{ "attributes": { "Computer": { "description": "Computer name on which the event occurred", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Correlation-ID": { "description": "Unique activity identity which relates the event to a process. ", "misp-attribute": "text", "ui-priority": 0 }, "Event-data": { "description": "Event data description.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Keywords": { "description": "Tags used for the event for the purpose of filtering or searching.", "misp-attribute": "text", "sane_default": [ "Network", "Security", "Resource not found", "other" ], "ui-priority": 0 }, "Operational-code": { "description": "The opcode (numeric value or name) associated with the activity carried out by the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Processor-ID": { "description": "ID of the processor that processed the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Relative-Correlation-ID": { "description": "Related activity ID which identity similar activities which occurred as a part of the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Session-ID": { "description": "Terminal server session ID.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "Thread-ID": { "description": "Thread id that generated the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "User": { "description": "Name or the User ID the event is associated with.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "comment": { "description": "Additional comments.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "event-channel": { "description": " Channel through which the event occurred", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "Application", "System", "Security", "Setup", "other" ], "ui-priority": 3 }, "event-date-time": { "description": "Date and time when the event was logged.", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, "event-id": { "description": "A unique number which identifies the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 1 }, "event-type": { "description": "Event-type assigned to the event", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "Admin", "Operational", "Audit", "Analytic", "Debug", "other" ], "ui-priority": 0 }, "kernel-time": { "description": "Execution time of the kernel mode instruction.", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, "level": { "description": "Determines the event severity.", "misp-attribute": "text", "sane_default": [ "Information", "Warning", "Error", "Critical", "Success Audit", "Failure Audit" ], "ui-priority": 0 }, "log": { "description": "Log file where the event was recorded.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "name": { "description": "Name of the event.", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 2 }, "source": { "description": "The source of the event log - application/software that logged the event.", "misp-attribute": "text", "ui-priority": 0 }, "task-category": { "description": "Activity by the event publisher", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "user-time": { "description": "Date and time when the user instruction was executed.", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 } }, "description": "Event log object template to share information of the activities conducted on a system. ", "meta-category": "misc", "name": "python-etvx-event-log", "required": [ "source", "event-type", "name" ], "uuid": "94e3aee9-cb99-4503-9bf6-7da3db5de55e", "version": 1 }