LOLBAS/YML-Schema.yml

---
type: map
mapping:
# Id field enhancement possibility commenting out for now
#  "Id":
#    type: str
#    required: true
#    pattern: '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}'
  "Name":
    type: str
    required: true
  "Description":
    type: str
    required: true
  "Aliases":
    type: seq
    required: false
    sequence:
      - type: map
        mapping:
          "Alias":
            type: str
            required: false
  "Author":
    type: str
    required: true
  "Created":
    type: date
    required: true
  "Commands":
    type: seq
    required: true
    sequence:
      - type: map
        mapping:
          "Command":
            type: str
            required: true
          "Description":
            type: str
            required: true
          "Usecase":
            type: str
            required: true
          "Category":
            type: str
            required: true
            enum: [ADS, AWL Bypass, Compile, Conceal, Copy, Credentials, Decode, Download, Dump, Encode, Execute, Reconnaissance, Tamper, UAC Bypass, Upload]
          "Privileges":
            type: str
            required: true
          "MitreID":
            type: str
            required: true
            pattern: '^T[0-9]{4}(\.[0-9]{3})?$'
          "OperatingSystem":
            type: str
            required: true
  "Full_Path":
    type: seq
    required: true
    sequence:
      - type: map
        mapping:
          "Path":
            type: str
            required: true
  "Code_Sample":
    type: seq
    required: false
    sequence:
      - type: map
        mapping:
          "Code":
            type: str
  "Detection":
    type: seq
    required: false
    sequence:
      - type: map
        mapping:
          "IOC":
            type: str
          "Sigma":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Analysis":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Elastic":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Splunk":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "BlockRule":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
  "Resources":
    type: seq
    required: false
    sequence:
      - type: map
        mapping:
          "Link":
            type: str
            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
  "Acknowledgement":
    type: seq
    required: false
    sequence:
      - type: map
        mapping:
          "Person":
            type: str
          "Handle":
            type: str
            pattern: '^(@(\w){1,15})?$'
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`---`
			`type: map`
			`mapping:`
			`# Id field enhancement possibility commenting out for now`
			`# "Id":`
			`# type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`# required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`# pattern: '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}'`
			`"Name":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Description":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding Coneal & Tamper categories to template and Schema. 2022-09-15 13:36:30 -04:00			`"Aliases":`
			`type: seq`
			`required: false`
			`sequence:`
			`- type: map`
			`mapping:`
			`"Alias":`
Fixing indentation in YML-Schema.yml 2022-09-15 13:44:18 -04:00			`type: str`
			`required: false`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Author":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Created":`
Updating schema, created as date. 2022-09-10 22:43:02 -04:00			`type: date`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Commands":`
			`type: seq`
Updating schema file. 2022-09-10 22:36:43 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"Command":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Description":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Usecase":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Category":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding Coneal & Tamper categories to template and Schema. 2022-09-15 13:36:30 -04:00			`enum: [ADS, AWL Bypass, Compile, Conceal, Copy, Credentials, Decode, Download, Dump, Encode, Execute, Reconnaissance, Tamper, UAC Bypass, Upload]`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Privileges":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"MitreID":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Implimenting requested changes from PR #251 review from @wietze. 2022-09-13 22:51:52 -04:00			`pattern: '^T[0-9]{4}(\.[0-9]{3})?$'`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"OperatingSystem":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Full_Path":`
			`type: seq`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"Path":`
			`type: str`
Correcting schema 2022-09-10 22:21:56 -04:00			`required: true`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Code_Sample":`
			`type: seq`
Updating schema file. 2022-09-10 22:36:43 -04:00			`required: false`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"Code":`
			`type: str`
			`"Detection":`
			`type: seq`
Updating schema file. 2022-09-10 22:36:43 -04:00			`required: false`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"IOC":`
			`type: str`
Updating schema file. 2022-09-10 22:32:51 -04:00			`"Sigma":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Updating schema file. 2022-09-10 22:32:51 -04:00			`"Analysis":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Updating schema file. 2022-09-10 22:32:51 -04:00			`"Elastic":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Updating schema file. 2022-09-10 22:32:51 -04:00			`"Splunk":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Updating schema file. 2022-09-10 22:32:51 -04:00			`"BlockRule":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Resources":`
			`type: seq`
Updating schema file. 2022-09-10 22:36:43 -04:00			`required: false`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"Link":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^http[s]?://(?:[a-zA-Z]\|[0-9]\|[$-_@.&+#]\|[!*\(\),]\|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`"Acknowledgement":`
			`type: seq`
Updating schema file. 2022-09-10 22:36:43 -04:00			`required: false`
Adding pyKwalify checking 2022-09-10 18:03:38 -04:00			`sequence:`
			`- type: map`
			`mapping:`
			`"Person":`
			`type: str`
			`"Handle":`
			`type: str`
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00			`pattern: '^(@(\w){1,15})?$'`