mitre-data-component
Data components are parts of data sources.
Authors
| Authors and/or Contributors |
|---|
| MITRE |
Active Directory Object Access
Opening of an active directory object, typically to collect/read its value (ex: Windows EID 4661)
Internal MISP references
UUID 5c6de881-bc70-4070-855a-7a9631a407f7 which can be used as unique global reference for Active Directory Object Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Active Directory Object Creation
Initial construction of a new active directory object (ex: Windows EID 5137)
Internal MISP references
UUID 18b236d8-7224-488f-9d2f-50076a0f653a which can be used as unique global reference for Active Directory Object Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Active Directory Credential Request
A user requested active directory credentials, such as a ticket or token (ex: Windows EID 4769)
Internal MISP references
UUID 02d090b6-8157-48da-98a2-517f7edd49fc which can be used as unique global reference for Active Directory Credential Request in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Active Directory Object Deletion
Removal of an active directory object (ex: Windows EID 5141)
Internal MISP references
UUID 9085a576-636a-455b-91d2-c2921bbe6d1d which can be used as unique global reference for Active Directory Object Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Active Directory Object Modification
Changes made to an active directory object (ex: Windows EID 5163 or 5136)
Internal MISP references
UUID 5b8b466b-2c81-4fe7-946f-d677a74ae3db which can be used as unique global reference for Active Directory Object Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Windows Registry Key Access
Opening a Registry Key, typically to read the associated value (ex: Windows EID 4656)
Internal MISP references
UUID ed0dd8aa-1677-4551-bb7d-8da767617e1b which can be used as unique global reference for Windows Registry Key Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Windows Registry Key Creation
Initial construction of a new Registry Key (ex: Windows EID 4656 or Sysmon EID 12)
Internal MISP references
UUID 7f70fae7-a68d-4730-a83a-f260b9606129 which can be used as unique global reference for Windows Registry Key Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Windows Registry Key Deletion
Removal of a Registry Key (ex: Windows EID 4658 or Sysmon EID 12)
Internal MISP references
UUID 1177a4c5-31c8-400c-8544-9071166afa0e which can be used as unique global reference for Windows Registry Key Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Windows Registry Key Modification
Changes made to a Registry Key and/or Key value (ex: Windows EID 4657 or Sysmon EID 13|14)
Internal MISP references
UUID da85d358-741a-410d-9433-20d6269a6170 which can be used as unique global reference for Windows Registry Key Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
User Account Authentication
An attempt by a user to gain access to a network or computing resource, often by providing credentials (ex: Windows EID 4776 or /var/log/auth.log)
Internal MISP references
UUID a953ca55-921a-44f7-9b8d-3d40141aa17e which can be used as unique global reference for User Account Authentication in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Application Log Content
Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)
Internal MISP references
UUID 9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa which can be used as unique global reference for Application Log Content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Access
Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)
Internal MISP references
UUID 58ef998c-f3bf-4985-b487-b1005f5c05d1 which can be used as unique global reference for Cloud Storage Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
User Account Creation
Initial construction of a new account (ex: Windows EID 4720 or /etc/passwd logs)
Internal MISP references
UUID deb22295-7e37-4a3b-ac6f-c86666fbe63d which can be used as unique global reference for User Account Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
User Account Deletion
Removal of an account (ex: Windows EID 4726 or /var/log access/authentication logs)
Internal MISP references
UUID d6257b8e-869c-41c0-8731-fdca40858a91 which can be used as unique global reference for User Account Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
OS API Execution
Operating system function/method calls executed by a process
Internal MISP references
UUID 9bde2f9d-a695-4344-bfac-f2dce13d121e which can be used as unique global reference for OS API Execution in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
User Account Metadata
Contextual data about an account, which may include a username, user ID, environmental data, etc.
