mirror of https://github.com/MISP/misp-objects
162 lines
5.5 KiB
JSON
162 lines
5.5 KiB
JSON
{
|
|
"required": [
|
|
"user-profile-key-path",
|
|
"SID"
|
|
],
|
|
"attributes": {
|
|
"user-profile-key-path": {
|
|
"description": "key where the user-profile information is retrieved from.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"user-profile-key-last-write-time": {
|
|
"description": "Date and time when the key was last updated.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "datetime",
|
|
"disable_correlation": true
|
|
},
|
|
"user-profile-path": {
|
|
"description": "Path of the user profile on the system",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"SID": {
|
|
"description": "Security identifier assigned to the user profile.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"user-profile-last-write-time": {
|
|
"description": "Date and time when the user profile was last updated.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "datetime",
|
|
"disable_correlation": true
|
|
},
|
|
"winlogon-key-path": {
|
|
"description": "winlogon key referred in order to retrieve default user information",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"winlogon-key-last-write-time": {
|
|
"description": "Date and time when the winlogon key was last updated.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "datetime",
|
|
"disable_correlation": true
|
|
},
|
|
"DefaultUserName": {
|
|
"description": "user-name of the default user.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"Shell": {
|
|
"description": "Shell set to run when the user logs onto the system.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true,
|
|
"multiple": true
|
|
},
|
|
"UserInit": {
|
|
"description": "Applications and files set to run when the user logs onto the system (User logon activity).",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"multiple": true
|
|
},
|
|
"Legal-notice-caption": {
|
|
"description": "Message title set to display when the user logs-in.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"disable_correlation": true
|
|
},
|
|
"Legal-notice-text": {
|
|
"description": "Message set to display when the user logs-in.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"disable_correlation": true
|
|
},
|
|
"PreCreateKnownFolders": {
|
|
"description": "create known folders key",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
},
|
|
"ReportBootOk": {
|
|
"description": "Flag to check if the reboot was successful.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"AutoRestartShell": {
|
|
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"PasswordExpiryWarining": {
|
|
"description": "Number of times the password expiry warning appeared.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "counter",
|
|
"disable_correlation": true
|
|
},
|
|
"PowerdownAfterShutDown": {
|
|
"description": "Flag value- if the system is set to power down after it is shutdown.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"ShutdownWithoutLogon": {
|
|
"description": "Value of the flag set to enable shutdown without requiring a user to login.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"WinStationsDisabled": {
|
|
"description": "Flag value set to enable/disable logons to the system.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"DisableCAD": {
|
|
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"AutoAdminLogon": {
|
|
"description": "Flag value to determine if autologon is enabled for a user without entering the password.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "boolean",
|
|
"disable_correlation": true
|
|
},
|
|
"CachedLogonCount": {
|
|
"description": "Number of times the user has logged into the system.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "counter",
|
|
"disable_correlation": true
|
|
},
|
|
"ShutdownFlags": {
|
|
"description": "Number of times shutdown is initiated from a process when the user is logged-in.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "counter",
|
|
"disable_correlation": true
|
|
},
|
|
"Comments":
|
|
{
|
|
"description": "Additional comments.",
|
|
"ui-priority": 0,
|
|
"misp-attribute": "text",
|
|
"disable_correlation": true
|
|
}
|
|
},
|
|
"version": 1,
|
|
"description": "Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.",
|
|
"meta-category": "misc",
|
|
"uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59",
|
|
"name": "regripper-software-hive-userprofile-winlogon"
|
|
}
|