misp-objects/objects/elf/definition.json

{
  "requiredOneOf": [
    "text",
    "original-filename",
    "internal-filename"
  ],
  "attributes": {
    "e_machine": {
      "sane_default": [
        "No specific instruction set",
        "SPARC",
        "X86",
        "MISP",
        "PowerPC",
        "ARM",
        "SuperH",
        "IA-64",
        "x86-64",
        "AArch64",
        "RISC-V"
      ],
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "e_ident_abi": {
      "sane_default": [
        "System V",
        "HP_UX",
        "NetBSD",
        "Linux",
        "Solaris",
        "AIX",
        "IRIX",
        "FreeBSD",
        "True64",
        "Novell Modesto",
        "OpenBSD",
        "OpenVMS",
        "NonStop Kernel",
        "AROS",
        "Fenis OS",
        "CloudABI",
        "Sortix"
      ],
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "e_type": {
      "sane_default": [
        "relocatable",
        "executable",
        "shared",
        "core"
      ],
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "e_version": {
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "file-description": {
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "e_entry": {
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "original-filename": {
      "ui-priority": 1,
      "misp-attribute": "filename"
    },
    "text": {
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    }
  },
  "version": 1,
  "description": "Object describing a Executable and Linkable Format",
  "meta-category": "file",
  "uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
  "name": "elf"
}