Internal MISP references
UUID b5d0492b-cda4-421c-8e51-ed2b8d85c5d0 which can be used as unique global reference for User Account Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
User Account Modification
Changes made to an account, such as permissions and/or membership in specific groups (ex: Windows EID 4738 or /var/log access/authentication logs)
Internal MISP references
UUID d27b0089-2c39-4b6c-84ff-303e48657e77 which can be used as unique global reference for User Account Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Network Share Access
Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)
Internal MISP references
UUID f5468e67-51c7-4756-9b4f-65707708e7fa which can be used as unique global reference for Network Share Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Network Connection Creation
Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)
Internal MISP references
UUID 181a9f8c-c780-4f1f-91a8-edb770e904ba which can be used as unique global reference for Network Connection Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Creation
Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)
Internal MISP references
UUID 59ec10d9-546b-4b8e-bccb-fa85f71e5055 which can be used as unique global reference for Cloud Storage Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Web Credential Creation
Initial construction of new web credential material (ex: Windows EID 1200 or 4769)
Internal MISP references
UUID 5f7c9def-0ddf-423b-b1f8-fb2ddeed0ce3 which can be used as unique global reference for Web Credential Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Service Disable
Deactivation or stoppage of a cloud service (ex: AWS Cloudtrail StopLogging)
Internal MISP references
UUID ec0612c5-2644-4c50-bcac-82586974fedd which can be used as unique global reference for Cloud Service Disable in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Deletion
Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)
Internal MISP references
UUID 4c41e296-b8d2-4a37-b789-eb565c87c00c which can be used as unique global reference for Cloud Storage Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Enumeration
An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)
Internal MISP references
UUID fcc4811f-9cc8-4db5-8097-4d8242a380de which can be used as unique global reference for Cloud Storage Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Service Enumeration
An extracted list of cloud services (ex: AWS ECS ListServices)
Internal MISP references
UUID 8c826308-2760-492f-9e36-4f0f7e23bcac which can be used as unique global reference for Cloud Service Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Scheduled Job Creation
Initial construction of a new scheduled job (ex: Windows EID 4698 or /var/log cron logs)
Internal MISP references
UUID f42df6f0-6395-4f0c-9376-525a031f00c3 which can be used as unique global reference for Scheduled Job Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Logon Session Creation
Initial construction of a successful new user logon following an authentication attempt. (e.g. Windows EID 4624, /var/log/utmp, or /var/log/wmtp)
Internal MISP references
UUID 9ce98c86-8d30-4043-ba54-0784d478d0b5 which can be used as unique global reference for Logon Session Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Metadata
Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner
Internal MISP references
UUID e214eb6d-de8f-4154-9015-6d47915fbed1 which can be used as unique global reference for Cloud Storage Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Service Metadata
Contextual data about a cloud service and activity around it such as name, type, or purpose/function
Internal MISP references
UUID b33d36e3-d7ea-4895-8eed-19a08a8f7c4f which can be used as unique global reference for Cloud Service Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Storage Modification
Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)
Internal MISP references
UUID 45977f14-1bcc-4ec4-ac14-a30fd3a11f44 which can be used as unique global reference for Cloud Storage Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Cloud Service Modification
Changes made to a cloud service, including its settings and/or data (ex: AWS CloudTrail DeleteTrail or DeleteConfigRule)
Internal MISP references
UUID e52d89f9-1710-4708-88a5-cbef77c4cd5e which can be used as unique global reference for Cloud Service Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Network Traffic Content
Logged network traffic data showing both protocol header and body values (ex: PCAP)
Internal MISP references
UUID 3772e279-27d6-477a-9fe3-c6beb363594c which can be used as unique global reference for Network Traffic Content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Web Credential Usage
An attempt by a user to gain access to a network or computing resource by providing web credentials (ex: Windows EID 1202)
Internal MISP references
UUID ff93f688-d7a4-49cf-9c79-a14454da8428 which can be used as unique global reference for Web Credential Usage in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Firewall Rule Modification
Changes made to a firewall rule, typically to allow/block specific network traffic (ex: Windows EID 4950 or Write/Delete entries within Azure Firewall Rule Collection Activity Logs)
Internal MISP references
UUID d2ff4b56-8351-4ed8-b0fb-d8605366005f which can be used as unique global reference for Firewall Rule Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Network Traffic Flow
Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)
Internal MISP references
UUID a7f22107-02e5-4982-9067-6625d4a1765a which can be used as unique global reference for Network Traffic Flow in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Scheduled Job Metadata
Contextual data about a scheduled job, which may include information such as name, timing, command(s), etc.
