Update schema, fix taxonomies accordingly.

2017-02-13 16:39:06 +01:00 · 2017-02-13 16:39:06 +01:00 · 1c6ece2ae6
parent fcde7e1af8
commit 1c6ece2ae6
3 changed files with 82 additions and 9 deletions
--- a/diamond-model/machinetag.json
+++ b/diamond-model/machinetag.json
@ -3,7 +3,7 @@
  "expanded": "Diamond Model for Intrusion Analysis",
  "description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
  "version": 1,
-  "ref": [
+  "refs": [
    "http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
  ],
  "predicates": [
--- a/malware_classification/machinetag.json
+++ b/malware_classification/machinetag.json
@ -1,7 +1,7 @@
 {
  "namespace": "malware_classification",
  "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848",
-  "version": 1,
+  "version": 2,
  "predicates": [
    {
      "value": "malware-category",
@ -89,10 +89,6 @@
          "value": "armouring",
          "expanded": "armouring"
        },
-        {
-          "value": "encryption",
-          "expanded": "encryption"
-        },
        {
          "value": "tunneling",
          "expanded": "tunneling"
--- a/schema.json
+++ b/schema.json
@ -2,11 +2,78 @@
  "$schema": "http://json-schema.org/schema#",
  "title": "Validator for misp-taxonomies",
  "id": "https://www.github.com/MISP/misp-taxonomies/schema.json",
+  "defs": {
+    "predicate": {
      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "value": {
+          "type": "string"
+        },
+        "colour": {
+          "type": "string"
+        },
+        "description": {
+          "type": "string"
+        },
+        "numerical_value": {
+          "type": "number"
+        },
+        "expanded": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "value"
+      ]
+    },
+    "entry": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "predicate": {
+          "type": "string"
+        },
+        "entry": {
+          "type": "array",
+          "uniqueItems": true,
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "value": {
+                "type": "string"
+              },
+              "description": {
+                "type": "string"
+              },
+              "expanded": {
+                "type": "string"
+              },
+              "numerical_value": {
+                "type": "number"
+              }
+            },
+            "required": [
+              "value"
+            ]
+          }
+        }
+      }
+    },
+    "required": [
+      "predicate"
+    ]
+  },
+  "type": "object",
+  "additionalProperties": false,
  "properties": {
    "namespace": {
      "type": "string"
    },
+    "expanded": {
+      "type": "string"
+    },
    "description": {
      "type": "string"
    },
@ -17,20 +84,30 @@
      "type": "array",
      "uniqueItems": true,
      "items": {
-        "type": "object"
+        "type": "object",
+        "$ref": "#/defs/predicate"
      }
    },
    "values": {
      "type": "array",
      "uniqueItems": true,
      "items": {
-        "type": "object"
+        "type": "object",
+        "$ref": "#/defs/entry"
+      }
+    },
+    "refs": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "string"
      }
    }
  },
  "required": [
    "namespace",
    "description",
-    "version"
+    "version",
+    "predicates"
  ]
 }