": { "user-profile-key-path": {
"description": "key where the user-profile information is retrieved from.", "description": "key where the user-profile information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"user-profile-key-last-write-time": { "user-profile-key-last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"user-profile-path": { "user-profile-path": {
"description": "Path of the user profile on the system", "description": "Path of the user profile on the system",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"SID": { "SID": {
"description": "Security identifier assigned to the user profile.", "description": "Security identifier assigned to the user profile.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"user-profile-last-write-time": { "user-profile-last-write-time": {
"description": "Date and time when the user profile was last updated.", "description": "Date and time when the user profile was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"winlogon-key-path": { "winlogon-key-path": {
"description": "winlogon key referred in order to retrieve default user information", "description": "winlogon key referred in order to retrieve default user information",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"winlogon-key-last-write-time": { "winlogon-key-last-write-time": {
"description": "Date and time when the winlogon key was last updated.", "description": "Date and time when the winlogon key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"DefaultUserName": { "DefaultUserName": {
"description": "user-name of the default user.", "description": "user-name of the default user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"Shell": { "Shell": {
"description": "Shell set to run when the user logs onto the system.", "description": "Shell set to run when the user logs onto the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true,
"multiple": true "multiple": true
}, },
"UserInit": { "UserInit": {
@ -60,74 +69,88 @@
"description": "Message title set to display when the user logs-in.", "description": "Message title set to display when the user logs-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true,
"disable_correlation": true
}, },
"Legal-notice-text": { "Legal-notice-text": {
"description": "Message set to display when the user logs-in.", "description": "Message set to display when the user logs-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true,
"disable_correlation": true
}, },
"PreCreateKnownFolders": { "PreCreateKnownFolders": {
"description": "create known folders key", "description": "create known folders key",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"ReportBootOk": { "ReportBootOk": {
"description": "Flag to check if the reboot was successful.", "description": "Flag to check if the reboot was successful.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"AutoRestartShell": { "AutoRestartShell": {
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"PasswordExpiryWarining": { "PasswordExpiryWarining": {
"description": "Number of times the password expiry warning appeared.", "description": "Number of times the password expiry warning appeared.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "counter",
"disable_correlation": true
}, },
"PowerdownAfterShutDown": { "PowerdownAfterShutDown": {
"description": "Flag value- if the system is set to power down after it is shutdown.", "description": "Flag value- if the system is set to power down after it is shutdown.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"ShutdownWithoutLogon": { "ShutdownWithoutLogon": {
"description": "Value of the flag set to enable shutdown without requiring a user to login.", "description": "Value of the flag set to enable shutdown without requiring a user to login.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"WinStationsDisabled": { "WinStationsDisabled": {
"description": "Flag value set to enable/disable logons to the system.", "description": "Flag value set to enable/disable logons to the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"DisableCAD": { "DisableCAD": {
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"AutoAdminLogon": { "AutoAdminLogon": {
"description": "Flag value to determine if autologon is enabled for a user without entering the password.", "description": "Flag value to determine if autologon is enabled for a user without entering the password.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"CachedLogonCount": { "CachedLogonCount": {
"description": "Number of times the user has logged into the system.", "description": "Number of times the user has logged into the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "counter",
"disable_correlation": true
}, },
"ShutdownFlags": { "ShutdownFlags": {
"description": "Number of times shutdown is initiated from a process when the user is logged-in.", "description": "Number of times shutdown is initiated from a process when the user is logged-in.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "counter",
"disable_correlation": true
}, },
"Comments": "Comments":
{ {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

15
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -11,27 +11,32 @@
"Standard Profile", "Standard Profile",
"other" "other"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"last-write-time": { "last-write-time": {
"description": "Date and time when the firewall profile policy was last updated.", "description": "Date and time when the firewall profile policy was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"enbled-firewall": { "enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.", "description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"disable-notification": { "disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.", "description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "" "misp-attribute": "text",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

