opentpx 2.2.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE.txt +15 -0
  3. data/README.md +44 -0
  4. data/bin/opentpx_tools +15 -0
  5. data/lib/tpx.rb +7 -0
  6. data/lib/tpx/2_2/attribute_accessors.rb +34 -0
  7. data/lib/tpx/2_2/classification_element.rb +11 -0
  8. data/lib/tpx/2_2/classification_element_list.rb +11 -0
  9. data/lib/tpx/2_2/collection.rb +21 -0
  10. data/lib/tpx/2_2/collection_element.rb +13 -0
  11. data/lib/tpx/2_2/data_model.rb +32 -0
  12. data/lib/tpx/2_2/element_observable.rb +41 -0
  13. data/lib/tpx/2_2/element_observable_list.rb +17 -0
  14. data/lib/tpx/2_2/exceptions.rb +13 -0
  15. data/lib/tpx/2_2/exchange.rb +220 -0
  16. data/lib/tpx/2_2/heterogeneous_list.rb +136 -0
  17. data/lib/tpx/2_2/homogeneous_list.rb +82 -0
  18. data/lib/tpx/2_2/mandatory_attributes.rb +69 -0
  19. data/lib/tpx/2_2/merging_heterogeneous_list.rb +36 -0
  20. data/lib/tpx/2_2/merging_homogeneous_list.rb +37 -0
  21. data/lib/tpx/2_2/network.rb +23 -0
  22. data/lib/tpx/2_2/network_list.rb +11 -0
  23. data/lib/tpx/2_2/observable.rb +13 -0
  24. data/lib/tpx/2_2/observable_attribute_map.rb +12 -0
  25. data/lib/tpx/2_2/observable_definition.rb +15 -0
  26. data/lib/tpx/2_2/observable_dictionary.rb +12 -0
  27. data/lib/tpx/2_2/schema/tpx.2.2.schema.json +632 -0
  28. data/lib/tpx/2_2/threat_observable.rb +14 -0
  29. data/lib/tpx/2_2/validator.rb +279 -0
  30. data/lib/tpx/tools.rb +81 -0
  31. data/lib/tpx/version.rb +3 -0
  32. data/lib/tpx_2_2.rb +14 -0
  33. metadata +218 -0
data/lib/tpx/2_2/observable_dictionary.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'tpx/2_2/homogeneous_list'
2
+ require 'tpx/2_2/observable_definition'
3
+
4
+ module TPX_2_2
5
+
6
+ # A dictionary of observable objects.
7
+ class ObservableDictionary < HomogeneousList
8
+ homogeneous_list_of ObservableDefinition
9
+ children_keyed_by :observable_id_s
10
+ end
11
+
12
+ end
data/lib/tpx/2_2/schema/tpx.2.2.schema.json ADDED
@@ -0,0 +1,632 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "OpenTPX",
4
+ "description": "An Open Threat Partner eXchange (OpenTPX) file",
5
+
6
+ "definitions": {
7
+
8
+ "suffixed_schema": {
9
+ "type": "object",
10
+ "patternProperties": {
11
+ "_ipv4_i$": { "type": "integer", "minimum": 0, "maximum": 4294967295 },
12
+ "_ipv4_ui$": { "type": "integer", "minimum": 0, "maximum": 4294967295 },
13
+ "_ipv4_s$": { "type": "string", "format": "ipv4" },
14
+ "_cidrv4_s$": { "type": "string" },
15
+ "_ipv6_ll$": { "type": "integer", "minimum": 0 },
16
+ "_ipv6_s$": { "type": "string", "format": "ipv6" },
17
+ "_cidrv6_s$": { "type": "string" },
18
+ "_fqdn_s$": { "type": "string" },
19
+ "_asn_number_ui$": { "type": "integer", "minimum": 0 },
20
+ "_asn_s$": { "type": "string" },
21
+ "_md5_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{32}$" },
22
+ "_sha1_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{40}$" },
23
+ "_sha256_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
24
+ "_sha512_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]{128}$" },
25
+ "_t$": { "type": "integer", "minimum": 0 },
26
+ "_s$": { "type": "string" },
27
+ "_i$": { "type": "integer" },
28
+ "_ui$": { "type": "integer" },
29
+ "_ll$": { "type": "integer" },
30
+ "_h$": { "type": "string", "pattern": "^[A-Fa-f0-9]+$" },
31
+ "_f$": { "type": "number" },
32
+ "_c_array$": { "type": "array", "minItems": 1, "items": { "type": "object" } },
33
+ "_c_map$": { "type": "object" },
34
+ "_s_array$": { "type": "array", "minItems": 1, "items": { "type": "string"} }
35
+ },
36
+ "additionalProperties": false
37
+ },
38
+
39
+ "observable": {
40
+ "allOf": [{
41
