opentpx 2.2.0.17

Sign up to get free protection for your applications and to get access to all the features.
Files changed (33) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE.txt +15 -0
  3. data/README.md +44 -0
  4. data/bin/opentpx_tools +15 -0
  5. data/lib/tpx.rb +7 -0
  6. data/lib/tpx/2_2/attribute_accessors.rb +34 -0
  7. data/lib/tpx/2_2/classification_element.rb +11 -0
  8. data/lib/tpx/2_2/classification_element_list.rb +11 -0
  9. data/lib/tpx/2_2/collection.rb +21 -0
  10. data/lib/tpx/2_2/collection_element.rb +13 -0
  11. data/lib/tpx/2_2/data_model.rb +32 -0
  12. data/lib/tpx/2_2/element_observable.rb +41 -0
  13. data/lib/tpx/2_2/element_observable_list.rb +17 -0
  14. data/lib/tpx/2_2/exceptions.rb +13 -0
  15. data/lib/tpx/2_2/exchange.rb +220 -0
  16. data/lib/tpx/2_2/heterogeneous_list.rb +136 -0
  17. data/lib/tpx/2_2/homogeneous_list.rb +82 -0
  18. data/lib/tpx/2_2/mandatory_attributes.rb +69 -0
  19. data/lib/tpx/2_2/merging_heterogeneous_list.rb +36 -0
  20. data/lib/tpx/2_2/merging_homogeneous_list.rb +37 -0
  21. data/lib/tpx/2_2/network.rb +23 -0
  22. data/lib/tpx/2_2/network_list.rb +11 -0
  23. data/lib/tpx/2_2/observable.rb +13 -0
  24. data/lib/tpx/2_2/observable_attribute_map.rb +12 -0
  25. data/lib/tpx/2_2/observable_definition.rb +15 -0
  26. data/lib/tpx/2_2/observable_dictionary.rb +12 -0
  27. data/lib/tpx/2_2/schema/tpx.2.2.schema.json +632 -0
  28. data/lib/tpx/2_2/threat_observable.rb +14 -0
  29. data/lib/tpx/2_2/validator.rb +279 -0
  30. data/lib/tpx/tools.rb +81 -0
  31. data/lib/tpx/version.rb +3 -0
  32. data/lib/tpx_2_2.rb +14 -0
  33. metadata +218 -0
data/lib/tpx/2_2/observable_dictionary.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'tpx/2_2/homogeneous_list'
2
+ require 'tpx/2_2/observable_definition'
3
+
4
+ module TPX_2_2
5
+
6
+ # A dictionary of observable objects.
7
+ class ObservableDictionary < HomogeneousList
8
+ homogeneous_list_of ObservableDefinition
9
+ children_keyed_by :observable_id_s
10
+ end
11
+
12
+ end
data/lib/tpx/2_2/schema/tpx.2.2.schema.json ADDED
@@ -0,0 +1,632 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "OpenTPX",
4
+ "description": "An Open Threat Partner eXchange (OpenTPX) file",
5
+
6
+ "definitions": {
7
+
8
+ "suffixed_schema": {
9
+ "type": "object",
10
+ "patternProperties": {
11
+ "_ipv4_i$": { "type": "integer", "minimum": 0, "maximum": 4294967295 },
12
+ "_ipv4_ui$": { "type": "integer", "minimum": 0, "maximum": 4294967295 },
13
+ "_ipv4_s$": { "type": "string", "format": "ipv4" },
14
+ "_cidrv4_s$": { "type": "string" },
15
+ "_ipv6_ll$": { "type": "integer", "minimum": 0 },
16
+ "_ipv6_s$": { "type": "string", "format": "ipv6" },
17
+ "_cidrv6_s$": { "type": "string" },
18
+ "_fqdn_s$": { "type": "string" },
19
+ "_asn_number_ui$": { "type": "integer", "minimum": 0 },
20
+ "_asn_s$": { "type": "string" },
21
+ "_md5_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{32}$" },
22
+ "_sha1_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{40}$" },
23
+ "_sha256_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
24
+ "_sha512_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{128}$" },
25
+ "_t$": { "type": "integer", "minimum": 0 },
26
+ "_s$": { "type": "string" },
27
+ "_i$": { "type": "integer" },
28
+ "_ui$": { "type": "integer" },
29
+ "_ll$": { "type": "integer" },
30
+ "_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]+$" },
31
+ "_f$": { "type": "number" },
32
+ "_c_array$": { "type": "array", "minItems": 1, "items": { "type": "object" } },
33
+ "_c_map$": { "type": "object" },
34
+ "_s_array$": { "type": "array", "minItems": 1, "items": { "type": "string"} }
35
+ },