Internal MISP references
UUID 7b375092-3a61-448d-900a-77c9a4bde4dc which can be used as unique global reference for Scheduled Job Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Scheduled Job Modification
Changes made to a scheduled job, such as modifications to the execution launch (ex: Windows EID 4702 or /var/log cron logs)
Internal MISP references
UUID faa34cf6-cf32-4dc9-bd6a-8f7a606ff65b which can be used as unique global reference for Scheduled Job Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Kernel Module Load
An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls
Internal MISP references
UUID 23e4ee78-26f3-4fcf-ba43-ab953962f96c which can be used as unique global reference for Kernel Module Load in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Logon Session Metadata
Contextual data about a logon session, such as username, logon type, access tokens (security context, user SIDs, logon identifiers, and logon SID), and any activity associated within it
Internal MISP references
UUID 39b9db72-8b48-4595-a18d-db5bbba3091b which can be used as unique global reference for Logon Session Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Named Pipe Metadata
Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)
Internal MISP references
UUID b9a1578e-8653-4103-be23-cb52e0b1816e which can be used as unique global reference for Named Pipe Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Application Assets
Additional assets included with an application
Internal MISP references
UUID 613788f2-ad72-43f5-b5f7-a93e2adc70fa which can be used as unique global reference for Application Assets in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
API Calls
API calls utilized by an application that could indicate malicious activity
Internal MISP references
UUID 5ae32c6a-2d12-4b8f-81ca-f862f2be0962 which can be used as unique global reference for API Calls in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Active DNS
Queried domain name system (DNS) registry data highlighting current domain to IP address resolutions (ex: dig/nslookup queries)
Internal MISP references
UUID 2e521444-7295-4dec-96c1-7595b2df7811 which can be used as unique global reference for Active DNS in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Drive Access
Opening of a data storage device with an assigned drive letter or mount point
Internal MISP references
UUID 73ff2dcc-24b1-4368-b9dc-706dd9e68354 which can be used as unique global reference for Drive Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
File Access
Opening a file, which makes the file contents available to the requestor (ex: Windows EID 4663)
Internal MISP references
UUID 235b7491-2d2b-4617-9a52-3c0783680f71 which can be used as unique global reference for File Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Process Access
Opening of a process by another process, typically to read memory of the target process (ex: Sysmon EID 10)
Internal MISP references
UUID 1887a270-576a-4049-84de-ef746b2572d6 which can be used as unique global reference for Process Access in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Container Creation
Initial construction of a new container (ex: docker create
Internal MISP references
UUID a5ae90ca-0c4b-481c-959f-0eb18a7ff953 which can be used as unique global reference for Container Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Drive Creation
Initial construction of a drive letter or mount point to a data storage device
Internal MISP references
UUID 3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f which can be used as unique global reference for Drive Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Container Enumeration
An extracted list of containers (ex: docker ps)
Internal MISP references
UUID 91b3ed33-d1b5-4c4b-a896-76c55eb3cfd8 which can be used as unique global reference for Container Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Command Execution
The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )
Internal MISP references
UUID 685f917a-e95e-4ba0-ade1-c7d354dae6e0 which can be used as unique global reference for Command Execution in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
File Creation
Initial construction of a new file (ex: Sysmon EID 11)
Internal MISP references
UUID 2b3bfe19-d59a-460d-93bb-2f546adc2d2c which can be used as unique global reference for File Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
WMI Creation
Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)
Internal MISP references
UUID 05645013-2fed-4066-8bdc-626b2e201dd4 which can be used as unique global reference for WMI Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Creation
Initial construction of a new instance (ex: instance.insert within GCP Audit Logs)
Internal MISP references
UUID b5b0e8ae-7436-4951-950a-7b83c4dd3f2c which can be used as unique global reference for Instance Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Image Creation
Initial construction of a virtual machine image (ex: Azure Compute Service Images PUT)
Internal MISP references
UUID b008766d-f34f-4ded-b712-659f59aaed6e which can be used as unique global reference for Image Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Container Metadata
Contextual data about a container and activity around it such as name, ID, image, or status
Internal MISP references
UUID df508a43-65f5-453f-8b8f-4b5d64e60a21 which can be used as unique global reference for Container Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Cluster Metadata
Contextual data about a cluster and activity around it such as name, namespace, age, or status
Internal MISP references
UUID fafaa705-ec08-4405-ac62-288c252e520d which can be used as unique global reference for Cluster Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Malware Content
Code, strings, and other signatures that compromise a malicious payload
Internal MISP references
UUID 167b48f7-76e9-4fcb-9e8d-7121f7bf56c3 which can be used as unique global reference for Malware Content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Network Communication
Network requests made by an application or domains contacted
Internal MISP references
UUID 764ee29e-48d6-4934-8e6b-7a606aaaafc0 which can be used as unique global reference for Network Communication in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Protected Configuration
Device configuration options that are not typically utilized by benign applications
Internal MISP references
UUID 6c62144a-cd5c-401c-ada9-58c4c74cd9d2 which can be used as unique global reference for Protected Configuration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Process Creation
The initial construction of an executable managed by the OS, that may involve one or more tasks or threads. (e.g. Win EID 4688, Sysmon EID 1, cmd.exe > net use, etc.)
Internal MISP references
UUID 3d20385b-24ef-40e1-9f56-f39750379077 which can be used as unique global reference for Process Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Pod Creation
Initial construction of a new pod (ex: kubectl apply|run)
Internal MISP references
UUID 5263cb33-08cc-4a68-820f-004e1e400d76 which can be used as unique global reference for Pod Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Certificate Registration
Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)
Internal MISP references
UUID 1dad5aa4-4bb5-45e4-9e42-55d40003cfa6 which can be used as unique global reference for Certificate Registration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Response Content
Logged network traffic in response to a scan showing both protocol header and body values
Internal MISP references
UUID 0dcbbf4f-929c-489a-b66b-9b820d3f7f0e which can be used as unique global reference for Response Content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Snapshot Creation
Initial construction of a new snapshot (ex: AWS create-snapshot)
Internal MISP references
UUID 3da222e6-53f3-451c-a239-0b405c009432 which can be used as unique global reference for Snapshot Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Container Start
Activation or invocation of a container (ex: docker start or docker restart)
Internal MISP references
UUID 5fe82895-28e5-4aac-845e-dc886b63be2e which can be used as unique global reference for Container Start in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Service Creation
Initial construction of a new service/daemon (ex: Windows EID 4697 or /var/log daemon logs)
Internal MISP references
UUID 5297a638-1382-4f0c-8472-0d21830bf705 which can be used as unique global reference for Service Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Volume Creation
Initial construction of a cloud volume (ex: AWS create-volume)
Internal MISP references
UUID dad75cc7-5bae-4175-adb4-ca1962d8650e which can be used as unique global reference for Volume Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Firewall Disable
Deactivation or stoppage of a cloud service (ex: Write/Delete entries within Azure Firewall Activity Logs)
Internal MISP references
UUID c97d0171-f6e0-4415-85ff-4082fdb8c72a which can be used as unique global reference for Firewall Disable in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
File Deletion
Removal of a file (ex: Sysmon EID 23, macOS ESF EID ES_EVENT_TYPE_AUTH_UNLINK, or Linux commands auditd unlink, rename, rmdir, unlinked, or renameat rules)
Internal MISP references
UUID e905dad2-00d6-477c-97e8-800427abd0e8 which can be used as unique global reference for File Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Deletion
Removal of an instance (ex: instance.delete within GCP Audit Logs)
Internal MISP references
UUID 7561ed50-16cb-4826-82c7-c1ddca61785e which can be used as unique global reference for Instance Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Image Deletion
Removal of a virtual machine image (ex: Azure Compute Service Images DELETE)
Internal MISP references
UUID 8b4ca854-ac08-47da-b24f-601b28a39aff which can be used as unique global reference for Image Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Driver Load
Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)
Internal MISP references
UUID 3551476e-14f5-4e48-a518-e82135329e03 which can be used as unique global reference for Driver Load in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Driver Metadata
Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking
Internal MISP references
UUID f5a9a1dd-82f9-41a3-85b8-13e5b9cd6c79 which can be used as unique global reference for Driver Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Drive Modification
Changes made to a drive letter or mount point of a data storage device
Internal MISP references
UUID 4dcd8ba3-2075-4f8b-941e-39884ffaac08 which can be used as unique global reference for Drive Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Passive DNS
Logged domain name system (DNS) data highlighting timelines of domain to IP address resolutions (ex: passive DNS)
Internal MISP references
UUID cc150ad8-ecfa-4340-9aaa-d21165873bd4 which can be used as unique global reference for Passive DNS in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Domain Registration
Information about domain name assignments and other domain metadata (ex: WHOIS)
Internal MISP references
UUID ff9b665a-598b-4bcb-8b2a-a87566aa1256 which can be used as unique global reference for Domain Registration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Snapshot Deletion
Removal of a snapshot (ex: AWS delete-snapshot)
Internal MISP references
UUID 16e07530-764b-4d83-bae0-cdbfc31bf21d which can be used as unique global reference for Snapshot Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Volume Deletion
Removal of a a cloud volume (ex: AWS delete-volume)
Internal MISP references
UUID 3acecdde-c327-4498-9bb8-33a2e63c6c57 which can be used as unique global reference for Volume Deletion in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Firewall Enumeration
An extracted list of available firewalls and/or their associated settings/rules (ex: Azure Network Firewall CLI Show commands)
Internal MISP references
UUID bf91faa8-0049-4870-810a-4df55e0b77ee which can be used as unique global reference for Firewall Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Group Enumeration
An extracted list of available groups and/or their associated settings (ex: AWS list-groups)
Internal MISP references
UUID 8e44412e-3238-4d64-8878-4f11e27784fe which can be used as unique global reference for Group Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Enumeration
An extracted list of instances within a cloud environment (ex: instance.list within GCP Audit Logs)