+ "type": "object",
42
+ "properties": {
43
+ "observable_id_s": {
44
+ "description": "The name of the observable",
45
+ "type": "string"
46
+ },
47
+ "criticality_i": {
48
+ "description": "The threat observable’s relative criticality between 1 and 100",
49
+ "type": "integer",
50
+ "minimum": 1,
51
+ "maximum": 100
52
+ },
53
+ "score_i": {
54
+ "description": "Optional overridden threat score between 1 and 100.",
55
+ "type": "integer",
56
+ "minimum": 1,
57
+ "maximum": 100
58
+ },
59
+ "score_24hr_decay_i": {
60
+ "description": "Optional parameter that defines the percentage of the score decays over time if no new observation. A valid decay is between 0 and 100. A value of 0 switches off decay due to time.",
61
+ "type": "integer",
62
+ "minimum": 0,
63
+ "maximum": 100
64
+ },
65
+ "score_calc_setting_s":{
66
+ "description": "Optional parameter that defines whether the score was calculated based on a manual or automatic calculation. Default: auto",
67
+ "type": "string",
68
+ "pattern": "^(auto|manual)$"
69
+ },
70
+ "description_s": {
71
+ "description": "A user displayable description of the observable",
72
+ "type": "string"
73
+ },
74
+ "classification_c_array": {
75
+ "description": "An array of classification of this threat observable.",
76
+ "type": "array",
77
+ "minItems": 1,
78
+ "items": {
79
+ "allOf": [{
80
+ "type": "object",
81
+ "properties": {
82
+ "classification_id_s": {
83
+ "description": "The name of the classification",
84
+ "type": "string"
85
+ },
86
+ "classification_family_s": {
87
+ "description": "The descriptive family name for this classification",
88
+ "type": "string"
89
+ },
90
+ "score_i": {
91
+ "description": "The criticality/score of the classification between 1 and 100 where a higher number is a higher risk classification",
92
+ "type": "integer",
93
+ "minimum": 1,
94
+ "maximum": 100
95
+ }
96
+ },
97
+ "additionalProperties": false,
98
+ "required": ["classification_id_s"]
99
+ },
100
+ {
101
+ "$ref": "#/definitions/suffixed_schema"
102
+ }]
103
+ }
104
+ },
105
+ "attribute_c_map": {
106
+ "description": "An map of attributes associated with the observable that are common across all subjects",
107
+ "$ref": "#/definitions/suffixed_schema"
108
+ },
109
+ "summary_s": {
110
+ "description": "A user displayable summary of the observable description",
111
+ "type": "string"
112
+ },
113
+ "notes_s": {
114
+ "description": "A user defined set of notes that provide background to the description",
115
+ "type": "string"
116
+ },
117
+ "reference_s_array": {
118
+ "description": "An array of string URL references to background information on the observable",
119
+ "type": "array",
120
+ "minItems": 1,
121
+ "items": {
122
+ "type": "string",
123
+ "format": "uri"
124
+ }
125
+ }
126
+ },
127
+ "required": ["observable_id_s", "description_s", "classification_c_array"]
128
+ },
129
+ {
130
+ "$ref": "#/definitions/suffixed_schema"
131
+ }]
132
+ },
133
+
134
+ "network": {
135
+ "type": "object",
136
+ "properties": {
137
+ "asn_i": {
138
+ "description": "The ID number of the ASN",
139
+ "type": "integer"
140
+ },
141
+ "as_owner_s": {
142
+ "description": "The owner of the ASN",
143
+ "type": "string"
144
+ },
145
+ "asn_routers_ip_array": {
146
+ "description": "The array of routers that make up this ASN",
147
+ "type": "array",
148
+ "minItems": 1,
149
+ "items": {
150
+ "type": "string",
151
+ "pattern": ".*"
152
+ }
153
+ },
154
+ "asn_router_conns_ip_array": {
155
+ "description": "The array of router interconnections in this ASN",
156
+ "type": "array",
157
+ "minItems": 1,
158
+ "items": {
159
+ "type": "string",
160
+ "pattern": ".*"
161
+ }
