forked from threatgrid/ctim
-
Notifications
You must be signed in to change notification settings - Fork 0
/
target_record.cljc
48 lines (40 loc) · 1.78 KB
/
target_record.cljc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
(ns ctim.schemas.target-record
(:require
#?(:clj [flanders.core :as f :refer [def-entity-type def-eq]]
:cljs [flanders.core :as f :refer-macros [def-entity-type def-eq]])
[ctim.schemas.common :as c]))
(def ^:private type-identifier "target-record")
(def-eq TargetRecordTypeIdentifier type-identifier)
(def ^:private description
"A TargetRecord is a Sighting that has no threat or observables associated
with it, it's a way of saying they saw a set of observables together as a Target.")
(def ^:private description-link "[TargetRecord](https://github.com/threatgrid/response/blob/master/features/assets/assets.org#targetrecord)")
(def-entity-type Target
"Schema for TargetRecord Targets"
(:entries c/IdentitySpecification)
(f/optional-entries
(f/entry :os f/any-str
:description (str "Source Operating System where TargetRecord was originated."))
(f/entry :internal (f/bool :default false)
:description "Is it internal to our network?")
(f/entry :sensor f/any-str
:description (str "The OpenC2 Actuator name that best fits the "
"device that is creating this TargetRecord (e.g.: "
"network.firewall, etc.)"))
(f/entry :source_uri c/URI)))
(def-entity-type TargetRecord
{:description description
:reference description-link}
c/base-entity-entries
c/sourced-object-entries
c/describable-entity-entries
(f/required-entries
(f/entry :type TargetRecordTypeIdentifier)
(f/entry :targets (f/seq-of Target))))
(def-entity-type NewTargetRecord
"Schema for submitting new TargetRecord"
(:entries TargetRecord)
c/base-new-entity-entries
(f/optional-entries
(f/entry :type TargetRecordTypeIdentifier)))
(def TargetRecordRef (c/ref-for-type type-identifier))