36
+ "additionalProperties": false
37
+ },
38
+
39
+ "observable": {
40
+ "allOf": [{
41
+ "type": "object",
42
+ "properties": {
43
+ "observable_id_s": {
44
+ "description": "The name of the observable",
45
+ "type": "string"
46
+ },
47
+ "criticality_i": {
48
+ "description": "The threat observable’s relative criticality between 1 and 100",
49
+ "type": "integer",
50
+ "minimum": 1,
51
+ "maximum": 100
52
+ },
53
+ "score_i": {
54
+ "description": "Optional overridden threat score between 1 and 100.",
55
+ "type": "integer",
56
+ "minimum": 1,
57
+ "maximum": 100
58
+ },
59
+ "score_24hr_decay_i": {
60
+ "description": "Optional parameter that defines the percentage of the score decays over time if no new observation. A valid decay is between 0 and 100. A value of 0 switches off decay due to time.",
61
+ "type": "integer",
62
+ "minimum": 0,
63
+ "maximum": 100
64
+ },
65
+ "score_calc_setting_s":{
66
+ "description": "Optional parameter that defines whether the score was calculated based on a manual or automatic calculation. Default: auto",
67
+ "type": "string",
68
+ "pattern": "^(auto|manual)$"
69
+ },
70
+ "description_s": {
71
+ "description": "A user displayable description of the observable",
72
+ "type": "string"
73
+ },
74
+ "classification_c_array": {
75
+ "description": "An array of classification of this threat observable.",
76
+ "type": "array",
77
+ "minItems": 1,
78
+ "items": {
79
+ "allOf": [{
80
+ "type": "object",
81
+ "properties": {
82
+ "classification_id_s": {
83
+ "description": "The name of the classification",
84
+ "type": "string"
85
+ },
86
+ "classification_family_s": {
87
+ "description": "The descriptive family name for this classification",
88
+ "type": "string"
89
+ },
90
+ "score_i": {
91
+ "description": "The criticality/score of the classification between 1 and 100 where a higher number is a higher risk classification",
92
+ "type": "integer",
93
+ "minimum": 1,
94
+ "maximum": 100
95
+ }
96
+ },
97
+ "additionalProperties": false,
98
+ "required": ["classification_id_s"]
99
+ },
100
+ {
101
+ "$ref": "#/definitions/suffixed_schema"
102
+ }]
103
+ }
104
+ },
105
+ "attribute_c_map": {
106
+ "description": "An map of attributes associated with the observable that are common across all subjects",
107
+ "$ref": "#/definitions/suffixed_schema"
108
+ },
109
+ "summary_s": {
110
+ "description": "A user displayable summary of the observable description",
111
+ "type": "string"
112
+ },
113
+ "notes_s": {
114
+ "description": "A user defined set of notes that provide background to the description",
115
+ "type": "string"
116
+ },
117
+ "reference_s_array": {
118
+ "description": "An array of string URL references to background information on the observable",
119
+ "type": "array",
120
+ "minItems": 1,
121
+ "items": {
122
+ "type": "string",
123
+ "format": "uri"
124
+ }
125
+ }
126
+ },
127
+ "required": ["observable_id_s", "description_s", "classification_c_array"]
128
+ },
129
+ {
130
+ "$ref": "#/definitions/suffixed_schema"
131
+ }]
132
+ },
133
+
134
+ "network": {
135
+ "type": "object",
136
+ "properties": {
137
+ "asn_i": {
138
+ "description": "The ID number of the ASN",
139
+ "type": "integer"
140
+ },
141
+ "as_owner_s": {
142
+ "description": "The owner of the ASN",
143
+ "type": "string"
144
+ },
145
+ "asn_routers_ip_array": {
146
+ "description": "The array of routers that make up this ASN",
147
+ "type": "array",
148
+ "minItems": 1,
149
+ "items": {
150
+ "type": "string",
151
+ "pattern": ".*"
152
+ }
153
+ },
154
+ "asn_router_conns_ip_array": {
155
+ "description": "The array of router interconnections in this ASN",
156
+ "type": "array",
157
