MISP · adulau · Jul 19, 2023 · Jun 21, 2023 · Jun 21, 2023 · Jun 22, 2023
diff --git a/objects/availability-impact/definition.json b/objects/availability-impact/definition.json
@@ -0,0 +1,96 @@
+{
+  "attributes": {
+    "availability_impact": {
+      "description": "The availability impact.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Not Specified",
+        "None",
+        "Minimal",
+        "Significant",
+        "Denial",
+        "Loss of Control"
+      ],
+      "ui-priority": 0
+    },
+    "criticality": {
+      "description": "Criticality of the impact",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Not Specified",
+        "False Positive",
+        "Low",
+        "Moderate",
+        "High",
+        "Extreme"
+      ],
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Additional details about the impact.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "end_time": {
+      "description": "The date and time the impact was last recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "end_time_fidelity": {
+      "description": "Level of fidelity that the `end_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    },
+    "recoverability": {
+      "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "extended",
+        "not-applicable",
+        "not-recoverable",
+        "regular",
+        "supplemented"
+      ],
+      "ui-priority": 0
+    },
+    "start_time": {
+      "description": "The date and time the impact was first recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "start_time_fidelity": {
+      "description": "Level of fidelity that the `start_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    }
+  },
+  "description": "Availability Impact object as described in STIX 2.1 Incident object extension.",
+  "meta-category": "misc",
+  "name": "availability-impact",
+  "required": [
+    "availability_impact"
+  ],
+  "uuid": "19b4394a-46a9-4196-a30c-080eaed06273",
+  "version": 1
+}
diff --git a/objects/confidentiality-impact/definition.json b/objects/confidentiality-impact/definition.json
@@ -0,0 +1,125 @@
+{
+  "attributes": {
+    "criticality": {
+      "description": "Criticality of the impact",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "Not Specified",
+        "False Positive",
+        "Low",
+        "Moderate",
+        "High",
+        "Extreme"
+      ],
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Additional details about the impact.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "end_time": {
+      "description": "The date and time the impact was last recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "end_time_fidelity": {
+      "description": "Level of fidelity that the `end_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    },
+    "information_type": {
+      "description": "Type of information that had its confidentiality compromised.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "classified-material",
+        "communication",
+        "credentials-admin",
+        "credentials-user",
+        "financial",
+        "leval",
+        "payment",
+        "phi",
+        "pii",
+        "proprietary"
+      ],
+      "ui-priority": 0
+    },
+    "loss_type": {
+      "description": "The type of loss that occurred to the relevant information.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "confirmed-loss",
+        "contained",
+        "exploited-loss",
+        "none",
+        "suspected-loss"
+      ],
+      "ui-priority": 0
+    },
+    "record_count": {
+      "description": "The number of records of this type that were compromised.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "record_size": {
+      "description": "The amount of data that was compromised in bytes.",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 0
+    },
+    "recoverability": {
+      "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "extended",
+        "not-applicable",
+        "not-recoverable",
+        "regular",
+        "supplemented"
+      ],
+      "ui-priority": 0
+    },
+    "start_time": {
+      "description": "The date and time the impact was first recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "start_time_fidelity": {
+      "description": "Level of fidelity that the `start_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    }
+  },
+  "description": "Confidentiality Impact object as described in STIX 2.1 Incident object extension.",
+  "meta-category": "misc",
+  "name": "confidentiality-impact",
+  "required": [
+    "loss_type"
+  ],
+  "uuid": "b0027f13-56e4-4c85-9632-3cf81208429b",
+  "version": 1
+}
diff --git a/objects/event/definition.json b/objects/event/definition.json
@@ -0,0 +1,172 @@
+{
+  "attributes": {
+    "description": {
+      "description": "Description of the event.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "end_time": {
+      "description": "The date and time the event was last recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "end_time_fidelity": {
+      "description": "Level of fidelity that the `end_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    },
+    "event_type": {
+      "description": "Type of event.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "aggregation-information-phishing-schemes",
+        "benign",
+        "blocked",
+        "brute-force-attempt",
+        "c&c-server-hosting",
+        "compromised-system",
+        "confirmed",
+        "connection-malware-port",
+        "connection-malware-system",
+        "content-forbidden-by-law",
+        "control-system-bypass",
+        "copyrighted-content",
+        "data-exfiltration",
+        "deferred",
+        "deletion-information",
+        "denial-of-service",
+        "destruction",
+        "dictionary-attack-attempt",
+        "discarded",
+        "disruption-data-transmission",
+        "dissemination-malware-email",
+        "dissemination-phishing-emails",
+        "dns-cache-poisoning",
+        "dns-local-resolver-hijacking",
+        "dns-spoofing-registered",
+        "dns-rebinding",
+        "dns-server-compromise",
+        "dns-spoofing-unregistered",
+        "dns-stub-resolver-hijacking",
+        "dns-zone-transfer",
+        "domain-name-compromise",
+        "duplicate",
+        "email-flooding",
+        "equipment-loss",
+        "equipment-theft",
+        "exploit",
+        "exploit-attempt",
+        "exploit-framework-exhausting-resources",
+        "exploit-tool-exhausting-resources",
+        "failed",
+        "file-inclusion",
+        "file-inclusion-attempt",
+        "hosting-malware-webpage",
+        "hosting-phishing-sites",
+        "illegitimate-use-name",
+        "illegitimate-use-resources",
+        "infected-by-known-malware",
+        "insufficient-data",
+        "known-malware",
+        "lame-delegations",
+        "major",
+        "modification-information",
+        "misconfiguration",
+        "natural",
+        "network-scanning",
+        "no-apt",
+        "packet-flood",
+        "password-cracking-attempt",
+        "ransomware",
+        "refuted",
+        "scan-probe",
+        "silently-discarded",
+        "supply-chain-customer",
+        "supply-chain-vendor",
+        "spam",
+        "sql-injection",
+        "sql-injection-attempt",
+        "successful",
+        "system-probe",
+        "theft-access-credentials",
+        "unattributed",
+        "unauthorized-access-information",
+        "unauthorized-access-system",
+        "unauthorized-equipment",
+        "unauthorized-release",
+        "unauthorized-use",
+        "undetermined",
+        "unintentional",
+        "unknown-apt",
+        "unspecified",
+        "vandalism",
+        "wiretapping",
+        "worm-spreading",
+        "xss",
+        "xss-attempt"
+      ],
+      "ui-priority": 0
+    },
+    "goal": {
+      "description": "The assumed objective of the event.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "name": {
+      "description": "Name of the event.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "start_time": {
+      "description": "The date and time the event was first recorded.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "start_time_fidelity": {
+      "description": "Level of fidelity that the `start_time` is recorded in.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "day",
+        "hour",
+        "minute",
+        "month",
+        "second",
+        "year"
+      ],
+      "ui-priority": 0
+    },
+    "status": {
+      "description": "Current status of the event.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "not-occurred",
+        "ongoing",
+        "occurred",
+        "pending",
+        "undetermined"
+      ],
+      "ui-priority": 1
+    }
+  },
+  "description": "Event object as described in STIX 2.1 Incident object extension.",
+  "meta-category": "misc",
+  "name": "event",
+  "required": [
+    "status"
+  ],
+  "uuid": "3853b726-6a9c-43b3-8ffb-23839b07d5a9",
+  "version": 1
+}