162
+ },
163
+ "asn_cidr_announcements_c_array": {
164
+ "description": "The array of CIDR announcements in this ASN",
165
+ "type": "array",
166
+ "minItems": 1,
167
+ "items": {
168
+ "$ref": "#/definitions/suffixed_schema"
169
+ }
170
+ },
171
+ "asn_downstream_i_array": {
172
+ "description": "The array of downstream ASNs from this ASN",
173
+ "type": "array",
174
+ "minItems": 1,
175
+ "items": {
176
+ "type": "integer"
177
+ }
178
+ },
179
+ "asn_upstream_i_array": {
180
+ "description": "The array of upstream ASNs from this ASN",
181
+ "type": "array",
182
+ "minItems": 1,
183
+ "items": {
184
+ "type": "integer"
185
+ }
186
+ },
187
+ "asn_community_c_array": {
188
+ "description": "The array of communities within this ASN",
189
+ "type": "array",
190
+ "minItems": 1,
191
+ "items": {
192
+ "$ref": "#/definitions/suffixed_schema"
193
+ }
194
+ }
195
+ }
196
+ },
197
+
198
+ "collection": {
199
+ "type": "object",
200
+ "properties": {
201
+ "name_id_s": {
202
+ "description": "The name of the collection",
203
+ "type": "string"
204
+ },
205
+ "last_updated_t": {
206
+ "description": "The UTC Epoch time of the last update to this collection",
207
+ "type": "integer",
208
+ "minimum": 0
209
+ },
210
+ "author_s": {
211
+ "description": "A name associated with the last team, group, company or person making the change",
212
+ "type": "string"
213
+ },
214
+ "workspace_s": {
215
+ "description": "A collaboration space this collection is associated with",
216
+ "type": "string"
217
+ },
218
+ "fqdn_ref_c_array": {
219
+ "description": "An array of FQDN elements referenced by this collection",
220
+ "type": "array",
221
+ "minItems": 1,
222
+ "items": {
223
+ "$ref": "#/definitions/suffixed_schema"
224
+ }
225
+ },
226
+ "ip_ref_c_array": {
227
+ "description": "An array of IP (v4 and v6) elements referenced by this collection",
228
+ "type": "array",
229
+ "minItems": 1,
230
+ "items": {
231
+ "$ref": "#/definitions/suffixed_schema"
232
+ }
233
+ },
234
+ "asn_ref_c_array": {
235
+ "description": "An array of ASN elements referenced by this collection",
236
+ "type": "array",
237
+ "minItems": 1,
238
+ "items": {
239
+ "$ref": "#/definitions/suffixed_schema"
240
+ }
241
+ },
242
+ "cidr_ref_c_array": {
243
+ "description": "An array of CIDR elements referenced by this collection",
244
+ "type": "array",
245
+ "minItems": 1,
246
+ "items": {
247
+ "$ref": "#/definitions/suffixed_schema"
248
+ }
249
+ },
250
+ "observable_ref_c_array": {
251
+ "description": "An array of observables referenced by this collection",
252
+ "type": "array",
253
+ "minItems": 1,
254
+ "items": {
255
+ "$ref": "#/definitions/suffixed_schema"
256
+ }
257
+ },
258
+ "collection_c_array": {
259
+ "description": "An array of children collections contained within this collection",
260
+ "type": "array",
261
+ "minItems": 1,
262
+ "items": {
263
+ "$ref": "#/definitions/collection"
264
+ }
265
+ }
266
+ },
267
+ "required": ["name_id_s"]
268
+ },
269
+
270
+ "element_observable": {
271
+ "allOf": [{
272
+ "type": "object",
273
+ "properties": {
274
+ "score_i": {
275
+ "description": "The element’s overridden score if not derived from scoring of the observables",
276
+ "type": "integer",
277
+ "minimum": 1,
278
+ "maximum": 100
279
+ },
280
+ "score_24hr_decay_i": {
281
+ "description": "The element’s overridden score decay if not derived from the observable’s decay parameter. 0 indicates this particular element’s score will not change due to time decay alone.",
282
+ "type": "integer",
283
+ "minimum": 0,
284
+ "maximum": 100
285
+ },
286
+ "threat_observable_c_map": {
287
