Merge pull request #193 from kx499/master

Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00 · 2019-07-14 07:59:30 +02:00 · fbeb34ccb7
parent 17f1b75973 c8f6c97da0
commit fbeb34ccb7
3 changed files with 198 additions and 0 deletions
--- a/objects/dns-record/definition.json
+++ b/objects/dns-record/definition.json
@ -0,0 +1,62 @@
 {
  "required": [
    "queried-domain"
  ],
  "requiredOneOf": [
    "a-record",
    "mx-record",
    "ns-record"
  ],
  "attributes": {
    "text": {
      "description": "A description of the records",
      "ui-priority": 1,
      "misp-attribute": "text",
      "recommended": false
    },
    "queried-domain": {
      "description": "Domain name",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "domain"
    },
    "a-record": {
      "description": "IP Address sassociated with A Records",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "ip-dst",
      "multiple": true
    },
    "mx-record": {
      "description": "Domain associated with MX Record",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "domain",
      "multiple": true
    },
    "ns-record": {
      "description": "Domain associated with NS Records",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "domain",
      "multiple": true
    }
  },
  "version": 1,
  "description": "A set of dns records observed for a specific domain.",
  "meta-category": "network",
  "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9",
  "name": "dns-record"
 }
--- a/objects/employee/definition.json
+++ b/objects/employee/definition.json
@ -0,0 +1,66 @@
 {
  "required": [
    "email-address"
  ],
  "attributes": {
    "text": {
      "description": "A description of the person or identity.",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "last-name": {
      "description": "Last name Employee",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "last-name"
    },
    "first-name": {
      "description": "First name of Employee",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "first-name"
    },
    "email-address": {
      "description": "Employee Email Address",
      "ui-priority": 0,
      "misp-attribute": "target-email"
    },
    "userid": {
      "description": "EMployee user identification",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "target-user"
    },
    "primary-asset": {
      "description": "Asset tag of the primary asset assigned to employee",
      "ui-priority": 0,
      "misp-attribute": "target-machine"
    },
    "business-unit": {
      "description": "the organizational business unit associated with the employee",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "target-org"
    },
    "employee-type": {
      "description": "type of employee",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text",
      "values_list": [
        "Mid-Level Manager",
        "Senior Manager",
        "Non-Manager",
        "Supervisor",
        "First-Line Manager",
        "Director"
      ]
    }
  },
  "version": 1,
  "description": "An employee and related data points",
  "meta-category": "misc",
  "uuid": "443b2f15-d7c9-4d3d-bfd2-38f099753e83",
  "name": "employee"
 }
--- a/objects/shodan-report/definition.json
+++ b/objects/shodan-report/definition.json
@ -0,0 +1,70 @@
 {
  "required": [
    "ip"
  ],
  "requiredOneOf": [
    "hostname",
    "org",
    "port",
    "banner"
  ],
  "attributes": {
    "text": {
      "description": "A description of the report",
      "ui-priority": 1,
      "misp-attribute": "text",
      "recommended": false
    },
    "ip": {
      "description": "IP Address Queried",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "ip-dst"
    },
    "hostname": {
      "description": "Hostnames found",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "domain",
      "multiple": true
    },
    "org": {
      "description": "Associated Organization",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "port": {
      "description": "Listening Port",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "port"
    },
    "banner": {
      "description": "server banner reported",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "text"
    }
  },
  "version": 1,
  "description": "Shodan Report for a given IP",
  "meta-category": "network",
  "uuid": "10b03d93-3694-4a79-9cd1-4a273746303a",
  "name": "shodan-report"
 }