misp-objects/objects/regripper-system-hive-service-drivers/definition.json

{
  "required": [
    "name"
  ],
  "attributes": {
    "name": {
      "description": "name of the key",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "last-write-time": {
      "description": "Date and time when the key was last updated.",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "display": {
      "description": "Display name/information of the service or the driver.",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "image-path": {
      "description": "Path of the service/drive",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "type": {
      "description": "Service/driver type.",
      "ui-priority": 0,
      "sane_default": [
        "Kernel driver",
        "File system driver",
        "Own process",
        "Share process",
        "Interactive",
        "Other"
      ],
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "start": {
      "description": "When the service/driver starts or executes.",
      "ui-priority": 0,
      "sane_default": [
        "Boot start",
        "System start",
        "Auto start",
        "Manual",
        "Disabled"
      ],
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "group": {
      "description": "Group to which the system/driver belong to.",
      "ui-priority": 0,
      "sane_default": [
        "Base",
        "Boot Bus Extender",
        "Boot File System",
        "Cryptography",
        "Extended base",
        "Event Log",
        "Filter",
        "FSFilter Bottom",
        "FSFilter Infrastructure",
        "File System",
        "FSFilter Virtualization",
        "Keyboard Port",
        "Network",
        "NDIS",
        "Parallel arbitrator",
        "Pointer Port",
        "PnP Filter",
        "ProfSvc_Group",
        "PNP_TDI",
        "SCSI Miniport",
        "SCSI CDROM Class",
        "System Bus Extender",
        "Video Save",
        "other"
      ],
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "comment": {
      "description": "Additional comments.",
      "ui-priority": 0,
      "misp-attribute": "text",
      "disable_correlation": true
    }
  },
  "version": 2,
  "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.",
  "meta-category": "misc",
  "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73",
  "name": "regripper-system-hive-services-drivers"
}