+ "description": "A map of Threat Observables that are associated with the subject. The threat observable must already be defined in the observable dictionary to be referenced by this map.",
288
+ "type": "object",
289
+ "patternProperties": {
290
+ ".+": {
291
+ "allOf": [{
292
+ "type": "object",
293
+ "properties": {
294
+ "occurred_at_t": {
295
+ "description": "The Epoch UTC timestamp when this particular threat observable was first observed associated with the subject",
296
+ "type": "integer",
297
+ "minimum": 0
298
+ },
299
+ "last_seen_t": {
300
+ "description": "The Epoch UTC timestamp of the last update when this threat observable was observed associated with the subject",
301
+ "type": "integer",
302
+ "minimum": 0
303
+ },
304
+ "country_code_s": {
305
+ "description": "The 2 or 3 digit country code associated with the threat observable",
306
+ "type": "string",
307
+ "minLength": 2,
308
+ "maxLength": 3
309
+ },
310
+ "destination_fqdn_s": {
311
+ "description": "The domain that a particular botnet or peer to peer communication threat was destined to",
312
+ "type": "string"
313
+ },
314
+ "description_s": {
315
+ "description": "The description of the observable or element or collection",
316
+ "type": "string"
317
+ },
318
+ "url_s": {
319
+ "description": "The description of the observable or element or collection",
320
+ "type": "string",
321
+ "format": "uri"
322
+ },
323
+ "score_i": {
324
+ "description": "The criticality/score of the classification between 1 and 100 where a higher number is a higher risk observable",
325
+ "type": "integer",
326
+ "minimum": 1,
327
+ "maximum": 100
328
+ },
329
+ "classification_s": {
330
+ "description": "The name of the classification",
331
+ "type": "string"
332
+ },
333
+ "filesize_i": {
334
+ "description": "The size of a file used to convey some behavior",
335
+ "type": "integer",
336
+ "minimum": 0
337
+ },
338
+ "magic_s": {
339
+ "description": "The description of the file",
340
+ "type": "string"
341
+ },
342
+ "mime_type_s": {
343
+ "description": "The mime type of the file",
344
+ "type": "string"
345
+ },
346
+ "hash_md5_h": {
347
+ "description": "The MD5 hash of a file",
348
+ "type": "string"
349
+ },
350
+ "hash_sha1_h": {
351
+ "description": "The SHA1 hash of a file",
352
+ "type": "string"
353
+ },
354
+ "hash_sha256_h": {
355
+ "description": "The SHA256 hash of a file",
356
+ "type": "string"
357
+ },
358
+ "hash _sha512_h": {
359
+ "description": "The SHA512 hash of a file",
360
+ "type": "string"
361
+ },
362
+ "dns_request_c_array": {
363
+ "description": "The list of DNS requests made",
364
+ "type": "array",
365
+ "items": { "$ref": "#/definitions/suffixed_schema" }
366
+ },
367
+ "dns_response_c_array": {
368
+ "description": "The list of DNS responses where each response is { Dns-record-type : Dns-value}",
369
+ "type": "array",
370
+ "items": { "$ref": "#/definitions/suffixed_schema" }
371
+ },
372
+ "host_c_array": {
373
+ "description": "The list of hosts in the PCAP",
374
+ "type": "array",
375
+ "items": { "$ref": "#/definitions/suffixed_schema" }
376
+ },
377
+ "http_c_array": {
378
+ "description": "The list of HTTP key/value pairs in the PCAP",
379
+ "type": "array",
380
+ "items": { "$ref": "#/definitions/suffixed_schema" }
381
+ },
382
+ "smtp_c_array": {
383
+ "description": "The list of SMTP key/value pairs in the PCAP",
384
+ "type": "array",
385
+ "items": { "$ref": "#/definitions/suffixed_schema" }
386
+ },
387
+ "tcp_c_array": {
388
+ "description": "The list of TCP key/value pairs in the PCAP",
389
+ "type": "array",
390
+ "items": { "$ref": "#/definitions/suffixed_schema" }
391
+ },
392
+ "fqdn_c_array": {
393
+ "description": "The list of SMTP key/value pairs in the PCAP",
394
+ "type": "array",
395
+ "items": { "$ref": "#/definitions/suffixed_schema" }
396
+ },
397
+ "ssl_c_array": {
398
+ "description": "The list of SSL key/value pairs in the PCAP",
399
+ "type": "array",
400
+ "items": { "$ref": "#/definitions/suffixed_schema" }
401
+ },
402
+ "geoloc_lat_f": {
403
+ "description": "The latitude of the observable if known",
404
+ "type": "number"
405
+ },
406
+ "geoloc_long_f": {
407
+ "description": "The longitude of the observable if known",
408
+ "type": "number"
409
+ },
410
+ "dest_port_i": {
411
+ "description": "A destination protocol port",
412
+ "type": "integer"
413
+ },
414
+ "dest_ipv4_s": {
415
+ "description": "A destination IP v4 address as a string",
416
+ "type": "string"
417
+ },
418
+ "dest_ipv4_i": {
419
+ "description": "A destination IP v4 address as an integer",
420
+ "type": "integer"
421
+ },
422
+ "src_port_i": {
423
+ "description": "A source protocol port",
424
+ "type": "integer"
425
+ },
426
+ "src_ipv4_s": {
427
+ "description": "A source IP v4 address as a string",
428
+ "type": "string"
429
+ },
430
+ "src_ipv4_i": {
431
+ "description": "A source IP v4 address as an integer",
432
+ "type": "integer"
433
+ },
434
+ "size_i": {
435
+ "description": "A size in bytes of a communication or entity",
436
+ "type": "integer"
437
+ },
438
+ "tlp_i": {
439
+ "description": "The Traffic Light Protocol value. 0 – White, 1 – Green, 2 – Amber, 3 – Red",
440
+ "type": "integer"
441
+ },
442
+ "name_id_s": {
443
+ "description": "The name of the country provided as part of a country code file",
444
+ "type": "string"
445
+ },
446
+ "country_code_i": {
447
+ "description": "The country identifier as part of the country code file",
448
+ "type": "integer",
449
+ "minimum": 0
450
+ },
451
+ "iso_3_s": {
452
+ "description": "The ISO 3 letter code for the country",
453
+ "type": "string",
454
+ "minLength": 3,
455
+ "maxLength": 3
456
+ },
457
+ "iso_2_s": {
458
+ "description": "The ISO 2 letter code for the country",
459
+ "type": "string",
460
+ "minLength": 2,
461
+ "maxLength": 2
462
+ },
463
+ "region_code_i": {
464
+ "description": "The regional code for the country code file",
465
+ "type": "integer"
466
+ },
467
+ "continent_code_i": {
468
+ "description": "The continent code for the country code file",
469
+ "type": "integer"
470
+ },
471
+ "continent_code_s": {
472
+ "description": "The continent name for the country code file",
473
+ "type": "string"
474
+ },
475
+ "naics_code_i": {
476
+ "description": "The NAICS code",
477
+ "type": "integer"
478
+ },
479
+ "naics_code_s": {
480
+ "description": "The NAICS code as a string",
481
+ "type": "string"
482
+ }
483
+ },
484
+ "required": ["occurred_at_t"]
485
+ },
486
+ { "$ref": "#/definitions/suffixed_schema" }
487
+ ]
488
+ }
489
+ }
490
+ }
491
+ },
492
+ "required": ["threat_observable_c_map"]
493
+ },
494
+ { "$ref": "#/definitions/suffixed_schema" },
495
+ {
496
+ "oneOf": [
497
+ { "required": ["subject_ipv4_i"] },
498
+ { "required": ["subject_ipv4_ui"] },
499
+ { "required": ["subject_ipv4_s"] },
500
+ { "required": ["subject_ipv6_ui"] },
501
+ { "required": ["subject_ipv6_s"] },
502
+ { "required": ["subject_fqdn_s"] },
503
+ { "required": ["subject_cidrv4_s"] },
504
+ { "required": ["subject_cidrv6_s"] },
505
+ { "required": ["subject_asn_s"] },
506
+ { "required": ["subject_asn_ui"] },
507
+ { "required": ["subject_md5_h"] },
508
+ { "required": ["subject_sha1_h"] },
509
+ { "required": ["subject_sha256_h"] },
510
+ { "required": ["subject_sha512_h"] },
511
+ { "required": ["subject_registrykey_s"] },
512
