From f9204db3045a28224dddb1a3be6223d78d1ba69c Mon Sep 17 00:00:00 2001
From: Thomas Gardner <thomas.gardner@centurylink.com>
Date: Mon, 23 Oct 2017 10:43:12 -0400
Subject: [PATCH] added av-signature and virustotal-report

---
 objects/av-signature/definition.json      | 47 ++++++++++++++++++++
 objects/virustotal-report/definition.json | 54 +++++++++++++++++++++++
 2 files changed, 101 insertions(+)
 create mode 100644 objects/av-signature/definition.json
 create mode 100644 objects/virustotal-report/definition.json

diff --git a/objects/av-signature/definition.json b/objects/av-signature/definition.json
new file mode 100644
index 0000000..0a53c4a
--- /dev/null
+++ b/objects/av-signature/definition.json
@@ -0,0 +1,47 @@
+{
+    "required": [
+        "software",
+        "signature"
+    ],
+    "attributes": {
+        "software": {
+            "description": "Name of antivirus software",
+            "categories": [
+                "Antivirus detection"
+            ],
+            "ui-priority": 1,
+            "misp-attribute": "text"
+        },
+        "signature": {
+            "description": "Name of detection signature",
+            "categories": [
+                "Antivirus detection"
+            ],
+            "ui-priority": 2,
+            "misp-attribute": "text"
+        },
+        "text": {
+            "description": "Free text value to attach to the file",
+            "disable_correlation": true,
+            "categories": [
+                "Other"
+            ],
+            "ui-priority": 0,
+            "misp-attribute": "text"
+        },
+        "datetime": {
+            "description": "Datetime",
+            "disable_correlation": true,
+            "categories": [
+                "Other"
+            ],
+            "ui-priority": 0,
+            "misp-attribute": "datetime"
+        }
+    },
+    "version": 1,
+    "description": "Antivirus detection signature",
+    "meta-category": "misc",
+    "uuid": "4dbb56ef-4763-4c97-8696-a2bfc305cf8e",
+    "name": "av-signature"
+}
\ No newline at end of file
diff --git a/objects/virustotal-report/definition.json b/objects/virustotal-report/definition.json
new file mode 100644
index 0000000..43a2c8d
--- /dev/null
+++ b/objects/virustotal-report/definition.json
@@ -0,0 +1,54 @@
+{
+    "required": [
+        "permalink"
+    ],
+    "attributes": {
+        "community-score": {
+            "description": "Community Score",
+            "disable_correlation": true,
+            "categories": [
+                "External analysis"
+            ],
+            "ui-priority": 0,
+            "misp-attribute": "text"
+        },
+        "detection-ratio": {
+            "description": "Detection Ratio",
+            "disable_correlation": true,
+            "categories": [
+                "External analysis"
+            ],
+            "ui-priority": 1,
+            "misp-attribute": "text"
+        },
+        "first-submission": {
+            "description": "First Submission",
+            "categories": [
+                "Other"
+            ],
+            "ui-priority": 0,
+            "misp-attribute": "datetime"
+        },
+        "last-submission": {
+            "description": "Last Submission",
+            "categories": [
+                "Other"
+            ],
+            "ui-priority": 0,
+            "misp-attribute": "datetime"
+        },
+        "permalink": {
+            "description": "Permalink Reference",
+            "categories": [
+                "External analysis"
+            ],
+            "ui-priority": 2,
+            "misp-attribute": "link"
+        }
+    },
+    "version": 1,
+    "description": "VirusTotal report",
+    "meta-category": "misc",
+    "uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
+    "name": "virustotal-report"
+}
\ No newline at end of file