Release 0.3.3 (#619)

* removed indicators groupings from meta properties file #484

* #345 expose parse via REST

* #345

* #443 nginx serves compiled aot prod ui

* wip build fails sometimes w/ out of memory when building in docker

* serves angular aot app

* #346 mockup

* fixup #346

* Added app.js to volume mapping for api #508

* updated to include stix patterns for the three indicators that MITRE posted in https://github.com/mitre/stix2patterns_translator Fixed #516

* removed pattern_lang from indicators

* added HTTPS_PROXY_URL env variable to docker compose files #527

* added RUN_MODE env variables #524

* added unfetter open identity #528

* typo in unfetter open stix id #528

* added created_by_ref for unfetter stix fixes #532

* Delete Jenkinsfile

* fixed HTTPS_PROXY_URL var in docker.compse.yml

* added open vocab to config file #535

* testing jenkins

* Release 0.3.2 (#561)

* Updated the master compose file to reflect the new version of the images, and added the CTF

* synced .aot yml with .dev yml for ctf-ingest

* Release 0.3.2 canidate 2 (#566)

* Revert "Added Jenkinsfile"

* Not sure

* Added Jenkinsfile

* Delete Jenkinsfile

* Update README.md

* Update README.md

* Release 0.3.2 (#559)

* removed indicators groupings from meta properties file #484

* #345 expose parse via REST

* #345

* #443 nginx serves compiled aot prod ui

* wip build fails sometimes w/ out of memory when building in docker

* serves angular aot app

* #346 mockup

* fixup #346

* Added app.js to volume mapping for api #508

* updated to include stix patterns for the three indicators that MITRE posted in https://github.com/mitre/stix2patterns_translator Fixed #516

* removed pattern_lang from indicators

* added HTTPS_PROXY_URL env variable to docker compose files #527

* added RUN_MODE env variables #524

* added unfetter open identity #528

* typo in unfetter open stix id #528

* added created_by_ref for unfetter stix fixes #532

* Delete Jenkinsfile

* fixed HTTPS_PROXY_URL var in docker.compse.yml

* added open vocab to config file #535

* testing jenkins

* Updated the master compose file to reflect the new version of the images, and added the CTF

* synced .aot yml with .dev yml for ctf-ingest

* renamed docker-compose.aot to docker-compose.deploy, synced ctf-ingest container with .development, made default RUN_MODE DEMO

* added the unfetter-ctf

* removed extra link

* deleted .aot yml, upgraded .deploy yml to use new api deploy command #568 (#569)

* added observed data mapping to config file #571 (#581)

* example threat report

* load sample translation configs (#601)

* load sample report by url (#606)

* load sample report by url

* single item per config key

* fix regex to handle path or no path urls

* refactor common nginx configs, test whitelist certs (#611)

* added volume mounting for processor

* put uac mode in development file

* multiple workproducts per report, many to many relationship (#617)

