misp-objects/objects/regripper-NTUser/definition.json

102 lines
3.0 KiB
JSON

{
"attributes": {
"applications-installed": {
"description": "List of applications installed.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"applications-run": {
"description": "List of applications set to run on the system.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"comments": {
"description": "Additional information related to the user profile",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"external-devices": {
"description": "List of external devices connected to the system by the user.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"key": {
"description": "Registry key where the information is retrieved from.",
"misp-attribute": "text",
"ui-priority": 0
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"logon-user-name": {
"description": "Name assigned to the user profile.",
"misp-attribute": "text",
"ui-priority": 0
},
"mount-points": {
"description": "Details of the mount points created on the system.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"network-connected-to": {
"description": "List of networks the user connected the system to.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"recent-files-accessed": {
"description": "List of recent files accessed by the user.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"recent-folders-accessed": {
"description": "List of recent folders accessed by the user.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"typed-urls": {
"description": "Urls typed by the user in internet explorer",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
"meta-category": "misc",
"name": "regripper-NTUser",
"required": [
"key"
],
"requiredOneOf": [
"logon-user-name"
],
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"version": 2
}