forked from MISP/misp-objects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefinition.json
142 lines (142 loc) · 3.83 KB
/
definition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
{
"attributes": {
"args": {
"description": "Arguments of the process",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"child-pid": {
"description": "Process ID of the child(ren) process",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"command-line": {
"description": "Command line of the process",
"misp-attribute": "text",
"ui-priority": 1
},
"creation-time": {
"description": "Local date/time at which the process was created",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"current-directory": {
"description": "Current working directory of the process",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 2
},
"guid": {
"description": "The globally unique identifier of the assigned by the vendor product",
"misp-attribute": "text",
"ui-priority": 1
},
"hidden": {
"description": "Specifies whether the process is hidden",
"disable_correlation": true,
"misp-attribute": "boolean",
"ui-priority": 1
},
"image": {
"description": "Path of process image",
"misp-attribute": "filename",
"ui-priority": 1
},
"integrity-level": {
"description": "Integrity level of the process",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"system",
"high",
"medium",
"low",
"untrusted"
],
"ui-priority": 2
},
"name": {
"description": "Name of the process",
"misp-attribute": "text",
"ui-priority": 1
},
"parent-command-line": {
"description": "Command line of the parent process",
"misp-attribute": "text",
"ui-priority": 1
},
"parent-guid": {
"description": "The globally unique idenifier of the parent process assigned by the vendor product",
"misp-attribute": "text",
"ui-priority": 1
},
"parent-image": {
"description": "Path of parent process image",
"misp-attribute": "filename",
"ui-priority": 1
},
"parent-pid": {
"description": "Process ID of the parent process",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"parent-process-name": {
"description": "Process name of the parent",
"misp-attribute": "text",
"ui-priority": 1
},
"parent-process-path": {
"description": "Parent process path of the parent",
"misp-attribute": "text",
"ui-priority": 1
},
"pgid": {
"description": "Identifier of the group of processes the process belong to",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"pid": {
"description": "Process ID of the process",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"port": {
"description": "Port(s) owned by the process",
"disable_correlation": true,
"misp-attribute": "port",
"multiple": true,
"ui-priority": 1
},
"start-time": {
"description": "Local date/time at which the process was started",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"user": {
"description": "User context of the process",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 2
}
},
"description": "Object describing a system process.",
"meta-category": "misc",
"name": "process",
"requiredOneOf": [
"name",
"pid",
"image",
"command-line",
"current-directory"
],
"uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"version": 7
}