LOLBAS/YML-Schema.yml

120 lines
3.0 KiB
YAML
Raw Normal View History

2022-09-11 00:03:38 +02:00
---
type: map
mapping:
# Id field enhancement possibility commenting out for now
# "Id":
# type: str
2022-09-11 04:21:56 +02:00
# required: true
2022-09-11 00:03:38 +02:00
# pattern: '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}'
"Name":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Description":
type: str
2022-09-11 04:21:56 +02:00
required: true
"Aliases":
type: seq
required: false
sequence:
- type: map
mapping:
"Alias":
2022-09-15 19:44:18 +02:00
type: str
required: false
2022-09-11 00:03:38 +02:00
"Author":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Created":
2022-09-11 04:43:02 +02:00
type: date
2023-10-03 17:58:52 +02:00
format: '%Y-%M-%d'
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Commands":
type: seq
2022-09-11 04:36:43 +02:00
required: true
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Command":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Description":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Usecase":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Category":
type: str
2022-09-11 04:21:56 +02:00
required: true
enum: [ADS, AWL Bypass, Compile, Conceal, Copy, Credentials, Decode, Download, Dump, Encode, Execute, Reconnaissance, Tamper, UAC Bypass, Upload]
2022-09-11 00:03:38 +02:00
"Privileges":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"MitreID":
type: str
2022-09-11 04:21:56 +02:00
required: true
pattern: '^T[0-9]{4}(\.[0-9]{3})?$'
2022-09-11 00:03:38 +02:00
"OperatingSystem":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Full_Path":
type: seq
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Path":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Code_Sample":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Code":
type: str
"Detection":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"IOC":
type: str
2022-09-11 04:32:51 +02:00
"Sigma":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 04:32:51 +02:00
"Analysis":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 04:32:51 +02:00
"Elastic":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 04:32:51 +02:00
"Splunk":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 04:32:51 +02:00
"BlockRule":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 00:03:38 +02:00
"Resources":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Link":
type: str
pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
2022-09-11 00:03:38 +02:00
"Acknowledgement":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Person":
type: str
"Handle":
type: str
pattern: '^(@(\w){1,15})?$'