Skip to content

Commit

Permalink
Release 0.3.3 (#619)
Browse files Browse the repository at this point in the history 
* removed indicators groupings from meta properties file #484

* #345 expose parse via REST

* #345

* #443 nginx serves compiled aot prod ui

* wip build fails sometimes w/ out of memory when building in docker

* serves angular aot app

* #346 mockup

* fixup #346

* Added app.js to volume mapping for api #508

* updated to include stix patterns for the three indicators that MITRE posted in https://github.com/mitre/stix2patterns_translator Fixed #516

* removed pattern_lang from indicators

* added HTTPS_PROXY_URL env variable to docker compose files #527

* added RUN_MODE env variables #524

* added unfetter open identity #528

* typo in unfetter open stix id #528

* added created_by_ref for unfetter stix fixes #532

* Delete Jenkinsfile

* fixed HTTPS_PROXY_URL var in docker.compse.yml

* added open vocab to config file #535

* testing jenkins

* Release 0.3.2 (#561)

* Updated the master compose file to reflect the new version of the images, and added the CTF

* synced .aot yml with .dev yml for ctf-ingest

* Release 0.3.2 canidate 2 (#566)

* Revert "Added Jenkinsfile"

* Not sure

* Added Jenkinsfile

* Delete Jenkinsfile

* Update README.md

* Update README.md

* Release 0.3.2 (#559)

* removed indicators groupings from meta properties file #484

* #345 expose parse via REST

* #345

* #443 nginx serves compiled aot prod ui

* wip build fails sometimes w/ out of memory when building in docker

* serves angular aot app

* #346 mockup

* fixup #346

* Added app.js to volume mapping for api #508

* updated to include stix patterns for the three indicators that MITRE posted in https://github.com/mitre/stix2patterns_translator Fixed #516

* removed pattern_lang from indicators

* added HTTPS_PROXY_URL env variable to docker compose files #527

* added RUN_MODE env variables #524

* added unfetter open identity #528

* typo in unfetter open stix id #528

* added created_by_ref for unfetter stix fixes #532

* Delete Jenkinsfile

* fixed HTTPS_PROXY_URL var in docker.compse.yml

* added open vocab to config file #535

* testing jenkins

* Updated the master compose file to reflect the new version of the images, and added the CTF

* synced .aot yml with .dev yml for ctf-ingest

* renamed docker-compose.aot to docker-compose.deploy, synced ctf-ingest container with .development, made default RUN_MODE DEMO

* added the unfetter-ctf

* removed extra link

* deleted .aot yml, upgraded .deploy yml to use new api deploy command #568 (#569)

* added observed data mapping to config file #571 (#581)

* example threat report

* load sample translation configs (#601)

* load sample report by url (#606)

* load sample report by url

* single item per config key

* fix regex to handle path or no path urls

* refactor common nginx configs, test whitelist certs (#611)

* added volume mounting for processor

* put uac mode in development file

* multiple workproducts per report, many to many relationship (#617)

* updated version numbers
  • Loading branch information
@infosec-alchemist
infosec-alchemist committed Dec 15, 2017
1 parent 1623807 commit cd4e4c7
Show file tree
Hide file tree
Showing 24 changed files with 3,407 additions and 2,679 deletions.
194 changes: 190 additions & 4 deletions config/examples/unfetter-db/config.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
[
{
[{
"_id": "d9732cfc-166e-41a0-af79-d37e7abc69b2",
"configKey": "killChains",
"configValue": [
{
"configValue": [{
"name": "mitre-attack",
"phase_names": [
"persistence",
Expand Down Expand Up @@ -232,5 +230,193 @@
"configGroups": [
"stixConfig"
]

},
{
"_id": "98fba9e7-6ad8-4bac-a178-af9282f8b05c",
"configKey": "observableDataTypes",
"configValue": [{
"name": "driver",
"actions": [
"load",
"unload"
],
"properties": [
"base_address",
"fqdn",
"hostname",
"image_path",
"md5_hash_,module_name",
"sha1_hash",
"sh256_hash",
"signer"
]
},
{
"name": "file",
"actions": [
"create",
"delete",
"modify",
"read",
"timestomp",
"write"
],
"properties": [
"hashes",
"size",
"name",
"name_enc",
"magic_number_hex",
"mime_type",
"created",
"modified",
"accessed",
"parent_directory",
"is_encrypted",
"encryption_algorithm",
"decryption_key"
]
},
{
"name": "network-traffic",
"actions": [
"end",
"message",
"start"
],
"properties": [
"start",
"end",
"is_active",
"src_ref",
"dst_ref",
"src_port",
"dst_port",
"protocols",
"src_byte_count",
"dst_byte_count",
"src_packets",
"dst_packets",
"ipfix",
"src_payload_ref",
"dst_payload_ref"
]
},
{
"name": "process",
"actions": [
"create",
"terminate"
],
"properties": [
"is_hidden",
"pid",
"name",
"created",
"cwd",
"arguments",
"command_line",
"environment_variables",
"opened_connection_refs",
"creator_user_ref",
"binary_ref",
"parent_ref",
"child_refs"
]
},
{
"name": "windows-registry-key",
"actions": [
"add",
"edit",
"remove"
],
"properties": [
"key",
"values",
"modified",
"creator_user_ref",
"number_of_subkeys"
]
},
{
"name": "service",
"actions": [
"create",
"delete",
"pause",
"start",
"stop"
],
"properties": [
"service_name",
"descriptions",
"display_name",
"group_name",
"start_type",
"service_dll_refs",
"service_type",
"service_status"
]
},
{
"name": "thread",
"actions": [
"create",
"remote_create",
"suspend",
"terminate"
],
"properties": [
"hostname",
"src_pid",
"src_tid",
"stack_base",
"stack_limit",
"start_address",
"start_function",
"start_module",
"start_module_name",
"subprocess_tag",
"tgt_pid",
"tgt_tid",
"user",
"user_stack_base",
"user_stack_limit"
]
},
{
"name": "user-account",
"actions": [
"interactive",
"local",
"lock",
"login",
"logout",
"rdp",
"reconnect",
"remote",
"unlock"
],
"properties": [
"user_id",
"account_login",
"account_type",
"display_name",
"is_service_account",
"is_privileged",
"can_escalate_privs",
"is_disabled",
"account_created",
"account_expires",
"password_last_changed",
"account_first_login",
"acount_last_login"
]
}
]


}
]
32 changes: 32 additions & 0 deletions config/examples/unfetter-db/stix-enhancements.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,36 @@
[
{
"extendedProperties": {
"x_unfetter_object_actions": [
"The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
]
},
"id": "report--44c023fa-dfcb-4334-9a44-ee9c096f96cf"
},
{
"extendedProperties": {
"x_unfetter_object_actions": [
"The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
]
},
"id": "report--3284a25f-114a-490c-af70-ccfc694f7f02"
},
{
"extendedProperties": {
"x_unfetter_object_actions": [
"The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
]
},
"id": "report--2a4fd840-1856-4776-af90-2eb67acee3ee"
},
{
"extendedProperties": {
"x_unfetter_object_actions": [
"The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
]
},
"id": "report--de00c562-6afe-4e5c-994d-1aff0762b783"
},
{
"id": "attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"extendedProperties": {
Expand Down
Loading

0 comments on commit cd4e4c7

Please sign in to comment.