digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-04-10 12:13:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

add stix

Browse Source
This commit is contained in:
Frank Xu
2021-01-25 16:29:46 -05:00
parent a5480e4a97
commit f3d617aa63
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
STIX_external_reference/readme.md
View File

@@ -17,3 +17,45 @@
| insider-disgruntled-harassing | |
| illegal-possessor | An individual that owns, produces, distributes illegal information and device |
| online- predators | An individual that makes sexual advances to minors. |
## Windows Security Event Object
**Type Name:** windows-security-evt
## Properties
| Property Name | Type | Description |
| --------------- | ---------- | -------------------------------------------------------- |
| type (required) | string | The value of this property MUST be windows-security-evt. |
| id | identifier | The ID of a secuity type |
| level | integer | |
| task | integer | |
| opcode | integer | |
| created | timestamp | |
| record | integer | |
| process | integer | |
| thread | integer | |
| computer | string | The ID of the computer |
| user | string | The security user ID |
## Relationships
| Embedded Relationships | |
| ---------------------- | ---------- |
| created_by_ref | identifier |
```json
{
"type": "windows-security-evt",
"spec_version": "2.1",
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:00.000Z",
"level": 0,
"opcode": 0,
"record": 1101704,
"proces": 58,
"thread": 511,
"Computer": "DC01.contoso.local"
}
```