Add schema
parent
178faf2adc
commit
94290cfaa9
16
.travis.yml
16
.travis.yml
|
@ -7,26 +7,22 @@ sudo: required
|
||||||
dist: trusty
|
dist: trusty
|
||||||
|
|
||||||
python:
|
python:
|
||||||
- "2.7"
|
|
||||||
- "3.3"
|
|
||||||
- "3.4"
|
- "3.4"
|
||||||
- "3.5"
|
- "3.5"
|
||||||
- "3.5-dev"
|
- "3.5-dev"
|
||||||
|
- "3.6"
|
||||||
|
- "3.6-dev"
|
||||||
- "nightly"
|
- "nightly"
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- git clone https://github.com/stedolan/jq.git
|
- sudo apt-get update -qq
|
||||||
- pushd jq
|
- sudo apt-get install -y -qq jq moreutils
|
||||||
- autoreconf -i
|
- pip install jsonschema
|
||||||
- ./configure --disable-maintainer-mode
|
|
||||||
- make
|
|
||||||
- sudo make install
|
|
||||||
- popd
|
|
||||||
- git clone https://github.com/MISP/PyTaxonomies.git
|
- git clone https://github.com/MISP/PyTaxonomies.git
|
||||||
- pushd PyTaxonomies
|
- pushd PyTaxonomies
|
||||||
- pip install .
|
- pip install .
|
||||||
- popd
|
- popd
|
||||||
|
|
||||||
script:
|
script:
|
||||||
- cat */*.json | jq .
|
- ./validate_all.sh
|
||||||
- pytaxonomies -l MANIFEST.json -a
|
- pytaxonomies -l MANIFEST.json -a
|
||||||
|
|
|
@ -24,6 +24,5 @@
|
||||||
"expanded": "(PAP:WHITE) No restrictions in using this information.",
|
"expanded": "(PAP:WHITE) No restrictions in using this information.",
|
||||||
"colour": "#ffffff"
|
"colour": "#ffffff"
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"values": null
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,5 @@
|
||||||
"value": "Victim",
|
"value": "Victim",
|
||||||
"expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.."
|
"expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.."
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"values": null
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,5 @@
|
||||||
"expanded": "RESTREINT UE/EU RESTRICTED",
|
"expanded": "RESTREINT UE/EU RESTRICTED",
|
||||||
"description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States."
|
"description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States."
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"values": null
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -234,6 +234,5 @@
|
||||||
"expanded": "Undetermined",
|
"expanded": "Undetermined",
|
||||||
"description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning."
|
"description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning."
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"values": null
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"namespace": "information-security-indicators",
|
"namespace": "information-security-indicators",
|
||||||
"description": "A full set of operational indicators for organizations to use to benchmark their security posture.",
|
"description": "A full set of operational indicators for organizations to use to benchmark their security posture.",
|
||||||
"version": "1",
|
"version": 1,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "IEX",
|
"value": "IEX",
|
||||||
|
@ -582,4 +582,4 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -x
|
||||||
|
|
||||||
|
# Seeds sponge, from moreutils
|
||||||
|
|
||||||
|
for dir in ./*/list.json
|
||||||
|
do
|
||||||
|
cat ${dir} | jq . | sponge ${dir}
|
||||||
|
done
|
||||||
|
|
||||||
|
cat schema.json | jq . | sponge schema.json
|
||||||
|
cat MANIFEST.json | jq . | sponge MANIFEST.json
|
|
@ -32,6 +32,5 @@
|
||||||
"value": "Actions on Objectives",
|
"value": "Actions on Objectives",
|
||||||
"expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network."
|
"expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network."
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"values": null
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"namespace": "rt_event_status",
|
"namespace": "rt_event_status",
|
||||||
"description": "Status of events used in Request Tracker.",
|
"description": "Status of events used in Request Tracker.",
|
||||||
"version": "1.0",
|
"version": 1,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "event-status",
|
"value": "event-status",
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
{
|
||||||
|
"$schema": "http://json-schema.org/schema#",
|
||||||
|
"title": "Validator for misp-taxonomies",
|
||||||
|
"id": "https://www.github.com/MISP/misp-taxonomies/schema.json",
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"namespace": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"description": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"version": {
|
||||||
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"predicates": {
|
||||||
|
"type": "array",
|
||||||
|
"uniqueItems": true,
|
||||||
|
"items": {
|
||||||
|
"type": "object"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"values": {
|
||||||
|
"type": "array",
|
||||||
|
"uniqueItems": true,
|
||||||
|
"items": {
|
||||||
|
"type": "object"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"namespace",
|
||||||
|
"description",
|
||||||
|
"version"
|
||||||
|
]
|
||||||
|
}
|
|
@ -1,5 +1,4 @@
|
||||||
{
|
{
|
||||||
"values": null,
|
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"colour": "#CC0033",
|
"colour": "#CC0033",
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -x
|
||||||
|
|
||||||
|
./jq_all_the_things.sh
|
||||||
|
|
||||||
|
diffs=`git status --porcelain | wc -l`
|
||||||
|
|
||||||
|
if ! [ $diffs -eq 1 ]; then
|
||||||
|
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
for dir in */machinetag.json
|
||||||
|
do
|
||||||
|
echo -n "${dir}: "
|
||||||
|
jsonschema -i ${dir} schema.json
|
||||||
|
echo ''
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue