From 1c6ece2ae6681e6ef70f9de6d7c3a3630c4f5a59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 13 Feb 2017 16:39:06 +0100 Subject: [PATCH] Update schema, fix taxonomies accordingly. --- diamond-model/machinetag.json | 2 +- malware_classification/machinetag.json | 6 +- schema.json | 83 +++++++++++++++++++++++++- 3 files changed, 82 insertions(+), 9 deletions(-) diff --git a/diamond-model/machinetag.json b/diamond-model/machinetag.json index f8e8947..de0e9ee 100644 --- a/diamond-model/machinetag.json +++ b/diamond-model/machinetag.json @@ -3,7 +3,7 @@ "expanded": "Diamond Model for Intrusion Analysis", "description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.", "version": 1, - "ref": [ + "refs": [ "http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf" ], "predicates": [ diff --git a/malware_classification/machinetag.json b/malware_classification/machinetag.json index edaf09e..64919d1 100644 --- a/malware_classification/machinetag.json +++ b/malware_classification/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "malware_classification", "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848", - "version": 1, + "version": 2, "predicates": [ { "value": "malware-category", @@ -89,10 +89,6 @@ "value": "armouring", "expanded": "armouring" }, - { - "value": "encryption", - "expanded": "encryption" - }, { "value": "tunneling", "expanded": "tunneling" diff --git a/schema.json b/schema.json index 61630b8..7780811 100644 --- a/schema.json +++ b/schema.json @@ -2,11 +2,78 @@ "$schema": "http://json-schema.org/schema#", "title": "Validator for misp-taxonomies", "id": "https://www.github.com/MISP/misp-taxonomies/schema.json", + "defs": { + "predicate": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "string" + }, + "colour": { + "type": "string" + }, + "description": { + "type": "string" + }, + "numerical_value": { + "type": "number" + }, + "expanded": { + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "entry": { + "type": "object", + "additionalProperties": false, + "properties": { + "predicate": { + "type": "string" + }, + "entry": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "string" + }, + "description": { + "type": "string" + }, + "expanded": { + "type": "string" + }, + "numerical_value": { + "type": "number" + } + }, + "required": [ + "value" + ] + } + } + } + }, + "required": [ + "predicate" + ] + }, "type": "object", + "additionalProperties": false, "properties": { "namespace": { "type": "string" }, + "expanded": { + "type": "string" + }, "description": { "type": "string" }, @@ -17,20 +84,30 @@ "type": "array", "uniqueItems": true, "items": { - "type": "object" + "type": "object", + "$ref": "#/defs/predicate" } }, "values": { "type": "array", "uniqueItems": true, "items": { - "type": "object" + "type": "object", + "$ref": "#/defs/entry" + } + }, + "refs": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" } } }, "required": [ "namespace", "description", - "version" + "version", + "predicates" ] }