diff --git a/doc/json/actor.json b/doc/json/actor.json index 9a613ee2..5f826743 100644 --- a/doc/json/actor.json +++ b/doc/json/actor.json @@ -26,7 +26,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", diff --git a/doc/json/asset.json b/doc/json/asset.json index b65d8a35..b7a446e6 100644 --- a/doc/json/asset.json +++ b/doc/json/asset.json @@ -12,7 +12,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/asset_mapping.json b/doc/json/asset_mapping.json index 28a7dd06..89df3b32 100644 --- a/doc/json/asset_mapping.json +++ b/doc/json/asset_mapping.json @@ -17,7 +17,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "specificity" : "Low", diff --git a/doc/json/asset_properties.json b/doc/json/asset_properties.json index 098d5880..454e58c6 100644 --- a/doc/json/asset_properties.json +++ b/doc/json/asset_properties.json @@ -15,7 +15,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/attack_pattern.json b/doc/json/attack_pattern.json index c7049428..c5e636b9 100644 --- a/doc/json/attack_pattern.json +++ b/doc/json/attack_pattern.json @@ -16,7 +16,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/bundle.json b/doc/json/bundle.json index c0d95c40..f4107674 100644 --- a/doc/json/bundle.json +++ b/doc/json/bundle.json @@ -28,7 +28,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", @@ -62,7 +62,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "specificity" : "Low", @@ -92,7 +92,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -119,7 +119,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -151,7 +151,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -185,7 +185,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -248,7 +248,7 @@ }, "target" : { "specifiers" : "string", - "type" : "amp_computer_guid" + "type" : "acudid" }, "type" : "structured_coa" }, @@ -259,7 +259,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -297,7 +297,7 @@ "revision" : 10, "row_count" : 10, "rows" : [ [ "anything" ] ], - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -335,7 +335,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -366,7 +366,7 @@ }, "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -408,7 +408,7 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "scores" : { "asset" : 10.0 }, @@ -451,7 +451,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "short_description" : "string", "source" : "string", @@ -500,7 +500,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "source" : "string", "source_uri" : "string", @@ -533,7 +533,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -563,7 +563,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -585,7 +585,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_ref" : "string", @@ -597,7 +597,7 @@ "type" : "relationship" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "sighting_refs" : [ "string" ], "sightings" : [ { @@ -865,7 +865,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { @@ -912,7 +912,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -958,7 +958,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1099,7 +1099,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1180,7 +1180,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/campaign.json b/doc/json/campaign.json index e9b936a1..f20f2b03 100644 --- a/doc/json/campaign.json +++ b/doc/json/campaign.json @@ -19,7 +19,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/casebook.json b/doc/json/casebook.json index 56692723..87762b44 100644 --- a/doc/json/casebook.json +++ b/doc/json/casebook.json @@ -29,7 +29,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", @@ -63,7 +63,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "specificity" : "Low", @@ -93,7 +93,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -120,7 +120,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -152,7 +152,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -186,7 +186,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -249,7 +249,7 @@ }, "target" : { "specifiers" : "string", - "type" : "amp_computer_guid" + "type" : "acudid" }, "type" : "structured_coa" }, @@ -260,7 +260,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -298,7 +298,7 @@ "revision" : 10, "row_count" : 10, "rows" : [ [ "anything" ] ], - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -336,7 +336,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -367,7 +367,7 @@ }, "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -409,7 +409,7 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "scores" : { "asset" : 10.0 }, @@ -452,7 +452,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "short_description" : "string", "source" : "string", @@ -501,7 +501,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "source" : "string", "source_uri" : "string", @@ -534,7 +534,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -564,7 +564,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -586,7 +586,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_ref" : "string", @@ -598,7 +598,7 @@ "type" : "relationship" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "sighting_refs" : [ "string" ], "sightings" : [ { @@ -866,7 +866,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { @@ -913,7 +913,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -959,7 +959,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1100,7 +1100,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1181,7 +1181,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1212,7 +1212,7 @@ "value" : "1.2.3.4" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/coa.json b/doc/json/coa.json index 24174575..b4586beb 100644 --- a/doc/json/coa.json +++ b/doc/json/coa.json @@ -46,7 +46,7 @@ }, "target" : { "specifiers" : "string", - "type" : "amp_computer_guid" + "type" : "acudid" }, "type" : "structured_coa" }, @@ -57,7 +57,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/feedback.json b/doc/json/feedback.json index 7f39614b..235b84d9 100644 --- a/doc/json/feedback.json +++ b/doc/json/feedback.json @@ -13,7 +13,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/incident.json b/doc/json/incident.json index 2f7b9811..0cfb1c6d 100644 --- a/doc/json/incident.json +++ b/doc/json/incident.json @@ -28,7 +28,7 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "scores" : { "asset" : 10.0 }, diff --git a/doc/json/indicator.json b/doc/json/indicator.json index 23bcbe9d..c1c9d913 100644 --- a/doc/json/indicator.json +++ b/doc/json/indicator.json @@ -24,7 +24,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "short_description" : "string", "source" : "string", diff --git a/doc/json/judgement.json b/doc/json/judgement.json index 0703275f..565264b3 100644 --- a/doc/json/judgement.json +++ b/doc/json/judgement.json @@ -20,7 +20,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "severity" : "Critical", "source" : "string", "source_uri" : "string", diff --git a/doc/json/malware.json b/doc/json/malware.json index 3a824dfe..3ff22d0d 100644 --- a/doc/json/malware.json +++ b/doc/json/malware.json @@ -17,7 +17,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/note.json b/doc/json/note.json index 363870ed..5b5993a0 100644 --- a/doc/json/note.json +++ b/doc/json/note.json @@ -17,7 +17,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/relationship.json b/doc/json/relationship.json index b093c7b8..9ab68aac 100644 --- a/doc/json/relationship.json +++ b/doc/json/relationship.json @@ -12,7 +12,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_ref" : "string", diff --git a/doc/json/sighting.json b/doc/json/sighting.json index 38d81fb3..a1b4d836 100644 --- a/doc/json/sighting.json +++ b/doc/json/sighting.json @@ -263,7 +263,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { diff --git a/doc/json/target_record.json b/doc/json/target_record.json index 1141e3f9..79322889 100644 --- a/doc/json/target_record.json +++ b/doc/json/target_record.json @@ -11,7 +11,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/tool.json b/doc/json/tool.json index 310c4400..01ea10c0 100644 --- a/doc/json/tool.json +++ b/doc/json/tool.json @@ -16,7 +16,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/vulnerability.json b/doc/json/vulnerability.json index 8235d3ff..bf0a3d88 100644 --- a/doc/json/vulnerability.json +++ b/doc/json/vulnerability.json @@ -108,7 +108,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/weakness.json b/doc/json/weakness.json index 1d393bd7..a67deaae 100644 --- a/doc/json/weakness.json +++ b/doc/json/weakness.json @@ -68,7 +68,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.18", + "schema_version" : "1.3.19", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/structures/asset_mapping.md b/doc/structures/asset_mapping.md index c03d84ac..0f77c9f3 100644 --- a/doc/structures/asset_mapping.md +++ b/doc/structures/asset_mapping.md @@ -361,6 +361,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -370,6 +371,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/bundle.md b/doc/structures/bundle.md index 7ae75e41..427ae4af 100644 --- a/doc/structures/bundle.md +++ b/doc/structures/bundle.md @@ -1904,6 +1904,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -1913,6 +1914,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -3929,6 +3931,7 @@ Observable types that can be acted upon. * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -3938,6 +3941,7 @@ Observable types that can be acted upon. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -6135,6 +6139,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -6144,6 +6149,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -9802,6 +9808,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -9811,6 +9818,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -9888,6 +9896,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -9897,6 +9906,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -9989,6 +9999,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -9998,6 +10009,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -10202,6 +10214,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -10211,6 +10224,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -10372,6 +10386,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -10381,6 +10396,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -10967,6 +10983,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -10976,6 +10993,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -11468,6 +11486,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -11477,6 +11496,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -12076,6 +12096,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -12085,6 +12106,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/casebook.md b/doc/structures/casebook.md index 8774200c..50e8302e 100644 --- a/doc/structures/casebook.md +++ b/doc/structures/casebook.md @@ -298,6 +298,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -307,6 +308,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -4221,6 +4223,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -4230,6 +4233,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -5005,6 +5009,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -5014,6 +5019,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -5467,6 +5473,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -5476,6 +5483,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -8214,6 +8222,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -8223,6 +8232,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -8300,6 +8310,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -8309,6 +8320,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -8401,6 +8413,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -8410,6 +8423,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -8614,6 +8628,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -8623,6 +8638,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -8784,6 +8800,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -8793,6 +8810,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -10288,6 +10306,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -10297,6 +10316,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -12761,6 +12781,7 @@ Observable types that can be acted upon. * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -12770,6 +12791,7 @@ Observable types that can be acted upon. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -14432,6 +14454,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -14441,6 +14464,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/coa.md b/doc/structures/coa.md index b079af47..a99b1d39 100644 --- a/doc/structures/coa.md +++ b/doc/structures/coa.md @@ -854,6 +854,7 @@ Observable types that can be acted upon. * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -863,6 +864,7 @@ Observable types that can be acted upon. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/judgement.md b/doc/structures/judgement.md index da314128..345a4004 100644 --- a/doc/structures/judgement.md +++ b/doc/structures/judgement.md @@ -352,6 +352,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -361,6 +362,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/sighting.md b/doc/structures/sighting.md index 2eaaa544..33674df8 100644 --- a/doc/structures/sighting.md +++ b/doc/structures/sighting.md @@ -702,6 +702,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -711,6 +712,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -915,6 +917,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -924,6 +927,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -1001,6 +1005,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -1010,6 +1015,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -1293,6 +1299,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -1302,6 +1309,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device @@ -1379,6 +1387,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -1388,6 +1397,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/target_record.md b/doc/structures/target_record.md index e3945bcd..e8260fd5 100644 --- a/doc/structures/target_record.md +++ b/doc/structures/target_record.md @@ -434,6 +434,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -443,6 +444,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/doc/structures/verdict.md b/doc/structures/verdict.md index 14bc81e7..1d5b88b3 100644 --- a/doc/structures/verdict.md +++ b/doc/structures/verdict.md @@ -102,6 +102,7 @@ The type of observable. * *ObservableTypeIdentifier* Observable type names * Allowed Values: + * acudid * amp_computer_guid * certificate_common_name * certificate_issuer @@ -111,6 +112,7 @@ The type of observable. * cisco_uc_id * cortex_agent_id * crowdstrike_id + * cvm_id * cybereason_id * darktrace_id * device diff --git a/src/ctim/schemas/vocabularies.cljc b/src/ctim/schemas/vocabularies.cljc index 474a64f2..272aab52 100644 --- a/src/ctim/schemas/vocabularies.cljc +++ b/src/ctim/schemas/vocabularies.cljc @@ -274,15 +274,17 @@ :gen (cs/gen motivation)) (def observable-type-identifier - #{"amp_computer_guid" + #{"acudid" ;; AnyConnect ID + "amp_computer_guid" "certificate_common_name" "certificate_issuer" "certificate_serial" + "cisco_cm_id" ;; Cisco NVM UUID "cisco_mid" "cisco_uc_id" ;; Cisco Unified Connector ID - "cisco_cm_id" ;; Cisco NVM UUID "cortex_agent_id" ;; PAN Cortex XDR Agent ID "crowdstrike_id" + "cvm_id" ;; Cisco Vulnerability Management ID "cybereason_id" "darktrace_id" ;; Darktrace ID "device" @@ -299,9 +301,9 @@ "ipv6" "mac_address" "md5" + "meraki_network_id" "meraki_node_sn" "meraki_org_id" - "meraki_network_id" "ms_machine_id" ;; Microsoft Windows Defender Machine ID "mutex" "ngfw_id" @@ -310,13 +312,13 @@ "odns_identity_label" "orbital_node_id" "pki_serial" ;; PKI Certificate serial numbers for revoked code signing or server certificates - "processor_id" - "process_name" "process_args" "process_hash" + "process_name" "process_path" "process_uid" ;; used to correlate process_name to specific process attributes "process_username" + "processor_id" "registry_key" "registry_name" "registry_path" @@ -554,7 +556,6 @@ "Patching and Maintenance" "Porting"}) - (def-enum-type NoteType note-types :open? true @@ -848,7 +849,6 @@ :reference "[AbstractionEnumeration ](https://cwe.mitre.org/documents/schema/#AbstractionEnumeration)") - ;; Common Vulnerability Scoring System v3 (def cvss-v3-attack-vectors @@ -1021,7 +1021,7 @@ "can be exploited. For example, a successful " "exploit may only be possible during the installation " "of an application by a system administrator.") - :reference "[User Interaction] (https://www.first.org/cvss/specification-document#2-1-4-User-Interaction-UI)" ) + :reference "[User Interaction] (https://www.first.org/cvss/specification-document#2-1-4-User-Interaction-UI)") (def cvss-v3-modified-user-interactions (conj user-interactions "not_defined"))