JQ all the things

2017-02-12 21:02:02 +01:00 · 2017-02-12 21:02:02 +01:00 · d422560a4e
parent cdef6f192e
commit d422560a4e
12 changed files with 481 additions and 73461 deletions
--- a/jq_all_the_things.sh
+++ b/jq_all_the_things.sh
@ -7,3 +7,4 @@ for dir in lists/*/list.json
 do
    cat ${dir} | jq . | tee ${dir}
 done
+cat schema.json | jq . | tee schema.json
--- a/lists/eicar.com/list.json
+++ b/lists/eicar.com/list.json
@ -2,7 +2,7 @@
  "name": "List of hashes for EICAR test virus",
  "version": 1,
  "description": "Event contains one or more entries based on hashes for EICAR test virus",
-  "matching_attributes": [ ],
+  "matching_attributes": [],
  "list": [
    "44d88612fea8a8f36de82e1278abb02f",
    "6ce6f415d8475545be5ba114f208b0ff",
--- a/lists/empty-hashes/list.json
+++ b/lists/empty-hashes/list.json
@ -2,7 +2,7 @@
  "name": "List of known hashes for empty files",
  "version": 1,
  "description": "Event contains one or more entries of empty files based on known hashed",
-  "matching_attributes": [ ],
+  "matching_attributes": [],
  "list": [
    "d41d8cd98f00b204e9800998ecf8427e",
    "da39a3ee5e6b4b0d3255bfef95601890afd80709",
@ -11,4 +11,3 @@
    "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
  ]
 }
-
--- a/lists/google/list.json
+++ b/lists/google/list.json
@ -1,395 +0,0 @@
-{
-  "name": "List of known google domains",
-  "version": 2,
-  "description": "Event contains one or more entries of known google domains",
-  "matching_attributes": [ "domain", "hostname", "domain|ip" ],
-  "list": [
-        ".google.com",
-        ".google.ad",
-        ".google.ae",
-        ".google.com.af",
-        ".google.com.ag",
-        ".google.com.ai",
-        ".google.al",
-        ".google.am",
-        ".google.co.ao",
-        ".google.com.ar",
-        ".google.as",
-        ".google.at",
-        ".google.com.au",
-        ".google.az",
-        ".google.ba",
-        ".google.com.bd",
-        ".google.be",
-        ".google.bf",
-        ".google.bg",
-        ".google.com.bh",
-        ".google.bi",
-        ".google.bj",
-        ".google.com.bn",
-        ".google.com.bo",
-        ".google.com.br",
-        ".google.bs",
-        ".google.bt",
-        ".google.co.bw",
-        ".google.by",
-        ".google.com.bz",
-        ".google.ca",
-        ".google.cd",
-        ".google.cf",
-        ".google.cg",
-        ".google.ch",
-        ".google.ci",
-        ".google.co.ck",
-        ".google.cl",
-        ".google.cm",
-        ".google.cn",
-        ".google.com.co",
-        ".google.co.cr",
-        ".google.com.cu",
-        ".google.cv",
-        ".google.com.cy",
-        ".google.cz",
-        ".google.de",
-        ".google.dj",
-        ".google.dk",
-        ".google.dm",
-        ".google.com.do",
-        ".google.dz",
-        ".google.com.ec",
-        ".google.ee",
-        ".google.com.eg",
-        ".google.es",
-        ".google.com.et",
-        ".google.fi",
-        ".google.com.fj",
-        ".google.fm",
-        ".google.fr",
-        ".google.ga",
-        ".google.ge",
-        ".google.gg",
-        ".google.com.gh",
-        ".google.com.gi",
-        ".google.gl",
-        ".google.gm",
-        ".google.gp",
-        ".google.gr",
-        ".google.com.gt",
-        ".google.gy",
-        ".google.com.hk",
-        ".google.hn",
-        ".google.hr",
-        ".google.ht",
-        ".google.hu",
-        ".google.co.id",
-        ".google.ie",
-        ".google.co.il",
-        ".google.im",
-        ".google.co.in",
-        ".google.iq",
-        ".google.is",
-        ".google.it",
-        ".google.je",
-        ".google.com.jm",
-        ".google.jo",
-        ".google.co.jp",
-        ".google.co.ke",
-        ".google.com.kh",
-        ".google.ki",
-        ".google.kg",
-        ".google.co.kr",
-        ".google.com.kw",
-        ".google.kz",
-        ".google.la",
-        ".google.com.lb",
-        ".google.li",
-        ".google.lk",
-        ".google.co.ls",
-        ".google.lt",
-        ".google.lu",
-        ".google.lv",
-        ".google.com.ly",
-        ".google.co.ma",
-        ".google.md",
-        ".google.me",
-        ".google.mg",
-        ".google.mk",
-        ".google.ml",
-        ".google.com.mm",
-        ".google.mn",
-        ".google.ms",
-        ".google.com.mt",
-        ".google.mu",
-        ".google.mv",
-        ".google.mw",
-        ".google.com.mx",
-        ".google.com.my",
-        ".google.co.mz",
-        ".google.com.na",
-        ".google.com.nf",
-        ".google.com.ng",
-        ".google.com.ni",
-        ".google.ne",
-        ".google.nl",
-        ".google.no",
-        ".google.com.np",
-        ".google.nr",
-        ".google.nu",
-        ".google.co.nz",
-        ".google.com.om",
-        ".google.com.pa",
-        ".google.com.pe",
-        ".google.com.pg",
-        ".google.com.ph",
-        ".google.com.pk",
-        ".google.pl",
-        ".google.pn",
-        ".google.com.pr",
-        ".google.ps",
-        ".google.pt",
-        ".google.com.py",
-        ".google.com.qa",
-        ".google.ro",
-        ".google.ru",
-        ".google.rw",
-        ".google.com.sa",
-        ".google.com.sb",
-        ".google.sc",
-        ".google.se",
-        ".google.com.sg",
-        ".google.sh",
-        ".google.si",
-        ".google.sk",
-        ".google.com.sl",
-        ".google.sn",
-        ".google.so",
-        ".google.sm",
-        ".google.sr",
-        ".google.st",
-        ".google.com.sv",
-        ".google.td",
-        ".google.tg",
-        ".google.co.th",
-        ".google.com.tj",
-        ".google.tk",
-        ".google.tl",
-        ".google.tm",
-        ".google.tn",
-        ".google.to",
-        ".google.com.tr",
-        ".google.tt",
-        ".google.com.tw",
-        ".google.co.tz",
-        ".google.com.ua",
-        ".google.co.ug",
-        ".google.co.uk",
-        ".google.com.uy",
-        ".google.co.uz",
-        ".google.com.vc",
-        ".google.co.ve",
-        ".google.vg",
-        ".google.co.vi",
-        ".google.com.vn",
-        ".google.vu",
-        ".google.ws",
-        ".google.rs",
-        ".google.co.za",
-        ".google.co.zm",
-        ".google.co.zw",
-        ".google.cat",
-        "www.google.com",
-        "www.google.ad",
-        "www.google.ae",
-        "www.google.com.af",
-        "www.google.com.ag",
-        "www.google.com.ai",
-        "www.google.al",
-        "www.google.am",
-        "www.google.co.ao",
-        "www.google.com.ar",
-        "www.google.as",
-        "www.google.at",
-        "www.google.com.au",
-        "www.google.az",
-        "www.google.ba",
-        "www.google.com.bd",
-        "www.google.be",
-        "www.google.bf",
-        "www.google.bg",
-        "www.google.com.bh",
-        "www.google.bi",
-        "www.google.bj",
-        "www.google.com.bn",
-        "www.google.com.bo",
-        "www.google.com.br",
-        "www.google.bs",
-        "www.google.bt",
-        "www.google.co.bw",
-        "www.google.by",
-        "www.google.com.bz",
-        "www.google.ca",
-        "www.google.cd",
-        "www.google.cf",
-        "www.google.cg",
-        "www.google.ch",
-        "www.google.ci",
-        "www.google.co.ck",
-        "www.google.cl",
-        "www.google.cm",
-        "www.google.cn",
-        "www.google.com.co",
-        "www.google.co.cr",
-        "www.google.com.cu",
-        "www.google.cv",
-        "www.google.com.cy",
-        "www.google.cz",
-        "www.google.de",
-        "www.google.dj",
-        "www.google.dk",
-        "www.google.dm",
-        "www.google.com.do",
-        "www.google.dz",
-        "www.google.com.ec",
