mirror of https://github.com/MISP/misp-objects
199 lines
5.8 KiB
JSON
199 lines
5.8 KiB
JSON
{
|
|
"requiredOneOf": [
|
|
"description",
|
|
"method",
|
|
"key",
|
|
"keyed-hash-function",
|
|
"encryption-function",
|
|
"regexp",
|
|
"iv"
|
|
],
|
|
"attributes": {
|
|
"method": {
|
|
"description": "Anonymisation (or pseudo-anonymisation) method(s) used",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"sane_default": [
|
|
"hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
|
|
"hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
|
|
"permutation - Maps each original value to a unique new value.",
|
|
"prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
|
|
"shift - Adds a fixed offset to each value/attribute.",
|
|
"enumeration - Map each original value to a new value such that their ordering is preserved.",
|
|
"partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
|
|
"updated - Checksums are recalculated to reflect changes made to other fields.",
|
|
"truncation - Field is shortened, losing data at the end.",
|
|
"encryption - Attribute is encrypted."
|
|
],
|
|
"misp-attribute": "text",
|
|
"multiple": true
|
|
},
|
|
"key": {
|
|
"description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text"
|
|
},
|
|
"iv": {
|
|
"description": "Initialisation vector for the encryption function used to anonymise the attribute",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text"
|
|
},
|
|
"keyed-hash-function": {
|
|
"description": "Keyed-hash function used to anonymise the attribute",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"sane_default": [
|
|
"hmac-sha1",
|
|
"hmac-md5",
|
|
"hmac-sha256",
|
|
"hmac-sha384",
|
|
"hmac-sha512"
|
|
],
|
|
"misp-attribute": "text"
|
|
},
|
|
"encryption-function": {
|
|
"description": "Encryption function or algorithm used to anonymise the attribute",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"sane_default": [
|
|
"aes128",
|
|
"aes-128-cbc",
|
|
"aes-128-cfb",
|
|
"aes-128-cfb1",
|
|
"aes-128-cfb8",
|
|
"aes-128-ctr",
|
|
"aes-128-ecb",
|
|
"aes-128-ofb",
|
|
"aes192",
|
|
"aes-192-cbc",
|
|
"aes-192-cfb",
|
|
"aes-192-cfb1",
|
|
"aes-192-cfb8",
|
|
"aes-192-ctr",
|
|
"aes-192-ecb",
|
|
"aes-192-ofb",
|
|
"aes-256-cfb",
|
|
"aes-256-cfb1",
|
|
"aes-256-cfb8",
|
|
"aes-256-ctr",
|
|
"aes-256-ecb",
|
|
"aes-256-ofb",
|
|
"bf",
|
|
"bf-cbc",
|
|
"bf-cfb",
|
|
"bf-ecb",
|
|
"bf-ofb",
|
|
"blowfish",
|
|
"camellia128",
|
|
"camellia-128-cbc",
|
|
"camellia-128-cfb",
|
|
"camellia-128-cfb1",
|
|
"camellia-128-cfb8",
|
|
"camellia-128-ctr",
|
|
"camellia-128-ecb",
|
|
"camellia-128-ofb",
|
|
"camellia192",
|
|
"camellia-192-cbc",
|
|
"camellia-192-cfb",
|
|
"camellia-192-cfb1",
|
|
"camellia-192-cfb8",
|
|
"camellia-192-ctr",
|
|
"camellia-192-ecb",
|
|
"camellia-192-ofb",
|
|
"camellia256",
|
|
"camellia-256-cbc",
|
|
"camellia-256-cfb",
|
|
"camellia-256-cfb1",
|
|
"camellia-256-cfb8",
|
|
"camellia-256-ctr",
|
|
"camellia-256-ecb",
|
|
"camellia-256-ofb",
|
|
"cast",
|
|
"cast5-cbc",
|
|
"cast5-cfb",
|
|
"cast5-ecb",
|
|
"cast5-ofb",
|
|
"cast-cbc",
|
|
"des",
|
|
"des3",
|
|
"des-cbc",
|
|
"des-cfb",
|
|
"des-ecb",
|
|
"des-ede",
|
|
"des-ede3",
|
|
"des-ede3-cbc",
|
|
"des-ede3-cfb",
|
|
"des-ede3-ofb",
|
|
"des-ede-cbc",
|
|
"des-ede-cfb",
|
|
"des-ede-ofb",
|
|
"des-ofb",
|
|
"desx",
|
|
"gost89",
|
|
"gost89-cnt",
|
|
"idea",
|
|
"idea-cbc",
|
|
"idea-cfb",
|
|
"idea-ecb",
|
|
"idea-ofb",
|
|
"rc2",
|
|
"rc2-40-cbc",
|
|
"rc2-64-cbc",
|
|
"rc2-cbc",
|
|
"rc2-cfb",
|
|
"rc2-ecb",
|
|
"rc2-ofb",
|
|
"rc4",
|
|
"rc4-40",
|
|
"rc4-64",
|
|
"rc5",
|
|
"rc5-cbc",
|
|
"rc5-cfb",
|
|
"rc5-ecb",
|
|
"rc5-ofb",
|
|
"seed",
|
|
"seed-cbc",
|
|
"seed-cfb",
|
|
"seed-ecb",
|
|
"seed-ofb",
|
|
"sm4",
|
|
"sm4-cbc",
|
|
"sm4-cfb",
|
|
"sm4-ctr",
|
|
"sm4-ecb",
|
|
"sm4-ofb"
|
|
],
|
|
"misp-attribute": "text"
|
|
},
|
|
"regexp": {
|
|
"description": "Regular expression to perfom the anonymisation (reversible or not)",
|
|
"ui-priority": 10,
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text"
|
|
},
|
|
"description": {
|
|
"description": "Description of the anonymisation technique or tool used",
|
|
"ui-priority": 1,
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text"
|
|
},
|
|
"level-of-knowledge": {
|
|
"description": "Level of knowledge of the organisation who created this object",
|
|
"ui-priority": 10,
|
|
"values_list": [
|
|
"Only the anonymised data is known",
|
|
"Deanonymised data is known"
|
|
],
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text"
|
|
}
|
|
},
|
|
"version": 2,
|
|
"description": "Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
|
|
"meta-category": "misc",
|
|
"uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
|
|
"name": "anonymisation"
|
|
}
|