Internal MISP references
UUID 2a80d95f-08c4-48e3-833e-151ef19d90f5 which can be used as unique global reference for Instance Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Pod Enumeration
An extracted list of pods within a cluster (ex: kubectl get pods)
Internal MISP references
UUID 07688e40-a7fa-4436-937f-1216674341a0 which can be used as unique global reference for Pod Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Snapshot Enumeration
An extracted list of snapshops within a cloud environment (ex: AWS describe-snapshots)
Internal MISP references
UUID ffd73905-2e51-4f2d-8549-e72fb0eb6c38 which can be used as unique global reference for Snapshot Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Script Execution
The execution of a text file that contains code via the interpreter (e.g. Powershell, WMI, Windows EID 4104, etc.)
Internal MISP references
UUID 9f387817-df83-432a-b56b-a8fb7f71eedd which can be used as unique global reference for Script Execution in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Volume Enumeration
An extracted list of available volumes within a cloud environment (ex: AWS describe-volumes)
Internal MISP references
UUID ec225357-8197-47a4-a9cd-57741d592877 which can be used as unique global reference for Volume Enumeration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Firewall Metadata
Contextual data about a firewall and activity around it such as name, policy, or status
Internal MISP references
UUID 746f095a-f84c-4ccc-90a5-c7caa5c100a2 which can be used as unique global reference for Firewall Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
File Metadata
Contextual data about a file, which may include information such as name, the content (ex: signature, headers, or data/media), user/owner, permissions, etc.
Internal MISP references
UUID 639e87f3-acb6-448a-9645-258f20da4bc5 which can be used as unique global reference for File Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Firmware Modification
Changes made to firmware, including its settings and/or data, such as MBR (Master Boot Record) and VBR (Volume Boot Record)
Internal MISP references
UUID b9d031bb-d150-4fc6-8025-688201bf3ffd which can be used as unique global reference for Firmware Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
File Modification
Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)
Internal MISP references
UUID 84572de3-9583-4c73-aabd-06ea88123dd8 which can be used as unique global reference for File Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Group Metadata
Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group
Internal MISP references
UUID 8d8c7cac-94cf-4726-8989-cab33851168c which can be used as unique global reference for Group Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Group Modification
Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)
Internal MISP references
UUID 05d5b5b4-ef93-4807-b05f-33d8c5a35bc5 which can be used as unique global reference for Group Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Host Status
Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)
Internal MISP references
UUID 85a533a4-5fa4-4dba-b45d-f0717bedd6e6 which can be used as unique global reference for Host Status in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Metadata
Contextual data about an instance and activity around it such as name, type, or status
Internal MISP references
UUID 45fd904d-6eb0-4b50-8478-a961f09f898b which can be used as unique global reference for Instance Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Image Metadata
Contextual data about a virtual machine image such as name, resource group, state, or type
Internal MISP references
UUID b597a220-6510-4397-b0d8-342cd2c58827 which can be used as unique global reference for Image Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Modification
Changes made to an instance, including its settings and/or control data (ex: instance.addResourcePolicies or instances.setMetadata within GCP Audit Logs)
Internal MISP references
UUID 45d0ff14-b9c4-41f5-8603-156657c20b75 which can be used as unique global reference for Instance Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Image Modification
Changes made to a virtual machine image, including setting and/or control data (ex: Azure Compute Service Images PATCH)
Internal MISP references
UUID 071a09b1-8945-46fd-8bb7-6bcc89400963 which can be used as unique global reference for Image Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Start
Activation or invocation of an instance (ex: instance.start within GCP Audit Logs)
Internal MISP references
UUID f8213cde-6b3a-420d-9ab7-41c9af1a919f which can be used as unique global reference for Instance Start in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Instance Stop
Deactivation or stoppage of an instance (ex: instance.stop within GCP Audit Logs)
Internal MISP references
UUID 1361e324-b594-4c0e-a517-20cee32b8d7f which can be used as unique global reference for Instance Stop in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Module Load
Attaching a module into the memory of a process/program, typically to access shared resources/features provided by the module (ex: Sysmon EID 7)
Internal MISP references
UUID c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1 which can be used as unique global reference for Module Load in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Malware Metadata
Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information
Internal MISP references
UUID 93a6e38c-02a5-44d8-9035-b2e08459f31f which can be used as unique global reference for Malware Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Process Metadata
Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.
Internal MISP references
UUID ee575f4a-2d4f-48f6-b18b-89067760adc1 which can be used as unique global reference for Process Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Pod Metadata
Contextual data about a pod and activity around it such as name, ID, namespace, or status
Internal MISP references
UUID c0edd522-0aef-46b3-8efa-2bd334ce4242 which can be used as unique global reference for Pod Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Process Modification
Changes made to a process, or its contents, typically to write and/or execute code in the memory of the target process (ex: Sysmon EID 8)
Internal MISP references
UUID d5fca4e4-e47a-487b-873f-3d22f8865e96 which can be used as unique global reference for Process Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Pod Modification
Changes made to a pod, including its settings and/or control data (ex: kubectl set|patch|edit)
Internal MISP references
UUID 672b2ebd-4310-4efe-bf03-7ab005298a74 which can be used as unique global reference for Pod Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Response Metadata
Contextual data about an Internet-facing resource gathered from a scan, such as running services or ports
Internal MISP references
UUID 1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da which can be used as unique global reference for Response Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Snapshot Metadata
Contextual data about a snapshot, which may include information such as ID, type, and status
Internal MISP references
UUID 8bc66f94-54a9-4be4-bdd1-fe90df643774 which can be used as unique global reference for Snapshot Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Service Metadata
Contextual data about a service/daemon, which may include information such as name, service executable, start type, etc.
Internal MISP references
UUID 74fa567d-bc90-425c-8a41-3c703abb221c which can be used as unique global reference for Service Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Social Media
Established, compromised, or otherwise acquired social media personas
Internal MISP references
UUID 8fb2f315-1aca-4cef-ae0d-8105e1f95985 which can be used as unique global reference for Social Media in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Snapshot Modification
Changes made to a snapshop, such as metadata and control data (ex: AWS modify-snapshot-attribute)
Internal MISP references
UUID f1eb6ea9-f3ab-414f-af35-2d5427199984 which can be used as unique global reference for Snapshot Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Service Modification
Changes made to a service/daemon, such as changes to name, description, and/or start type (ex: Windows EID 7040 or /var/log daemon logs)
Internal MISP references
UUID 66531bc6-a509-4868-8314-4d599e91d222 which can be used as unique global reference for Service Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Volume Metadata
Contextual data about a cloud volume and activity around it, such as id, type, state, and size
Internal MISP references
UUID 0f72bf50-35b3-419d-ab95-70f9b6a818dd which can be used as unique global reference for Volume Metadata in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Volume Modification
Changes made to a cloud volume, including its settings and control data (ex: AWS modify-volume)
Internal MISP references
UUID d46272ce-a0fe-4256-855e-738de7bb63ee which can be used as unique global reference for Volume Modification in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
System Notifications
Notifications generated by the OS
Internal MISP references
UUID bf0ff551-a5a7-40e5-bff9-f9405011b1f4 which can be used as unique global reference for System Notifications in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Permissions Requests
Permissions declared in an application's manifest or property list file
Internal MISP references
UUID b1e0bb80-23d4-44f2-b919-7e9c54898f43 which can be used as unique global reference for Permissions Requests in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Permissions Request
System prompts triggered when an application requests new or additional permissions
Internal MISP references
UUID e2f72131-14d1-411f-8e8c-aa3453dd5456 which can be used as unique global reference for Permissions Request in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
Process Termination
Exit of a running process (ex: Sysmon EID 5 or Windows EID 4689)
Internal MISP references
UUID 61f1d40e-f3d0-4cc6-aa2d-937b6204194f which can be used as unique global reference for Process Termination in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.
System Settings
Settings visible to the user on the device
Internal MISP references
UUID 56c2b384-77f8-461f-a71a-76f7888ebfb6 which can be used as unique global reference for System Settings in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
Related clusters
To see the related clusters, click here.