misp-objects/objects/windows-service/definition.json at main · MISP/misp-objects · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
{
  "attributes": {
    "comment": {
      "description": "Additional comments.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "display": {
      "description": "Display name/information of the service.",
      "misp-attribute": "windows-service-displayname",
      "ui-priority": 0
    },
    "group": {
      "description": "Group to which the system/driver belong to.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "Base",
        "Boot Bus Extender",
        "Boot File System",
        "Cryptography",
        "Extended base",
        "Event Log",
        "Filter",
        "FSFilter Bottom",
        "FSFilter Infrastructure",
        "File System",
        "FSFilter Virtualization",
        "Keyboard Port",
        "Network",
        "NDIS",
        "Parallel arbitrator",
        "Pointer Port",
        "PnP Filter",
        "ProfSvc_Group",
        "PNP_TDI",
        "SCSI Miniport",
        "SCSI CDROM Class",
        "System Bus Extender",
        "Video Save",
        "other"
      ],
      "ui-priority": 0
    },
    "image-path": {
      "description": "Path of the service/drive",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "name": {
      "description": "name of the service",
      "misp-attribute": "windows-service-name",
      "ui-priority": 0
    },
    "start": {
      "description": "When the service/driver starts or executes.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "Boot start",
        "System start",
        "Auto start",
        "Manual",
        "Disabled"
      ],
      "ui-priority": 0
    },
    "type": {
      "description": "Service/driver type.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "Kernel driver",
        "File system driver",
        "Own process",
        "Share process",
        "Interactive",
        "Other"
      ],
      "ui-priority": 0
    }
  },
  "description": "Windows service and detailed about a service running a Windows operating system",
  "meta-category": "misc",
  "name": "windows-service",
  "required": [
    "name"
  ],
  "uuid": "7598cc63-7ba3-4d0a-91c0-b875c6013035",
  "version": 1
}