mirror of https://github.com/MISP/misp-objects
143 lines
3.9 KiB
JSON
143 lines
3.9 KiB
JSON
{
|
|
"name": "user-account",
|
|
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
|
|
"meta-category": "misc",
|
|
"description": "",
|
|
"version": 2,
|
|
"requiredOneOf": [
|
|
"password",
|
|
"username",
|
|
"user-id"
|
|
],
|
|
"attributes": {
|
|
"text": {
|
|
"description": "A description of the user account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"username": {
|
|
"description": "Username related to the password.",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"user-id": {
|
|
"description": "Identifier of the account.",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"password": {
|
|
"description": "Password related to the username.",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"display-name": {
|
|
"description": "Display name of the account.",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"account-type": {
|
|
"description": "Type of the account.",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text",
|
|
"sane_default": [
|
|
"facebook",
|
|
"ldap",
|
|
"nis",
|
|
"openid",
|
|
"radius",
|
|
"skype",
|
|
"tacacs",
|
|
"twitter",
|
|
"unix",
|
|
"windows-local",
|
|
"windows-domain"
|
|
]
|
|
},
|
|
"link": {
|
|
"description": "Original link into the account page (Supposed harmless)",
|
|
"ui-priority": 1,
|
|
"misp-attribute": "link"
|
|
},
|
|
"is_service_account": {
|
|
"description": "Specifies if the account is associated with a network service.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "boolean"
|
|
},
|
|
"privileged": {
|
|
"description": "Specifies if the account has privileges such as root rights.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "boolean"
|
|
},
|
|
"can_escalate_privs": {
|
|
"description": "Specifies if the account has the ability to escalate privileges.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "boolean"
|
|
},
|
|
"disabled": {
|
|
"description": "Specifies if the account is desabled.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "boolean"
|
|
},
|
|
"created": {
|
|
"description": "Creation time of the account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "datetime"
|
|
},
|
|
"expires": {
|
|
"description": "Expiration time of the account",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "datetime"
|
|
},
|
|
"first_login": {
|
|
"description": "First time someone logged in to the account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "datetime"
|
|
},
|
|
"last_login": {
|
|
"description": "Last time someone logged in to the account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "datetime"
|
|
},
|
|
"password_last_changed": {
|
|
"description": "Last time the password has been changed.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "datetime"
|
|
},
|
|
"group-id": {
|
|
"description": "Identifier of the primary group of the account, in case of a UNIX account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"group": {
|
|
"description": "UNIX group(s) the account is member of.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text",
|
|
"multiple": true
|
|
},
|
|
"home_dir": {
|
|
"description": "Home directory of the UNIX account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
},
|
|
"shell": {
|
|
"description": "UNIX command shell of the account.",
|
|
"disable_correlation": true,
|
|
"ui-priority": 1,
|
|
"misp-attribute": "text"
|
|
}
|
|
}
|
|
}
|