-        "www.google.ee",
-        "www.google.com.eg",
-        "www.google.es",
-        "www.google.com.et",
-        "www.google.fi",
-        "www.google.com.fj",
-        "www.google.fm",
-        "www.google.fr",
-        "www.google.ga",
-        "www.google.ge",
-        "www.google.gg",
-        "www.google.com.gh",
-        "www.google.com.gi",
-        "www.google.gl",
-        "www.google.gm",
-        "www.google.gp",
-        "www.google.gr",
-        "www.google.com.gt",
-        "www.google.gy",
-        "www.google.com.hk",
-        "www.google.hn",
-        "www.google.hr",
-        "www.google.ht",
-        "www.google.hu",
-        "www.google.co.id",
-        "www.google.ie",
-        "www.google.co.il",
-        "www.google.im",
-        "www.google.co.in",
-        "www.google.iq",
-        "www.google.is",
-        "www.google.it",
-        "www.google.je",
-        "www.google.com.jm",
-        "www.google.jo",
-        "www.google.co.jp",
-        "www.google.co.ke",
-        "www.google.com.kh",
-        "www.google.ki",
-        "www.google.kg",
-        "www.google.co.kr",
-        "www.google.com.kw",
-        "www.google.kz",
-        "www.google.la",
-        "www.google.com.lb",
-        "www.google.li",
-        "www.google.lk",
-        "www.google.co.ls",
-        "www.google.lt",
-        "www.google.lu",
-        "www.google.lv",
-        "www.google.com.ly",
-        "www.google.co.ma",
-        "www.google.md",
-        "www.google.me",
-        "www.google.mg",
-        "www.google.mk",
-        "www.google.ml",
-        "www.google.com.mm",
-        "www.google.mn",
-        "www.google.ms",
-        "www.google.com.mt",
-        "www.google.mu",
-        "www.google.mv",
-        "www.google.mw",
-        "www.google.com.mx",
-        "www.google.com.my",
-        "www.google.co.mz",
-        "www.google.com.na",
-        "www.google.com.nf",
-        "www.google.com.ng",
-        "www.google.com.ni",
-        "www.google.ne",
-        "www.google.nl",
-        "www.google.no",
-        "www.google.com.np",
-        "www.google.nr",
-        "www.google.nu",
-        "www.google.co.nz",
-        "www.google.com.om",
-        "www.google.com.pa",
-        "www.google.com.pe",
-        "www.google.com.pg",
-        "www.google.com.ph",
-        "www.google.com.pk",
-        "www.google.pl",
-        "www.google.pn",
-        "www.google.com.pr",
-        "www.google.ps",
-        "www.google.pt",
-        "www.google.com.py",
-        "www.google.com.qa",
-        "www.google.ro",
-        "www.google.ru",
-        "www.google.rw",
-        "www.google.com.sa",
-        "www.google.com.sb",
-        "www.google.sc",
-        "www.google.se",
-        "www.google.com.sg",
-        "www.google.sh",
-        "www.google.si",
-        "www.google.sk",
-        "www.google.com.sl",
-        "www.google.sn",
-        "www.google.so",
-        "www.google.sm",
-        "www.google.sr",
-        "www.google.st",
-        "www.google.com.sv",
-        "www.google.td",
-        "www.google.tg",
-        "www.google.co.th",
-        "www.google.com.tj",
-        "www.google.tk",
-        "www.google.tl",
-        "www.google.tm",
-        "www.google.tn",
-        "www.google.to",
-        "www.google.com.tr",
-        "www.google.tt",
-        "www.google.com.tw",
-        "www.google.co.tz",
-        "www.google.com.ua",
-        "www.google.co.ug",
-        "www.google.co.uk",
-        "www.google.com.uy",
-        "www.google.co.uz",
-        "www.google.com.vc",
-        "www.google.co.ve",
-        "www.google.vg",
-        "www.google.co.vi",
-        "www.google.com.vn",
-        "www.google.vu",
-        "www.google.ws",
-        "www.google.rs",
-        "www.google.co.za",
-        "www.google.co.zm",
-        "www.google.co.zw",
-        "www.google.cat"