+ { "required": ["subject_filename_s"] },
513
+ { "required": ["subject_filepath_s"] },
514
+ { "required": ["subject_mutex_s"] },
515
+ { "required": ["subject_actor_s"] },
516
+ { "required": ["subject_email_s"] }
517
+ ]
518
+ }
519
+ ]
520
+ }
521
+ },
522
+
523
+ "type": "object",
524
+ "properties": {
525
+ "schema_version_s": {
526
+ "description": "The provider’s version of their schema",
527
+ "type": "string"
528
+ },
529
+ "provider_s": {
530
+ "description": "The provider’s company name",
531
+ "type": "string"
532
+ },
533
+ "source_observable_s": {
534
+ "description": "The prefix associated with this threat list",
535
+ "type": "string"
536
+ },
537
+ "source_description_s": {
538
+ "description": "A description of the source feed that provides background to the type of data, the types of information available to the user",
539
+ "type": "string"
540
+ },
541
+ "source_file_s": {
542
+ "description": "The file containing the original feed information",
543
+ "type": "string",
544
+ "format": "uri"
545
+ },
546
+ "score_i": {
547
+ "description": "The score of the source feed accuracy. As assessment of the source feed’s accuracy between 1 and 100 where 100 is completely accurate",
548
+ "type": "integer",
549
+ "minimum": 1,
550
+ "maximum": 100
551
+ },
552
+ "last_updated_t": {
553
+ "description": "The Epoch UTC timestamp this file was last changed by the provider",
554
+ "type": "integer",
555
+ "minimum": 0
556
+ },
557
+ "distribution_time_t": {
558
+ "description": "The Epoch UTC timestamp this file was distributed by the provider",
559
+ "type": "integer",
560
+ "minimum": 0
561
+ },
562
+ "list_name_s": {
563
+ "description": "The threat feed list name",
564
+ "type": "string"
565
+ },
566
+ "observable_dictionary_c_array": {
567
+ "description": "An array of observable definitions",
568
+ "type": "array",
569
+ "minItems": 0,
570
+ "items": {
571
+ "$ref": "#/definitions/observable"
572
+ }
573
+ },
574
+ "element_observable_c_array": {
575
+ "description": "An array of Element Threat Observables",
576
+ "type": "array",
577
+ "minItems": 1,
578
+ "items": {
579
+ "$ref": "#/definitions/element_observable"
580
+ }
581
+ },
582
+ "collection_c_array": {
583
+ "description": "An array of Collections",
584
+ "type": "array",
585
+ "minItems": 1,
586
+ "items": {
587
+ "$ref": "#/definitions/collection"
588
+ }
589
+ },
590
+ "asn_c_array": {
591
+ "description": "An array of ASN network information",
592
+ "type": "array",
593
+ "minItems": 1,
594
+ "items": {
595
+ "$ref": "#/definitions/network"
596
+ }
597
+ },
598
+ "dictionary_file_manifest": {
599
+ "description": "An array of filenames (fully qualified path) where the dictionary files are",
600
+ "type": "array",
601
+ "minItems": 1,
602
+ "items": {
603
+ "type": "string"
604
+ }
605
+ },
606
+ "observable_element_file_manifest": {
607
+ "description": "An array of filenames (fully qualified path) where the element observable files are",
608
+ "type": "array",
609
+ "minItems": 1,
610
+ "items": {
611
+ "type": "string"
612
+ }
613
+ },
614
+ "collection_file_manifest": {
615
+ "description": "An array of filenames (fully qualified path) where the collection files are",
616
+ "type": "array",
617
+ "minItems": 1,
618
+ "items": {
619
+ "type": "string"
620
+ }
621
+ },
622
+ "network_file_manifest": {
623
+ "description": "An array of filenames (fully qualified path) where the network files are",
624
+ "type": "array",
625
+ "minItems": 1,
626
+ "items": {
627
+ "type": "string"
628
+ }
629
+ }
630
+ },
631
+ "required": ["schema_version_s", "provider_s", "source_observable_s", "last_updated_t", "list_name_s"]
632
+ }