-
Notifications
You must be signed in to change notification settings - Fork 33
/
openc2vocabularies.cljc
executable file
·126 lines (116 loc) · 2.49 KB
/
openc2vocabularies.cljc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
(ns ctim.schemas.openc2vocabularies
(:require #?(:clj [flanders.core :refer [def-enum-type]]
:cljs [flanders.core :refer-macros [def-enum-type]])))
(def COA-type
#{"alert"
"allow"
"augment"
"contain"
"delete"
"deny"
"detonate"
"distill"
"get"
"investigate"
"locate"
"mitigate"
"modify"
"move"
"notify"
"other"
"pause"
"query"
"redirect"
"remediate"
"report"
"response"
"restart"
"restore"
"resume"
"save"
"scan"
"set"
"snapshot"
"start"
"stop"
"substitute"
"sync"
"throttle"
"update"})
(def-enum-type COAType
COA-type
:reference (str "[OpenC2/STIX COA XML schema](https://"
"github.com/OpenC2-org/subgroup-stix/blob/"
"master/schema/openc2_stix_coa.xsd)"))
(def actuator-type
#{"endpoint",
"endpoint.digital-telephone-handset",
"endpoint.laptop",
"endpoint.pos-terminal",
"endpoint.printer",
"endpoint.sensor",
"endpoint.server",
"endpoint.smart-meter",
"endpoint.smart-phone",
"endpoint.tablet",
"endpoint.workstation",
"network",
"network.bridge",
"network.firewall",
"network.gateway",
"network.guard",
"network.hips",
"network.hub",
"network.ids",
"network.ips",
"network.modem",
"network.nic",
"network.proxy",
"network.router",
"network.security_manager",
"network.sense_making",
"network.sensor",
"network.switch",
"network.vpn",
"network.wap",
"process",
"process.aaa-server",
"process.anti-virus-scanner",
"process.connection-scanner",
"process.directory-service",
"process.dns-server",
"process.email-service",
"process.file-scanner",
"process.location-service",
"process.network-scanner",
"process.remediation-service",
"process.reputation-service",
"process.sandbox",
"process.virtualization-service",
"process.vulnerability-scanner",
"other"})
(def-enum-type ActuatorType actuator-type)
(def modifier-type
#{"delay"
"duration"
"frequency"
"response"
"time"
"reportTo"})
(def-enum-type ModifierType modifier-type)
(def location-class
#{"Internally-Located"
"Externally-Located"
"Co-Located"
"Mobile"
"Unknown"})
(def-enum-type LocationClass location-class)
(def loss-duration
#{"Permanent"
"Weeks"
"Days"
"Hours"
"Minutes"
"Seconds"
"Unknown"})
(def-enum-type LossDuration loss-duration)