SkillAegis/exercises/basic-event-creation.json
2024-06-26 15:30:47 +02:00

392 lines
9.8 KiB
JSON

{
"exercise": {
"description": "Simple Data Creation: Creation of an Event using the API",
"expanded": "Simple Data Creation: Creation of an Event using the API",
"meta": {
"author": "MISP Project",
"level": "beginner",
"priority": 1
},
"name": "Simple Data Creation Via the API",
"namespace": "data-model",
"tags": [
"exercise:software-scope=\"misp\"",
"state:production"
],
"total_duration": "7200",
"uuid": "29324587-db6c-4a73-a209-cf8c79871629",
"version": "20240624"
},
"inject_flow": [
{
"description": "Event Creation",
"inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e",
"reporting_callback": [],
"requirements": {},
"sequence": {
"completion_trigger": [
"time_expiration",
"completion"
],
"followed_by": [
"00275360-d84a-4ce7-84fc-98baefd13776"
],
"trigger": [
"startex"
]
},
"timing": {
"triggered_at": null
}
},
{
"description": "Attributes Creation",
"inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776",
"reporting_callback": [],
"requirements": {
"inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e",
"resolution_requirement": "MISP Event created"
},
"sequence": {
"completion_trigger": [
"time_expiration",
"completion"
],
"followed_by": [
"be1c3d25-e0df-4492-bdc1-f2e825194ef3"
],
"trigger": [
]
},
"timing": {
"triggered_at": null
}
},
{
"description": "Object Creation",
"inject_uuid": "be1c3d25-e0df-4492-bdc1-f2e825194ef3",
"reporting_callback": [],
"requirements": {
"inject_uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e",
"resolution_requirement": "MISP Event created"
},
"sequence": {
"completion_trigger": [
"time_expiration",
"completion"
],
"followed_by": [
"cf149a8c-5601-4eec-aea3-5142170d309b"
],
"trigger": [
]
},
"timing": {
"triggered_at": null
}
},
{
"description": "Edition to `org-only`",
"inject_uuid": "cf149a8c-5601-4eec-aea3-5142170d309b",
"reporting_callback": [],
"requirements": {
"inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776",
"resolution_requirement": "MISP Attributes created"
},
"sequence": {
"completion_trigger": [
"time_expiration",
"completion"
],
"followed_by": [
"b4a8c490-4f0a-4a33-bee1-044b9f659e83"
],
"trigger": [
]
},
"timing": {
"triggered_at": null
}
},
{
"description": "Tagging `tlp:green`",
"inject_uuid": "b4a8c490-4f0a-4a33-bee1-044b9f659e83",
"reporting_callback": [],
"requirements": {
"inject_uuid": "00275360-d84a-4ce7-84fc-98baefd13776",
"resolution_requirement": "MISP Attributes created"
},
"sequence": {
"completion_trigger": [
"time_expiration",
"completion"
],
"trigger": [
]
},
"timing": {
"triggered_at": null
}
}
],
"inject_payloads": [
],
"injects": [
{
"action": "event_creation",
"inject_evaluation": [
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
}
],
"result": "MISP Event created",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
20
]
}
],
"name": "Event Creation",
"target_tool": "MISP",
"uuid": "a6b5cf88-ba93-4c3f-8265-04e00d53778e"
},
{
"action": "attribute_creation",
"inject_evaluation": [
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
},
{
"Event.Attribute": {
"comparison": "contains",
"values": [
{
"type": "ip-dst",
"value": "1.2.3.4"
},
{
"type": "domain",
"value": "evil.com"
},
{
"type": "filename",
"value": "evil.exe"
}
]
}
}
],
"result": "MISP Attributes created",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
30
]
}
],
"name": "Attributes Creation",
"target_tool": "MISP",
"uuid": "00275360-d84a-4ce7-84fc-98baefd13776"
},
{
"action": "object_creation",
"inject_evaluation": [
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
},
{
"Event.Object": {
"comparison": "contains",
"values": [
{
"name": "domain-ip",
"template_uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734"
}
]
}
}
],
"result": "MISP Object created`",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
10
]
},
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
},
{
"Event.Object[name=\"domain-ip\"].Attribute": {
"comparison": "contains",
"values": [
{
"object_relation": "ip",
"value": "4.3.2.1"
},
{
"object_relation": "domain",
"value": "foobar.baz"
},
{
"object_relation": "text",
"value": "Classified information"
}
]
}
}
],
"result": "MISP Object's Attributes created`",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
10
]
}
],
"name": "Object Creation",
"target_tool": "MISP",
"uuid": "be1c3d25-e0df-4492-bdc1-f2e825194ef3"
},
{
"action": "edition_org_only",
"inject_evaluation": [
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
},
{
"Event.Attribute": {
"comparison": "contains",
"values": [
{
"type": "ip-dst",
"value": "1.2.3.4",
"distribution": 0
}
]
}
}
],
"result": "MISP Edition `org-only` done",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
10
]
}
],
"name": "Edition to `org-only`",
"target_tool": "MISP",
"uuid": "cf149a8c-5601-4eec-aea3-5142170d309b"
},
{
"action": "tagging_tlp_green",
"inject_evaluation": [
{
"parameters": [
{
"Event.info": {
"comparison": "contains",
"values": [
"event",
"API"
]
}
},
{
"Event.Attribute": {
"comparison": "contains",
"values": [
{
"type": "ip-dst",
"value": "1.2.3.4",
"distribution": 0
}
]
}
},
{
"Event.Attribute[value=\"1.2.3.4\"].Tag": {
"JQ": "jq '.Event.Attribute[] | select(.value == \"1.2.3.4\") | .Tag'",
"comparison": "contains",
"values": [
{
"name": "tlp:green"
}
]
}
}
],
"result": "MISP Tagging `tlp:green` done",
"evaluation_strategy": "data_filtering",
"evaluation_context": {
"request_is_rest": true
},
"score_range": [
0,
20
]
}
],
"name": "Tagging `tlp:green`",
"target_tool": "MISP",
"uuid": "b4a8c490-4f0a-4a33-bee1-044b9f659e83"
}
]
}