* updated version numbers

Author: infosec-alchemist

config/examples/unfetter-db/config.json

@@ -1,9 +1,7 @@
-[
-    {
+[{
         "_id": "d9732cfc-166e-41a0-af79-d37e7abc69b2",
         "configKey": "killChains",
-        "configValue": [
-            {
+        "configValue": [{
                 "name": "mitre-attack",
                 "phase_names": [
                     "persistence",
@@ -232,5 +230,193 @@
         "configGroups": [
             "stixConfig"
         ]
+
+    },
+    {
+        "_id": "98fba9e7-6ad8-4bac-a178-af9282f8b05c",
+        "configKey": "observableDataTypes",
+        "configValue": [{
+                "name": "driver",
+                "actions": [
+                    "load",
+                    "unload"
+                ],
+                "properties": [
+                    "base_address",
+                    "fqdn",
+                    "hostname",
+                    "image_path",
+                    "md5_hash_,module_name",
+                    "sha1_hash",
+                    "sh256_hash",
+                    "signer"
+                ]
+            },
+            {
+                "name": "file",
+                "actions": [
+                    "create",
+                    "delete",
+                    "modify",
+                    "read",
+                    "timestomp",
+                    "write"
+                ],
+                "properties": [
+                    "hashes",
+                    "size",
+                    "name",
+                    "name_enc",
+                    "magic_number_hex",
+                    "mime_type",
+                    "created",
+                    "modified",
+                    "accessed",
+                    "parent_directory",
+                    "is_encrypted",
+                    "encryption_algorithm",
+                    "decryption_key"
+                ]
+            },
+            {
+                "name": "network-traffic",
+                "actions": [
+                    "end",
+                    "message",
+                    "start"
+                ],
+                "properties": [
+                    "start",
+                    "end",
+                    "is_active",
+                    "src_ref",
+                    "dst_ref",
+                    "src_port",
+                    "dst_port",
+                    "protocols",
+                    "src_byte_count",
+                    "dst_byte_count",
+                    "src_packets",
+                    "dst_packets",
+                    "ipfix",
+                    "src_payload_ref",
+                    "dst_payload_ref"
+                ]
+            },
+            {
+                "name": "process",
+                "actions": [
+                    "create",
+                    "terminate"
+                ],
+                "properties": [
+                    "is_hidden",
+                    "pid",
+                    "name",
+                    "created",
+                    "cwd",
+                    "arguments",
+                    "command_line",
+                    "environment_variables",
+                    "opened_connection_refs",
+                    "creator_user_ref",
+                    "binary_ref",
+                    "parent_ref",
+                    "child_refs"
+                ]
+            },
+            {
+                "name": "windows-registry-key",
+                "actions": [
+                    "add",
+                    "edit",
+                    "remove"
+                ],
+                "properties": [
+                    "key",
+                    "values",
+                    "modified",
+                    "creator_user_ref",
+                    "number_of_subkeys"
+                ]
+            },
+            {
+                "name": "service",
+                "actions": [
+                    "create",
+                    "delete",
+                    "pause",
+                    "start",
+                    "stop"
+                ],
+                "properties": [
+                    "service_name",
+                    "descriptions",
+                    "display_name",
+                    "group_name",
+                    "start_type",
+                    "service_dll_refs",
+                    "service_type",
+                    "service_status"
+                ]
+            },
+            {
+                "name": "thread",
+                "actions": [
+                    "create",
+                    "remote_create",
+                    "suspend",
+                    "terminate"
+                ],
+                "properties": [
+                    "hostname",
+                    "src_pid",
+                    "src_tid",
+                    "stack_base",
+                    "stack_limit",
+                    "start_address",
+                    "start_function",
+                    "start_module",
+                    "start_module_name",
+                    "subprocess_tag",
+                    "tgt_pid",
+                    "tgt_tid",
+                    "user",
+                    "user_stack_base",
+                    "user_stack_limit"
+                ]
+            },
+            {
+                "name": "user-account",
+                "actions": [
+                    "interactive",
+                    "local",
+                    "lock",
+                    "login",
+                    "logout",
+                    "rdp",
+                    "reconnect",
+                    "remote",
+                    "unlock"
+                ],
+                "properties": [
+                    "user_id",
+                    "account_login",
+                    "account_type",
+                    "display_name",
+                    "is_service_account",
+                    "is_privileged",
+                    "can_escalate_privs",
+                    "is_disabled",
+                    "account_created",
+                    "account_expires",
+                    "password_last_changed",
+                    "account_first_login",
+                    "acount_last_login"
+                ]
+            }
+        ]
+
+
     }
 ]

config/examples/unfetter-db/stix-enhancements.json

@@ -1,4 +1,36 @@
 [
+  {
+    "extendedProperties": {
+      "x_unfetter_object_actions": [
+        "The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
+      ]
+    },
+    "id": "report--44c023fa-dfcb-4334-9a44-ee9c096f96cf"
+  },
+  {
+    "extendedProperties": {
+      "x_unfetter_object_actions": [
+        "The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
+      ]
+    },
+    "id": "report--3284a25f-114a-490c-af70-ccfc694f7f02"
+  },
+  {
+    "extendedProperties": {
+      "x_unfetter_object_actions": [
+        "The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
+      ]
+    },
+    "id": "report--2a4fd840-1856-4776-af90-2eb67acee3ee"
+  },
+  {
+    "extendedProperties": {
+      "x_unfetter_object_actions": [
+        "The attacker used injected JavaScript on the compromised websites to redirect targets to an Internet Explorer exploit that dropped Stage 1 launcher/downloader mobile code. This downloader then retrieved and installed a PIVY RAT variant."
+      ]
+    },
+    "id": "report--de00c562-6afe-4e5c-994d-1aff0762b783"
+  },
   {
     "id": "attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
     "extendedProperties": {