/
definition.json
68 lines (68 loc) · 1.98 KB
/
definition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{
"attributes": {
"comments": {
"description": "Full name assigned to the user profile.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"full-user-name": {
"description": "Full name assigned to the user profile.",
"misp-attribute": "text",
"ui-priority": 0
},
"key": {
"description": "Registry key where the information is retrieved from.",
"misp-attribute": "text",
"ui-priority": 0
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"last-login-time": {
"description": "Date and time when the user last logged onto the system.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"login-count": {
"description": "Number of times the user logged-in onto the system.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"pwd-reset-time": {
"description": "Date and time when the password was last reset.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"user-name": {
"description": "User name assigned to the user profile.",
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
"meta-category": "misc",
"name": "regripper-sam-hive-single-user",
"required": [
"key"
],
"requiredOneOf": [
"user-name",
"last-login-time",
"login-count"
],
"uuid": "112efd9a-2137-4198-92ed-7c91043e2cd4",
"version": 1
}