+ "minItems": 1,
158
+ "items": {
159
+ "type": "string",
160
+ "pattern": ".*"
161
+ }
162
+ },
163
+ "asn_cidr_announcements_c_array": {
164
+ "description": "The array of CIDR announcements in this ASN",
165
+ "type": "array",
166
+ "minItems": 1,
167
+ "items": {
168
+ "$ref": "#/definitions/suffixed_schema"
169
+ }
170
+ },
171
+ "asn_downstream_i_array": {
172
+ "description": "The array of downstream ASNs from this ASN",
173
+ "type": "array",
174
+ "minItems": 1,
175
+ "items": {
176
+ "type": "integer"
177
+ }
178
+ },
179
+ "asn_upstream_i_array": {
180
+ "description": "The array of upstream ASNs from this ASN",
181
+ "type": "array",
182
+ "minItems": 1,
183
+ "items": {
184
+ "type": "integer"
185
+ }
186
+ },
187
+ "asn_community_c_array": {
188
+ "description": "The array of communities within this ASN",
189
+ "type": "array",
190
+ "minItems": 1,
191
+ "items": {
192
+ "$ref": "#/definitions/suffixed_schema"
193
+ }
194
+ }
195
+ }
196
+ },
197
+
198
+ "collection": {
199
+ "type": "object",
200
+ "properties": {
201
+ "name_id_s": {
202
+ "description": "The name of the collection",
203
+ "type": "string"
204
+ },
205
+ "last_updated_t": {
206
+ "description": "The UTC Epoch time of the last update to this collection",
207
+ "type": "integer",
208
+ "minimum": 0
209
+ },
210
+ "author_s": {
211
+ "description": "A name associated with the last team, group, company or person making the change",
212
+ "type": "string"
213
+ },
214
+ "workspace_s": {
215
+ "description": "A collaboration space this collection is associated with",
216
+ "type": "string"
217
+ },
218
+ "fqdn_ref_c_array": {
219
+ "description": "An array of FQDN elements referenced by this collection",
220
+ "type": "array",
221
+ "minItems": 1,
222
+ "items": {
223
+ "$ref": "#/definitions/suffixed_schema"
224
+ }
225
+ },
226
+ "ip_ref_c_array": {
227
+ "description": "An array of IP (v4 and v6) elements referenced by this collection",
228
+ "type": "array",
229
+ "minItems": 1,
230
+ "items": {
231
+ "$ref": "#/definitions/suffixed_schema"
232
+ }
233
+ },
234
+ "asn_ref_c_array": {
235
+ "description": "An array of ASN elements referenced by this collection",
236
+ "type": "array",
237
+ "minItems": 1,
238
+ "items": {
239
+ "$ref": "#/definitions/suffixed_schema"
240
+ }
241
+ },
242
+ "cidr_ref_c_array": {
243
+ "description": "An array of CIDR elements referenced by this collection",
244
+ "type": "array",
245
+ "minItems": 1,
246
+ "items": {
247
+ "$ref": "#/definitions/suffixed_schema"
248
+ }
249
+ },
250
+ "observable_ref_c_array": {
251
+ "description": "An array of observables referenced by this collection",
252
+ "type": "array",
253
+ "minItems": 1,
254
+ "items": {
255
+ "$ref": "#/definitions/suffixed_schema"
256
+ }
257
+ },
258
+ "collection_c_array": {
259
+ "description": "An array of children collections contained within this collection",
260
+ "type": "array",
261
+ "minItems": 1,
262
+ "items": {
263
+ "$ref": "#/definitions/collection"
264
+ }
265
+ }
266
+ },
267
+ "required": ["name_id_s"]
268
+ },
269
+
270
+ "element_observable": {
271
+ "allOf": [{
272
+ "type": "object",
273
+ "properties": {
274
+ "score_i": {
275
+ "description": "The element’s overridden score if not derived from scoring of the observables",
276
+ "type": "integer",
277
+ "minimum": 1,
278
+ "maximum": 100
279
+ },
280
+ "score_24hr_decay_i": {
281
+ "description": "The element’s overridden score decay if not derived from the observable’s decay parameter. 0 indicates this particular element’s score will not change due to time decay alone.",
282
+ "type": "integer",
283
+ "minimum": 0,
284
+ "maximum": 100
285
+ },
286
+ "threat_observable_c_map": {
287
+ "description": "A map of Threat Observables that are associated with the subject. The threat observable must already be defined in the observable dictionary to be referenced by this map.",
288
+ "type": "object",
289
+ "patternProperties": {
290
+ ".+": {
291
+ "allOf": [{
292
+ "type": "object",
293
+ "properties": {
294
+ "occurred_at_t": {
295
+ "description": "The Epoch UTC timestamp when this particular threat observable was first observed associated with the subject",
296
+ "type": "integer",
297
+ "minimum": 0
298
+ },
299
+ "last_seen_t": {
300
+ "description": "The Epoch UTC timestamp of the last update when this threat observable was observed associated with the subject",
301
+ "type": "integer",
302
+ "minimum": 0
303
+ },
304
+ "country_code_s": {
305
+ "description": "The 2 or 3 digit country code associated with the threat observable",
306
+ "type": "string",
307
+ "minLength": 2,
308
+ "maxLength": 3
309
+ },
310
+ "destination_fqdn_s": {
311
+ "description": "The domain that a particular botnet or peer to peer communication threat was destined to",
312
+ "type": "string"
313
+ },
314
+ "description_s": {
315
+ "description": "The description of the observable or element or collection",
316
+ "type": "string"
317
+ },
318
+ "url_s": {
319
+ "description": "The description of the observable or element or collection",
320
+ "type": "string",
321
+ "format": "uri"
322
+ },
323
+ "score_i": {
324
+ "description": "The criticality/score of the classification between 1 and 100 where a higher number is a higher risk observable",
325
+ "type": "integer",
326
+ "minimum": 1,
327
+ "maximum": 100
328
+ },
329
+ "classification_s": {
330
+ "description": "The name of the classification",
331
+ "type": "string"
332
+ },
333
+ "filesize_i": {
334
+ "description": "The size of a file used to convey some behavior",
335
+ "type": "integer",
336
+ "minimum": 0
337
+ },
338
+ "magic_s": {
339
+ "description": "The description of the file",
340
+ "type": "string"
341
+ },
342
+ "mime_type_s": {
343
+ "description": "The mime type of the file",
344
+ "type": "string"
345
+ },
346
+ "hash_md5_h": {
347
+ "description": "The MD5 hash of a file",
348
+ "type": "string"
349
+ },
350
+ "hash_sha1_h": {
351
+ "description": "The SHA1 hash of a file",
352
+ "type": "string"
353
+ },
354
+ "hash_sha256_h": {
355
+ "description": "The SHA256 hash of a file",
356
+ "type": "string"
357
+ },
358
+ "hash _sha512_h": {
359
+ "description": "The SHA512 hash of a file",
360
+ "type": "string"
361
+ },
362
+ "dns_request_c_array": {
363
+ "description": "The list of DNS requests made",
364
+ "type": "array",
365
+ "items": { "$ref": "#/definitions/suffixed_schema" }
366
+ },
367
+ "dns_response_c_array": {
368
+ "description": "The list of DNS responses where each response is { Dns-record-type : Dns-value}",
369
+ "type": "array",
370
+ "items": { "$ref": "#/definitions/suffixed_schema" }
371
+ },
372
+ "host_c_array": {
373
+ "description": "The list of hosts in the PCAP",
374
+ "type": "array",
375
+ "items": { "$ref": "#/definitions/suffixed_schema" }
376
+ },
377
+ "http_c_array": {
378
+ "description": "The list of HTTP key/value pairs in the PCAP",
379
+ "type": "array",
380
+ "items": { "$ref": "#/definitions/suffixed_schema" }
381
+ },
382
+ "smtp_c_array": {
383
+ "description": "The list of SMTP key/value pairs in the PCAP",
384
+ "type": "array",
385
+ "items": { "$ref": "#/definitions/suffixed_schema" }
386
+ },
387
+ "tcp_c_array": {
388
+ "description": "The list of TCP key/value pairs in the PCAP",
389
+ "type": "array",
390
+ "items": { "$ref": "#/definitions/suffixed_schema" }
391
+ },
392
+ "fqdn_c_array": {
393
+ "description": "The list of SMTP key/value pairs in the PCAP",
394
+ "type": "array",
395
+ "items": { "$ref": "#/definitions/suffixed_schema" }
396
+ },
397
+ "ssl_c_array": {
398
+ "description": "The list of SSL key/value pairs in the PCAP",
399
+ "type": "array",
400
+ "items": { "$ref": "#/definitions/suffixed_schema" }
401
+ },
402
+ "geoloc_lat_f": {
403
+ "description": "The latitude of the observable if known",
404
+ "type": "number"
405
+ },
406
+ "geoloc_long_f": {
407
+ "description": "The longitude of the observable if known",
408
+ "type": "number"
409
+ },
410
+ "dest_port_i": {
411
+ "description": "A destination protocol port",
412
+ "type": "integer"
413
+ },
414
+ "dest_ipv4_s": {
415
+ "description": "A destination IP v4 address as a string",
416
+ "type": "string"
417
+ },
418
+ "dest_ipv4_i": {
419
+ "description": "A destination IP v4 address as an integer",
420
+ "type": "integer"
421
+ },
422
+ "src_port_i": {
423
+ "description": "A source protocol port",
424
+ "type": "integer"
425
+ },
426
+ "src_ipv4_s": {
427
+ "description": "A source IP v4 address as a string",
428
+ "type": "string"
429
+ },
430
+ "src_ipv4_i": {
431
+ "description": "A source IP v4 address as an integer",
432
+ "type": "integer"
433
+ },
434
+ "size_i": {
435
+ "description": "A size in bytes of a communication or entity",
436
+ "type": "integer"
437
+ },
438
+ "tlp_i": {
439
+ "description": "The Traffic Light Protocol value. 0 – White, 1 – Green, 2 – Amber, 3 – Red",
440
+ "type": "integer"
441
+ },
442
+ "name_id_s": {
443
+ "description": "The name of the country provided as part of a country code file",
444
+ "type": "string"
445
+ },
446
+ "country_code_i": {
447
+ "description": "The country identifier as part of the country code file",
448
+ "type": "integer",
449
+ "minimum": 0
450
+ },
451
+ "iso_3_s": {
452
+ "description": "The ISO 3 letter code for the country",
453
+ "type": "string",
454
+ "minLength": 3,
455
+ "maxLength": 3
456
+ },
457
+ "iso_2_s": {
458
+ "description": "The ISO 2 letter code for the country",
459
+ "type": "string",
460
+ "minLength": 2,
461
+ "maxLength": 2
462
+ },
463
+ "region_code_i": {
464
+ "description": "The regional code for the country code file",
465
+ "type": "integer"
466
+ },
467
+ "continent_code_i": {
468
+ "description": "The continent code for the country code file",
469
+ "type": "integer"
470
+ },
471
+ "continent_code_s": {
472
+ "description": "The continent name for the country code file",
473
+ "type": "string"
474
+ },
475
+ "naics_code_i": {
476
+ "description": "The NAICS code",
477
+ "type": "integer"
478
+ },
479
+ "naics_code_s": {
480
+ "description": "The NAICS code as a string",
481
+ "type": "string"
482
+ }
483
+ },
484
+ "required": ["occurred_at_t"]
485
+ },
486
+ { "$ref": "#/definitions/suffixed_schema" }
487
+ ]
488
+ }
489
+ }
490
+ }
491
+ },
492
+ "required": ["threat_observable_c_map"]
493
+ },
494
+ { "$ref": "#/definitions/suffixed_schema" },
495
+ {
496
+ "oneOf": [
497
+ { "required": ["subject_ipv4_i"] },
498
+ { "required": ["subject_ipv4_ui"] },
499
+ { "required": ["subject_ipv4_s"] },
500
+ { "required": ["subject_ipv6_ui"] },
501
+ { "required": ["subject_ipv6_s"] },
502
+ { "required": ["subject_fqdn_s"] },
503
+ { "required": ["subject_cidrv4_s"] },
504
+ { "required": ["subject_cidrv6_s"] },
505
+ { "required": ["subject_asn_s"] },
506
+ { "required": ["subject_asn_ui"] },
507
+ { "required": ["subject_md5_h"] },
508
+ { "required": ["subject_sha1_h"] },
509
+ { "required": ["subject_sha256_h"] },
510
+ { "required": ["subject_sha512_h"] },
511
+ { "required": ["subject_registrykey_s"] },
512
+ { "required": ["subject_filename_s"] },
513
+ { "required": ["subject_filepath_s"] },
514
+ { "required": ["subject_mutex_s"] },
515
+ { "required": ["subject_actor_s"] },
516
+ { "required": ["subject_email_s"] }
517
+ ]
518
+ }
519
+ ]
520
+ }
521
+ },
522
+
523
+ "type": "object",
524
+ "properties": {
525
+ "schema_version_s": {
526
+ "description": "The provider’s version of their schema",
527
+ "type": "string"
528
+ },
529
+ "provider_s": {
530
+ "description": "The provider’s company name",
531
+ "type": "string"
532
+ },
533
+ "source_observable_s": {
534
+ "description": "The prefix associated with this threat list",
535
+ "type": "string"
536
+ },
537
+ "source_description_s": {
538
+ "description": "A description of the source feed that provides background to the type of data, the types of information available to the user",
539
+ "type": "string"
540
+ },
541
+ "source_file_s": {
542
+ "description": "The file containing the original feed information",
543
+ "type": "string",
544
+ "format": "uri"
545
+ },
546
+ "score_i": {
547
+ "description": "The score of the source feed accuracy. As assessment of the source feed’s accuracy between 1 and 100 where 100 is completely accurate",
548
+ "type": "integer",
549
+ "minimum": 1,
550
+ "maximum": 100
551
+ },
552
+ "last_updated_t": {
553
+ "description": "The Epoch UTC timestamp this file was last changed by the provider",
554
+ "type": "integer",
555
+ "minimum": 0
556
+ },
557
+ "distribution_time_t": {
558
+ "description": "The Epoch UTC timestamp this file was distributed by the provider",
559
+ "type": "integer",
560
+ "minimum": 0
561
+ },
562
+ "list_name_s": {
563
+ "description": "The threat feed list name",
564
+ "type": "string"
565
+ },
566
+ "observable_dictionary_c_array": {
567
+ "description": "An array of observable definitions",
568
+ "type": "array",
569
+ "minItems": 0,
570
+ "items": {
571
+ "$ref": "#/definitions/observable"
572
+ }
573
+ },
574
+ "element_observable_c_array": {
575
+ "description": "An array of Element Threat Observables",
576
+ "type": "array",
577
+ "minItems": 1,
578
+ "items": {
579
+ "$ref": "#/definitions/element_observable"
580
+ }
581
+ },
582
+ "collection_c_array": {
583
+ "description": "An array of Collections",
584
+ "type": "array",
585
+ "minItems": 1,
586
+ "items": {
587
+ "$ref": "#/definitions/collection"
588
+ }
589
+ },
590
+ "asn_c_array": {
591
+ "description": "An array of ASN network information",
592
+ "type": "array",
593
+ "minItems": 1,
594
+ "items": {
595
+ "$ref": "#/definitions/network"
596
+ }
597
+ },
598
+ "dictionary_file_manifest": {
599
+ "description": "An array of filenames (fully qualified path) where the dictionary files are",
600
+ "type": "array",
601
+ "minItems": 1,
602
+ "items": {
603
+ "type": "string"
604
+ }
605
+ },
606
+ "observable_element_file_manifest": {
607
+ "description": "An array of filenames (fully qualified path) where the element observable files are",
608
+ "type": "array",
609
+ "minItems": 1,
610
+ "items": {
611
+ "type": "string"
612
+ }
613
+ },
614
+ "collection_file_manifest": {
615
+ "description": "An array of filenames (fully qualified path) where the collection files are",
616
+ "type": "array",
617
+ "minItems": 1,
618
+ "items": {
619
+ "type": "string"
620
+ }
621
+ },
622
+ "network_file_manifest": {
623
+ "description": "An array of filenames (fully qualified path) where the network files are",
624
+ "type": "array",
625
+ "minItems": 1,
626
+ "items": {
627
+ "type": "string"
628
+ }
629
+ }
630
+ },
631
+ "required": ["schema_version_s", "provider_s", "source_observable_s", "last_updated_t", "list_name_s"]
632
+ }