-  ]
-}
-
--- a/lists/ipv6-linklocal/list.json
+++ b/lists/ipv6-linklocal/list.json
@ -1,16 +0,0 @@
-{
-  "list": [
-    "FE80::/10"
-  ],
-  "type": [
-    "cidr"
-  ],
-  "matching_attributes": [
-    "ip-src",
-    "ip-dst",
-    "domain|ip"
-  ],
-  "description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
-  "version": 1,
-  "name": "List of IPv6 link local blocks"
-}
--- a/lists/microsoft/list.json
+++ b/lists/microsoft/list.json
@ -2,7 +2,11 @@
  "name": "List of known microsoft domains",
  "version": 1,
  "description": "Event contains one or more entries of known microsoft domains",
-  "matching_attributes": [ "domain", "hostname", "domain|ip" ],
+  "matching_attributes": [
+    "domain",
+    "hostname",
+    "domain|ip"
+  ],
  "list": [
    ".files-df.1drv.com",
    ".files.1drv.com",
@ -158,4 +162,3 @@
    ".zune.net"
  ]
 }
-
--- a/lists/multicast/list.json
+++ b/lists/multicast/list.json
@ -1,31 +0,0 @@
-{
-  "list": [
-    "224.0.0.0/8",
-    "225.0.0.0/8",
-    "226.0.0.0/8",
-    "227.0.0.0/8",
-    "228.0.0.0/8",
-    "229.0.0.0/8",
-    "230.0.0.0/8",
-    "231.0.0.0/8",
-    "232.0.0.0/8",
-    "233.0.0.0/8",
-    "234.0.0.0/8",
-    "235.0.0.0/8",
-    "236.0.0.0/8",
-    "237.0.0.0/8",
-    "238.0.0.0/8",
-    "239.0.0.0/8"
-  ],
-  "type": [
-    "cidr"
-  ],
-  "matching_attributes": [
-    "ip-src",
-    "ip-dst",
-    "domain|ip"
-  ],
-  "description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
-  "version": 2,
-  "name": "List of RFC 5771 multicast CIDR blocks"
-}
--- a/lists/public-dns-v4/list.json
+++ b/lists/public-dns-v4/list.json
--- a/lists/second-level-tlds/list.json
+++ b/lists/second-level-tlds/list.json
--- a/lists/url-shortener/list.json
+++ b/lists/url-shortener/list.json
@ -1,73 +0,0 @@
-{
-  "name": "List of known URL Shorteners domains",
-  "version": 2,
-  "description": "Event contains one or more entries of known Shorteners domains",
-  "matching_attributes": [ "domain", "hostname", "domain|ip", "url", "uri" ],
-  "list": [
-        "1url.com",
-        "adcraft.co",
-        "adcrun.ch",
-        "adflav.com",
-        "adf.ly",
-        "aka.gr",
-        "bc.vc",
-        "bee4.biz",
-        "bit.do",
-        "bit.ly",
-        "bitly.com",
-        "buff.ly",
-        "buzurl.com",
-        "cektkp.com",
-        "cur.lv",
-        "cutt.us",
-        "db.tt",
-        "dft.ba",
-        "filoops.info",
-        "fun.ly",
-        "fzy.co",
-        "gog.li",
-        "golinks.co",
-        "goo.gl",
-        "hit.my",
-        "id.tl",
-        "is.gd",
-        "ity.im",
-        "j.mp",
-        "linkto.im",
-        "link.zip.net",
-        "lnk.co",
-        "lnkd.in",
-        "mcaf.ee",
-        "nov.io",
-        "ow.ly",
-        "p6l.org",
-        "picz.us",
-        "po.st",
-        "prettylinkpro.com",
-        "q.gs",
-        "qr.ae",
-        "qr.net",
-        "scrnch.me",
-        "shortquik.com",
-        "sk.gy",
-        "su.pr",
-        "t.co",
-        "tinyarrows.com",
-        "tinyurl.com",
-        "tota2.com",
-        "tr.im",
-        "tweez.me",
-        "twitthis.com",
-        "u.bb",
-        "u.to",
-        "v.gd",
-        "vzturl.com",
-        "x.co",
-        "xlinkz.info",
-        "xtu.me",
-        "yourls.org",
-        "yu2.it",
-        "zpag.es"
-  ]
-}
-
--- a/lists/whats-my-ip/list.json
+++ b/lists/whats-my-ip/list.json
@ -2,7 +2,13 @@
  "name": "List of known domains to know external IP",
  "version": 2,
  "description": "Event contains one or more entries of known 'what's is my ip' domains",
-  "matching_attributes": [ "domain", "hostname", "domain|ip", "uri", "url" ],
+  "matching_attributes": [
+    "domain",
+    "hostname",
+    "domain|ip",
+    "uri",
+    "url"
+  ],
  "list": [
    "api.ipify.org",
    "checkip.dyndns.com",
@ -37,4 +43,3 @@
    "xmyip.com"
  ]
 }
-