-
Notifications
You must be signed in to change notification settings - Fork 6
Data model
Fredrik Borg edited this page Jan 15, 2019
·
3 revisions
| Object | Comment | Vocabularies, standards | Validator |
|---|---|---|---|
| fqdn | |||
| hash | |||
| incident | |||
| ipv6 | |||
| ipv4 | |||
| ssn | |||
| uri | (https?)|(file)|(ftp)://.+ | ||
| tool | |||
| threatActor | |||
| procedure | |||
| asn | |||
| certificate | |||
| tactic | https://attack.mitre.org/wiki/Main_Page | ||
| technique | https://attack.mitre.org/wiki/All_Techniques https://attack.mitre.org/pre-attack/index.php/Main_Page | ||
| location | Region Sub Region Country City Address Geo Point |
ISO-standard? http://www.geonames.org/ontology/documentation.html https://github.com/lukes/ISO-3166-Countries-with-Regional-Codes/blob/master/all/all.csv |
|
| report | |||
| mimeType | |||
| campaign | |||
| sector | "target industry" | STIX 2.0 Vocabulary: agriculture aerospace automotive communications construction defense education energy entertainment financial-services government-national government-regional government-local government-public-services healthcare hospitality-leisure infrastructure insurance manufacturing mining non-profit pharmaceuticals retail technology telecommunications transportation utilities |
|
| platform | platform / software | CPE | |
| goal | |||
| vulnerability | CVE MSID | ||
| exploitTechnique | |||
| mutex | |||
| credential | Passwords, API keys | ||
| registryEntry | |||
| cryptocurrencyAddress | |||
| accountNumber | |||
| userAgent | |||
| service | |||
| port | |||
| person | |||
| organization |