Merge pull request #193 from kx499/master

Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00 · 2019-07-14 07:59:30 +02:00 · fbeb34ccb7
parent 17f1b75973 c8f6c97da0
commit fbeb34ccb7
3 changed files with 198 additions and 0 deletions
--- a/objects/dns-record/definition.json
+++ b/objects/dns-record/definition.json
@ -0,0 +1,62 @@
+{
+  "required": [
+    "queried-domain"
+  ],
+  "requiredOneOf": [
+    "a-record",
+    "mx-record",
+    "ns-record"
+  ],
+  "attributes": {
+    "text": {
+      "description": "A description of the records",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "recommended": false
+    },
+    "queried-domain": {
+      "description": "Domain name",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "domain"
+    },
+    "a-record": {
+      "description": "IP Address sassociated with A Records",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "ip-dst",
+      "multiple": true
+    },
+    "mx-record": {
+      "description": "Domain associated with MX Record",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "domain",
+      "multiple": true
+    },
+    "ns-record": {
+      "description": "Domain associated with NS Records",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "domain",
+      "multiple": true
+    }
+  },
+  "version": 1,
+  "description": "A set of dns records observed for a specific domain.",
+  "meta-category": "network",
+  "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9",
+  "name": "dns-record"
+}
--- a/objects/employee/definition.json
+++ b/objects/employee/definition.json
@ -0,0 +1,66 @@
+{
+  "required": [
+    "email-address"
+  ],
+  "attributes": {
+    "text": {
+      "description": "A description of the person or identity.",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "last-name": {
+      "description": "Last name Employee",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "last-name"
+    },
+    "first-name": {
+      "description": "First name of Employee",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "first-name"
+    },
+    "email-address": {
+      "description": "Employee Email Address",
+      "ui-priority": 0,
+      "misp-attribute": "target-email"
+    },
+    "userid": {
+      "description": "EMployee user identification",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "target-user"
+    },
+    "primary-asset": {
+      "description": "Asset tag of the primary asset assigned to employee",
+      "ui-priority": 0,
+      "misp-attribute": "target-machine"
+    },
+    "business-unit": {
+      "description": "the organizational business unit associated with the employee",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "target-org"
+    },
+    "employee-type": {
+      "description": "type of employee",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "values_list": [
+        "Mid-Level Manager",
+        "Senior Manager",
+        "Non-Manager",
+        "Supervisor",
+        "First-Line Manager",
+        "Director"
+      ]
+    }
+  },
+  "version": 1,
+  "description": "An employee and related data points",
+  "meta-category": "misc",
+  "uuid": "443b2f15-d7c9-4d3d-bfd2-38f099753e83",
+  "name": "employee"
+}
--- a/objects/shodan-report/definition.json
+++ b/objects/shodan-report/definition.json
@ -0,0 +1,70 @@
+{
+  "required": [
+    "ip"
+  ],
+  "requiredOneOf": [
+    "hostname",
+    "org",
+    "port",
+    "banner"
+  ],
+  "attributes": {
+    "text": {
+      "description": "A description of the report",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "recommended": false
+    },
+    "ip": {
+      "description": "IP Address Queried",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "ip-dst"
+    },
+    "hostname": {
+      "description": "Hostnames found",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "domain",
+      "multiple": true
+    },
+    "org": {
+      "description": "Associated Organization",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "port": {
+      "description": "Listening Port",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "port"
+    },
+    "banner": {
+      "description": "server banner reported",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    }
+  },
+  "version": 1,
+  "description": "Shodan Report for a given IP",
+  "meta-category": "network",
+  "uuid": "10b03d93-3694-4a79-9cd1-4a273746303a",
+  "name": "shodan-report"
+}