Skip to content
Snippets Groups Projects
Commit a463f5cf authored by Pavel Kácha's avatar Pavel Kácha
Browse files

Updated schema to contain all accompanying texts (human readable definition... 

Updated schema to contain all accompanying texts (human readable definition can be generated from schema)
parent 32a0d794
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 56 additions and 56 deletions
schema/idea.schema
+ 56
56
View file @ a463f5cf
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "IDEA0 basic object",
"description": "= IDEA0 format definition =\n\nKeys use !CamelCase, however to avoid confusion, they must be case insensitively unique within their parent object. When parsing, keys \"ID\", \"id\", \"iD\" and \"Id\" must be considered as equivalent.\n\nEach definition line is in form KEY: TYPE, followed by an explanation line, where type can be basic JSON type (in ''italics''), syntactically restricted type (with reference to [[#Types|Types]] chapter), or array of former two (order is important). Types define expected syntax, however their content may be further syntactically or semantically restricted according to particular key explanation.\n\nThe keys ''Format'', ''ID'', ''!DetectTime'' and ''Category'' are mandatory, rest of the keys is optional (nonexistent key indicates that information is not applicable or unknown).\n\nAs human language may be ambiguous inadvertently or by omission, when in doubt, consult [[IDEA/Schema|JSON schema]].",
"type": "object",
"required": ["Format", "ID", "DetectTime", "Category"],
"definitions": {
......@@ -13,7 +13,7 @@
"type": "integer"
},
"Version": {
"description": "Must contain string IDEA0. (Trailing zero denotes draft version, after review/discussion and specification finalisation the name will change.)",
"description": "Must contain string \"IDEA0\". (Trailing zero denotes draft version, after review/discussion and specification finalisation the name will change.)",
"type": "string",
"enum": ["IDEA0"]
},
......@@ -32,54 +32,6 @@
"type": "string",
"enum": ["base64"]
},
"EventTag": {
"description": "Category name consists of one or two abbreviated parts - category and optional subcategory, separated by dot. If unsure of more precise nature of the incident, subcategory and dot may be omitted. Category and subcategory name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#EventTag|security event types classification]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+(?:\\.[a-zA-Z0-9_-]+)?$"
},
"ProtocolName": {
"description": "Name must not be empty, must contain only alphanumeric and minus sign, must contain at least one letter, must not begin or end with a hyphen and two hyphens must not be adjacent.\n\nFor semantics and applicable strings see [[IDEA/Classifications#ProtocolName|protocols classification]].",
"type": "string",
"allOf": [
{
"description": "Protocol name must contain at least one letter.",
"pattern": "[a-zA-Z]"
},
{
"description": "Protocol name must contain only alphanumeric and minus sign.",
"pattern": "^[a-zA-Z0-9-]*$"
},
{
"description": "Protocol name must begin with alphanumeric.",
"pattern": "^[a-zA-Z0-9]"
},
{
"description": "Protocol name must end with alphanumeric.",
"pattern": "[a-zA-Z0-9]$"
},
{
"description": "There must not be two adjacent hyphens in protocol name.",
"not": {
"pattern": "--"
}
}
]
},
"SourceTargetTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#SourceTargetTag|source/target classification]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
},
"NodeTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#NodeTag|classification of detection nodes]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
},
"AttachmentTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#AttachmentTag|attachment description]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
},
"Handle": {
"description": "String value unique among all \"Handle\" element values. May contain only alphanumeric or underscore, must not start with number and must not be empty.",
"type": "string",
......@@ -180,6 +132,54 @@
"type": "string",
"format": "uri",
"pattern": "^[a-zA-Z][a-zA-Z0-9+.-]*:[][a-zA-Z0-9._~:/?#@*'&'()*+,;=%-]*$"
},
"EventTag": {
"description": "Category name consists of one or two abbreviated parts - category and optional subcategory, separated by dot. If unsure of more precise nature of the incident, subcategory and dot may be omitted. Category and subcategory name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#EventTag|security event types classification]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+(?:\\.[a-zA-Z0-9_-]+)?$"
},
"ProtocolName": {
"description": "Name must not be empty, must contain only alphanumeric and minus sign, must contain at least one letter, must not begin or end with a hyphen and two hyphens must not be adjacent.\n\nFor semantics and applicable strings see [[IDEA/Classifications#ProtocolName|protocols classification]].",
"type": "string",
"allOf": [
{
"description": "Protocol name must contain at least one letter.",
"pattern": "[a-zA-Z]"
},
{
"description": "Protocol name must contain only alphanumeric and minus sign.",
"pattern": "^[a-zA-Z0-9-]*$"
},
{
"description": "Protocol name must begin with alphanumeric.",
"pattern": "^[a-zA-Z0-9]"
},
{
"description": "Protocol name must end with alphanumeric.",
"pattern": "[a-zA-Z0-9]$"
},
{
"description": "There must not be two adjacent hyphens in protocol name.",
"not": {
"pattern": "--"
}
}
]
},
"SourceTargetTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#SourceTargetTag|source/target classification]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
},
"NodeTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#NodeTag|classification of detection nodes]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
},
"AttachmentTag": {
"description": "Tag name must contain only alphanumeric, underscore and minus sign.\n\nFor semantics and taxonomy see [[IDEA/Classifications#AttachmentTag|attachment description]].",
"type": "string",
"pattern": "^[a-zA-Z0-9_-]+$"
}
},
"properties": {
......@@ -275,7 +275,7 @@
"description": "Array of event categories.",
"type": "array",
"items": {
"description": "Category of event, for allowed strings see [[IDEA/Classifications#Events|event types classification]].",
"description": "Category of event.",
"$ref": "#/definitions/EventTag"
}
},
......@@ -312,7 +312,7 @@
"description": "Array of source/target categories.",
"type": "array",
"items": {
"description": "Closer category of source/target. For allowed strings see [[IDEA/Classifications#SourceTarget|source/target classification]].",
"description": "Closer category of source/target.",
"$ref": "#/definitions/SourceTargetTag"
}
},
......@@ -360,7 +360,7 @@
"description": "Array of protocol names.",
"type": "array",
"items": {
"description": "Protocols, concerning connections from/to this source/target. See [[IDEA/Classifications#Protocols|protocols classification]].",
"description": "Protocols, concerning connections from/to this source/target.",
"$ref": "#/definitions/ProtocolName"
}
},
......@@ -465,7 +465,7 @@
"description": "Array of attachment type tags.",
"type": "array",
"items": {
"description": "Type of the attached data. For allowed strings see [[IDEA/Classifications#Attachment|attachment description]].",
"description": "Type of the attached data.",
"$ref": "#/definitions/AttachmentTag"
}
},
......@@ -547,7 +547,7 @@
"description": "Array of detection node types.",
"type": "array",
"items": {
"description": "Tag, describing various facets of the detector. For useable set of strings see [[IDEA/Classifications#Node|detection node classification]].",
"description": "Tag, describing various facets of the detector.",
"$ref": "#/definitions/NodeTag"
}
},
......@@ -555,7 +555,7 @@
"description": "Array of detection software names.",
"type": "array",
"items": {
"description": "The name of the detection software (optionally including version). For example \"labrea-2.5-stable-1\" or \"HP TippingPoint 7500NX\".",
"description": "The name of the detection software (optionally including version). For example \"labrea-2.5-stable-1\" or \"HP !TippingPoint 7500NX\".",
"type": "string"
}
},
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment