Add schema

pull/60/head
Raphaël Vinot 2017-02-13 12:01:05 +01:00
parent 178faf2adc
commit 94290cfaa9
12 changed files with 85 additions and 24 deletions

View File

@ -7,26 +7,22 @@ sudo: required
dist: trusty dist: trusty
python: python:
- "2.7"
- "3.3"
- "3.4" - "3.4"
- "3.5" - "3.5"
- "3.5-dev" - "3.5-dev"
- "3.6"
- "3.6-dev"
- "nightly" - "nightly"
install: install:
- git clone https://github.com/stedolan/jq.git - sudo apt-get update -qq
- pushd jq - sudo apt-get install -y -qq jq moreutils
- autoreconf -i - pip install jsonschema
- ./configure --disable-maintainer-mode
- make
- sudo make install
- popd
- git clone https://github.com/MISP/PyTaxonomies.git - git clone https://github.com/MISP/PyTaxonomies.git
- pushd PyTaxonomies - pushd PyTaxonomies
- pip install . - pip install .
- popd - popd
script: script:
- cat */*.json | jq . - ./validate_all.sh
- pytaxonomies -l MANIFEST.json -a - pytaxonomies -l MANIFEST.json -a

View File

@ -24,6 +24,5 @@
"expanded": "(PAP:WHITE) No restrictions in using this information.", "expanded": "(PAP:WHITE) No restrictions in using this information.",
"colour": "#ffffff" "colour": "#ffffff"
} }
], ]
"values": null
} }

View File

@ -21,6 +21,5 @@
"value": "Victim", "value": "Victim",
"expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.." "expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.."
} }
], ]
"values": null
} }

View File

@ -23,6 +23,5 @@
"expanded": "RESTREINT UE/EU RESTRICTED", "expanded": "RESTREINT UE/EU RESTRICTED",
"description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States." "description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States."
} }
], ]
"values": null
} }

View File

@ -234,6 +234,5 @@
"expanded": "Undetermined", "expanded": "Undetermined",
"description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning." "description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning."
} }
], ]
"values": null
} }

View File

@ -1,7 +1,7 @@
{ {
"namespace": "information-security-indicators", "namespace": "information-security-indicators",
"description": "A full set of operational indicators for organizations to use to benchmark their security posture.", "description": "A full set of operational indicators for organizations to use to benchmark their security posture.",
"version": "1", "version": 1,
"predicates": [ "predicates": [
{ {
"value": "IEX", "value": "IEX",
@ -582,4 +582,4 @@
] ]
} }
] ]
} }

14
jq_all_the_things.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
set -e
set -x
# Seeds sponge, from moreutils
for dir in ./*/list.json
do
cat ${dir} | jq . | sponge ${dir}
done
cat schema.json | jq . | sponge schema.json
cat MANIFEST.json | jq . | sponge MANIFEST.json

View File

@ -32,6 +32,5 @@
"value": "Actions on Objectives", "value": "Actions on Objectives",
"expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network." "expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network."
} }
], ]
"values": null
} }

View File

@ -1,7 +1,7 @@
{ {
"namespace": "rt_event_status", "namespace": "rt_event_status",
"description": "Status of events used in Request Tracker.", "description": "Status of events used in Request Tracker.",
"version": "1.0", "version": 1,
"predicates": [ "predicates": [
{ {
"value": "event-status", "value": "event-status",

36
schema.json Normal file
View File

@ -0,0 +1,36 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-taxonomies",
"id": "https://www.github.com/MISP/misp-taxonomies/schema.json",
"type": "object",
"properties": {
"namespace": {
"type": "string"
},
"description": {
"type": "string"
},
"version": {
"type": "integer"
},
"predicates": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "object"
}
},
"values": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "object"
}
}
},
"required": [
"namespace",
"description",
"version"
]
}

View File

@ -1,5 +1,4 @@
{ {
"values": null,
"predicates": [ "predicates": [
{ {
"colour": "#CC0033", "colour": "#CC0033",

21
validate_all.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
set -x
./jq_all_the_things.sh
diffs=`git status --porcelain | wc -l`
if ! [ $diffs -eq 1 ]; then
echo "Please make sure you run ./jq_all_the_things.sh before commiting."
exit 1
fi
for dir in */machinetag.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema.json
echo ''
done