LOLBAS/YML-Schema.yml

109 lines
2.7 KiB
YAML
Raw Normal View History

2022-09-11 00:03:38 +02:00
---
type: map
mapping:
# Id field enhancement possibility commenting out for now
# "Id":
# type: str
2022-09-11 04:21:56 +02:00
# required: true
2022-09-11 00:03:38 +02:00
# pattern: '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}'
"Name":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Description":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Author":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Created":
2022-09-11 04:43:02 +02:00
type: date
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Commands":
type: seq
2022-09-11 04:36:43 +02:00
required: true
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Command":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Description":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Usecase":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Category":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
enum: [ADS, AWL Bypass, Compile, Copy, Credentials, Decode, Download, Dump, Encode, Execute, Reconnaissance, UAC Bypass, Upload]
"Privileges":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"MitreID":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
pattern: 'T[0-9]{4}'
"OperatingSystem":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Full_Path":
type: seq
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Path":
type: str
2022-09-11 04:21:56 +02:00
required: true
2022-09-11 00:03:38 +02:00
"Code_Sample":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Code":
type: str
"Detection":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"IOC":
type: str
2022-09-11 04:32:51 +02:00
"Sigma":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
"Analysis":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
"Elastic":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
"Splunk":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
"BlockRule":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
2022-09-11 00:03:38 +02:00
"Resources":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Link":
type: str
pattern: 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
"Acknowledgement":
type: seq
2022-09-11 04:36:43 +02:00
required: false
2022-09-11 00:03:38 +02:00
sequence:
- type: map
mapping:
"Person":
type: str
"Handle":
type: str