Skip to content

Added First Pass At Phase Definitions #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AdamTheAnalyst wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added First Pass At Phase Definitions #5

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b96f832
Added First Pass At Phase Definitions
Jul 31, 2019
9f9ed81
Fixing phase bugs
Jul 31, 2019
8f2fc27
Added Tweaks - Dont merge this
Aug 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 136 additions & 0 deletions git4intel/schemas/phase.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
{
"title": "phase",
"description": "Mission Control specific structure for security incidents, consisting of multiple phases.",
"type": "array",
"contains": [
{
"title": "grouping--phase",
"description": "Meta-object that represents a single incident phase",
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "grouping"
},
"context": {
"type": "string",
"const": "phase"
},
"created_by_ref": {
"type": "string",
"pattern": "^identity--"
}
}
},
{
"title": "indicator--phase",
"description": "Indicator that points to the observed data of the event",
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "indicator"
}
}
},
{
"title": "attack-pattern--micro",
"description": "Micro Attack Pattern that ties indicator to its ",
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "attack-pattern"
}
}
},
{
"title": "relationship--micro-to-macro",
"description": "Relationship linking micro attack pattern and macro library attack pattern (Mitre Att&ck).",
"type": "object",
"properties": {
"relationship_type": {
"type": "string",
"description": "Derived From.",
"const": "derived-from"
},
"source_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
},
"target_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
}
}
},
{
"title": "relationship--indicator-to-micro",
"description": "Relationship linking indicator to micro attack pattern.",
"type": "object",
"properties": {
"relationship_type": {
"type": "string",
"description": "Derived From.",
"const": "indicates"
},
"source_ref": {
"type": "string",
"pattern": "^indicator--",
"required": true
},
"target_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
}
}
},
{
"title": "relationship--ap-to-incident-ap",
"description": "Relationship the micro attack pattern to the master incident attack pattern.",
"type": "object",
"properties": {
"relationship_type": {
"type": "string",
"description": "Using the related-to field here.",
"const": "related-to"
},
"source_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
},
"target_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
}
}
},
{
"title": "relationship--indicator-to-observed-data",
"description": "Relationship to show the sourcing of the indicator from observed data in an event.",
"type": "object",
"properties": {
"relationship_type": {
"type": "string",
"description": "Using the related-to field here.",
"const": "based-on"
},
"source_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
},
"target_ref": {
"type": "string",
"pattern": "^attack-pattern--",
"required": true
}
}
}
]
}