39
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -11,57 +11,74 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"shutdown-time": { "shutdown-time": {
"description": "Date and time when the system was shutdown.", "description": "Date and time when the system was shutdown.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"timezone-last-write-time": { "timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.", "description": "Date and time when the timezone key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"timezone-bias": { "timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"timezone-standard-name": { "timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.", "description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"timezone-standard-date": { "timezone-standard-date": {
"description": "Standard date - non daylight saving months", "description": "Standard date - non daylight saving months",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"timezone-standard-bias": { "timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"timezone-daylight-name": { "timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.", "description": "Timezone name used during daylight saving months.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"timezone-daylight-date": { "timezone-daylight-date": {
"description": "Daylight date - daylight saving months", "description": "Daylight date - daylight saving months",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"timezone-daylight-bias": { "timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"fDenyTSConnections:": { "fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.", "description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

38
objects/regripper-system-hive-network-information/definition.json
View File

@ -11,12 +11,14 @@
"network-key-last-write-time": { "network-key-last-write-time": {
"description": "Date and time when the network key was last updated.", "description": "Date and time when the network key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"network-key-path": { "network-key-path": {
"description": "Path of the key where the information is retrieved from.", "description": "Path of the key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"TCPIP-key": { "TCPIP-key": {
"description": "TCPIP key", "description": "TCPIP key",
@ -26,7 +28,8 @@
"TCPIP-key-last-write-time": { "TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.", "description": "Datetime when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"DHCP-domain": { "DHCP-domain": {
"description": "Name of the DHCP domain service", "description": "Name of the DHCP domain service",
@ -36,32 +39,34 @@
"DHCP-IP-address": { "DHCP-IP-address": {
"description": "DHCP service - IP address", "description": "DHCP service - IP address",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dist" "misp-attribute": "ip-dst"
}, },
"DHCP-subnet-mask": { "DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.", "description": "DHCP subnet mask - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dist" "misp-attribute": "ip-dst"
}, },
"DHCP-name-server": { "DHCP-name-server": {
"description": "DHCP Name server - IP address.", "description": "DHCP Name server - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dist" "misp-attribute": "ip-dst"
}, },
"DHCP-server": { "DHCP-server": {
"description": "DHCP server - IP address.", "description": "DHCP server - IP address.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "ip-dist" "misp-attribute": "ip-dst"
}, },
"interface-GUID": { "interface-GUID": {
"description": "GUID value assigned to the interface.", "description": "GUID value assigned to the interface.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"interface-last-write-time": { "interface-last-write-time": {
"description": "Last date and time when the interface key was updated.", "description": "Last date and time when the interface key was updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"interface-name": { "interface-name": {
"description": "Name of the interface.", "description": "Name of the interface.",
@ -71,17 +76,26 @@
"interface-PnpInstanceID": { "interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.", "description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"interface-MediaSubType": { "interface-MediaSubType": {
"description": "", "description": "",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "number" "misp-attribute": "text",
"disable_correlation": true
}, },
"interface-IPcheckingEnabled": { "interface-IPcheckingEnabled": {
"description": "", "description": "",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "boolean" "misp-attribute": "boolean",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,

15
objects/regripper-system-hive-service-drivers/definition.json
View File

@ -11,7 +11,8 @@
"last-write-time": { "last-write-time": {
"description": "Date and time when the key was last updated.", "description": "Date and time when the key was last updated.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime" "misp-attribute": "datetime",
"disable_correlation": true
}, },
"display": { "display": {
"description": "Display name/information of the service or the driver.", "description": "Display name/information of the service or the driver.",
@ -34,7 +35,8 @@
"Interactive", "Interactive",
"Other" "Other"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"start": { "start": {
"description": "When the service/driver starts or executes.", "description": "When the service/driver starts or executes.",
@ -46,7 +48,8 @@
"Manual", "Manual",
"Disabled" "Disabled"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"group": { "group": {
"description": "Group to which the system/driver belong to.", "description": "Group to which the system/driver belong to.",
@ -77,12 +80,14 @@
"Video Save", "Video Save",
"other" "other"
], ],
"misp-attribute": "text" "misp-attribute": "text",
"disable_correlation": true
}, },
"comment": { "comment": {
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "" "misp-attribute": "",
"disable_correlation": true
} }
}, },
"version": 1, "version": 1,