digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-04-10 12:13:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b35bc642af60161fbedffb163415023824bd8856
digital-forensics-lab/STIX_external_reference
History
Frank Xu b35bc642af Browser History Record Object
2021-01-25 21:16:31 -05:00
..
readme.md
Browser History Record Object
2021-01-25 21:16:31 -05:00

readme.md

threat-actor-type-ov external reference

Vocabulary Value Description
criminal-intellectual-property-theft An individual that intentionally deprives someone of his or her intellectual property
criminal-ransomware
criminal-business-email-compromise
criminal-identity-theft
criminal-spoofing-and-phishing
criminal-memory-laundry
insider-disgruntled-sabotage
insider-disgruntled-violence
insider-disgruntled-theft
insider-disgruntled-fraud
insider-disgruntled-espionage
insider-disgruntled-embarrassing
insider-disgruntled-harassing
illegal-possessor An individual that owns, produces, distributes illegal information and device
online- predators An individual that makes sexual advances to minors.

Windows Security Event Object

Type Name: x-windows-security-evt

Properties

Property Name Type Description
type (required) string The value of this property MUST be windows-security-evt.
id (required) identifier The ID of a secuity type
level integer
task integer
opcode integer
created (required) timestamp
record integer
process integer
thread integer
computer string The name of the computer
user string The security user ID
belongs_to_ref identity The relation describes that the source is a part of file

Relationships

Source Relationship Type Target Description 
{
  "type": "x-windows-security-evt",
  "spec_version": "2.1",
  "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
  "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
  "created": "2016-04-06T20:03:00.000Z",
  "level": 0,
  "opcode": 0,
  "record": 1101704,
  "proces": 58,
  "thread": 511,
  "Computer": "DC01.contoso.local",
  "belongs_to_ref": "file--9460a8a8-6351-40bb-b5ad-18f3265bbf7a"
}

Browser History Record Object

Type Name: x-browser-history-record

Properties

Property Name Type Description
type (required) string The value of this property MUST be browser-history
id (required) identifier The ID of a browser history record
url string
title string The title of a web page has been visited
visit-time timestamp
visit-count integer The number of times visited
browser-type identifier The values for this property SHOULD come from the browser-type-ov open vocabulary.
file-requested_ref identifier The ID of the file the requst requested
computer string The name of the computer
user-account identifier The user-account that is associated with record
belongs_to_ref list of type identifier The source of object. The objects referenced in this list MUST be of type file or artifact (e.g., cache, memory).

Relationships

Source Relationship Type Target Description 
{
  "type": "windows-security-evt",
  "spec_version": "2.1",
  "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
  "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
  "created": "2016-04-06T20:03:00.000Z",
  "level": 0,
  "opcode": 0,
  "record": 1101704,
  "proces": 58,
  "thread": 511,
  "Computer": "DC01.contoso.local",
  "belongs_to_ref": "file--9460a8a8-6351-40bb-b5ad-18f3265bbf7a"
}

Browser Type Open Vocabulary

Vocabulary Name: browser-type-ov

ocabulary Value Description
chrome Google chrome browser
ie Internet explore
edge Microsoft Edge
firefox Mozilla Firefox
safari Apple Safari
chromium Open source Chrome alternative
opera
maxthon
brave
360-secure 360 Secure Browser
tor
other

references:

Reference in New Issue View Git Blame Copy Permalink