--- type: map mapping: # Id field enhancement possibility commenting out for now # "Id": # type: str # required: true # pattern: '[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}' "Name": type: str required: true "Description": type: str required: true "Aliases": type: seq required: false sequence: - type: map mapping: "Alias": type: str required: false "Author": type: str required: true "Created": type: date format: '%Y-%M-%d' required: true "Commands": type: seq required: true sequence: - type: map mapping: "Command": type: str required: true "Description": type: str required: true "Usecase": type: str required: true "Category": type: str required: true enum: [ADS, AWL Bypass, Compile, Conceal, Copy, Credentials, Decode, Download, Dump, Encode, Execute, Reconnaissance, Tamper, UAC Bypass, Upload] "Privileges": type: str required: true "MitreID": type: str required: true pattern: '^T[0-9]{4}(\.[0-9]{3})?$' "OperatingSystem": type: str required: true "Tags": type: seq sequence: - type: map mapping: regex;(^[A-Z]): type: str required: false "Full_Path": type: seq required: true sequence: - type: map mapping: "Path": type: str required: true "Code_Sample": type: seq required: false sequence: - type: map mapping: "Code": type: str "Detection": type: seq required: false sequence: - type: map mapping: "IOC": type: str "Sigma": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "Analysis": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "Elastic": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "Splunk": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "BlockRule": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "Resources": type: seq required: false sequence: - type: map mapping: "Link": type: str pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#~]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$' "Acknowledgement": type: seq required: false sequence: - type: map mapping: "Person": type: str "Handle": type: str pattern: '^(@(\w){1,15})?$'