Object definitions

Colander Events

Colander-specific MISP object definition for Event entities.

Source: colander_data_converter/converters/misp/definitions/colander-event/definition.json

{
  "attributes": {
    "name": {
      "description": "Name of the event",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1
    },
    "description": {
      "description": "Description of the event",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1
    },
    "event_type": {
      "description": "Type of the event",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "values_list": [
        "Alert",
        "Antivirus detection",
        "Attack",
        "Communication",
        "Compromise",
        "Generic",
        "Hit",
        "Infection",
        "Passive DNS",
        "Resolve",
        "Targeted attack"
      ]
    },
    "first_seen": {
      "description": "First time the event has been observed",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "last_seen": {
      "description": "Last time the event has been observed",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "count": {
      "description": "The number of times the event has been observed",
      "misp-attribute": "integer",
      "disable_correlation": true,
      "ui-priority": 0
    }
  },
  "description": "Event represents an occurrence or activity observed within a system, such as a detection, alert, or log entry.",
  "meta-category": "colander",
  "name": "colander-event",
  "required": [
    "name"
  ],
  "uuid": "31522ce3-9971-4bd8-aa35-7ac9bc9744fb",
  "version": 1
}

Colander Data Fragment

Colander-specific MISP object definition for DataFragment entities.

Source: colander_data_converter/converters/misp/definitions/colander-data-fragment/definition.json

{
  "attributes": {
    "name": {
      "description": "Name of the data fragment",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1
    },
    "description": {
      "description": "Description of the data fragment",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1
    },
    "content": {
      "description": "Content of the data fragment",
      "misp-attribute": "attachment",
      "disable_correlation": true,
      "ui-priority": 1
    },
    "fragment_type": {
      "description": "Type of the data fragment",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "values_list": [
        "Encoded payload",
        "Generic",
        "Matching pattern",
        "Piece of text",
        "Snippet of code"
      ]
    }
  },
  "description": "DataFragment represents a fragment of data, such as a code snippet, text, or other content.",
  "meta-category": "colander",
  "name": "colander-data-fragment",
  "required": [
    "name"
  ],
  "uuid": "439f9b58-144b-4019-bea4-eb23c7bbfd7f",
  "version": 1
}