11{
2- "attributes" : {
3- "id" : {
4- "description" : " Report unique identifier"
5- "misp-attribute" : " text"
6- "ui-priority" : 1
7- },
8- "product" : {
9- "description" : " EDR product name"
10- "disable_correlation" : true ,
11- "misp-attribute" : " text"
12- "ui-priority" : 1
13- },
14- "endpoint-id" : {
15- "description" : " Unique identifier of the endpoint concerned by the report"
16- "misp-attribute" : " text"
17- "ui-priority" : 1
18- },
19- "hostname" : {
20- "description" : " Endpoint hostname"
21- "misp-attribute" : " text"
22- "ui-priority" : 1
23- },
24- "ip" : {
25- "description" : " Endpoint IP address"
26- "disable_correlation" : true ,
27- "misp-attribute" : " ip-src"
28- "ui-priority" : 1
29- },
30- "event" : {
31- "description" : " Raw EDR event which triggered reporting"
32- "disable_correlation" : true ,
33- "misp-attribute" : " attachment"
34- "ui-priority" : 1
35- },
36- "comment" : {
37- "description" : " Any valuable comment about the report"
38- "disable_correlation" : true ,
39- "misp-attribute" : " text"
40- "ui-priority" : 0
41- },
42- "processes" : {
43- "description" : " JSON file containing metadata about running processes at the time of detection"
44- "disable_correlation" : true ,
45- "misp-attribute" : " attachment"
46- "ui-priority" : 0
47- },
48- "modules" : {
49- "description" : " JSON file containing metadata about modules loaded on the system"
50- "disable_correlation" : true ,
51- "misp-attribute" : " attachment"
52- "ui-priority" : 0
53- },
54- "drivers" : {
55- "description" : " JSON file containing metadata about drivers loaded on the system"
56- "disable_correlation" : true ,
57- "misp-attribute" : " attachment"
58- "ui-priority" : 0
59- },
60- "command" : {
61- "description" : " JSON file containing the output of a command ran at report generation"
62- "disable_correlation" : true ,
63- "misp-attribute" : " attachment"
64- "multiple" : true ,
65- "ui-priority" : 0
66- },
67- "executable" : {
68- "description" : " Executable file involved in detection"
69- "disable_correlation" : true ,
70- "misp-attribute" : " attachment"
71- "multiple" : true ,
72- "ui-priority" : 0
73- },
74- "additional-file" : {
75- "description" : " Additional file involved in detection"
76- "disable_correlation" : true ,
77- "misp-attribute" : " attachment"
78- "multiple" : true ,
79- "ui-priority" : 0
80- }
2+ "attributes" : {
3+ "additional-file" : {
4+ "description" : " Additional file involved in detection"
5+ "disable_correlation" : true ,
6+ "misp-attribute" : " attachment"
7+ "multiple" : true ,
8+ "ui-priority" : 0
819 },
82- "description" : " An Object Template to encode an EDR detection report"
83- "meta-category" : " misc"
84- "name" : " edr-report"
85- "requiredOneOf" : [
86- " id"
87- " endpoint-id"
88- " event"
89- ],
90- "uuid" : " eeeca35c-cfcb-49f9-81be-e0c31d83c116"
91- "version" : 1
92- }
10+ "command" : {
11+ "description" : " JSON file containing the output of a command ran at report generation"
12+ "disable_correlation" : true ,
13+ "misp-attribute" : " attachment"
14+ "multiple" : true ,
15+ "ui-priority" : 0
16+ },
17+ "comment" : {
18+ "description" : " Any valuable comment about the report"
19+ "disable_correlation" : true ,
20+ "misp-attribute" : " text"
21+ "ui-priority" : 0
22+ },
23+ "drivers" : {
24+ "description" : " JSON file containing metadata about drivers loaded on the system"
25+ "disable_correlation" : true ,
26+ "misp-attribute" : " attachment"
27+ "ui-priority" : 0
28+ },
29+ "endpoint-id" : {
30+ "description" : " Unique identifier of the endpoint concerned by the report"
31+ "misp-attribute" : " text"
32+ "ui-priority" : 1
33+ },
34+ "event" : {
35+ "description" : " Raw EDR event which triggered reporting"
36+ "disable_correlation" : true ,
37+ "misp-attribute" : " attachment"
38+ "ui-priority" : 1
39+ },
40+ "executable" : {
41+ "description" : " Executable file involved in detection"
42+ "disable_correlation" : true ,
43+ "misp-attribute" : " attachment"
44+ "multiple" : true ,
45+ "ui-priority" : 0
46+ },
47+ "hostname" : {
48+ "description" : " Endpoint hostname"
49+ "misp-attribute" : " text"
50+ "ui-priority" : 1
51+ },
52+ "id" : {
53+ "description" : " Report unique identifier"
54+ "misp-attribute" : " text"
55+ "ui-priority" : 1
56+ },
57+ "ip" : {
58+ "description" : " Endpoint IP address"
59+ "disable_correlation" : true ,
60+ "misp-attribute" : " ip-src"
61+ "ui-priority" : 1
62+ },
63+ "modules" : {
64+ "description" : " JSON file containing metadata about modules loaded on the system"
65+ "disable_correlation" : true ,
66+ "misp-attribute" : " attachment"
67+ "ui-priority" : 0
68+ },
69+ "processes" : {
70+ "description" : " JSON file containing metadata about running processes at the time of detection"
71+ "disable_correlation" : true ,
72+ "misp-attribute" : " attachment"
73+ "ui-priority" : 0
74+ },
75+ "product" : {
76+ "description" : " EDR product name"
77+ "disable_correlation" : true ,
78+ "misp-attribute" : " text"
79+ "ui-priority" : 1
80+ }
81+ },
82+ "description" : " An Object Template to encode an EDR detection report"
83+ "meta-category" : " misc"
84+ "name" : " edr-report"
85+ "requiredOneOf" : [
86+ " id"
87+ " endpoint-id"
88+ " event"
89+ ],
90+ "uuid" : " eeeca35c-cfcb-49f9-81be-e0c31d83c116"
91+ "version" : 1
92+ }
0 commit comments