Skip to content

Removed provides from definitions #612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
joachimmetz merged 1 commit into from
Feb 10, 2024
Merged

Removed provides from definitions #612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions artifacts/data/legacy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ doc: The %ProgramData% environment variable.
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}]}
provides: [environ_allusersappdata]
supported_os: [Windows]
urls: ['http://environmentvariables.org/ProgramData']
---
Expand All @@ -21,7 +20,6 @@ sources:
keys:
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory'
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\AllUsersProfile'
provides: [environ_allusersprofile]
supported_os: [Windows]
urls: ['http://support.microsoft.com/kb//214653']
---
Expand All @@ -40,7 +38,6 @@ sources:
- '/etc/oracle-release'
- '/etc/redhat-release'
- '/etc/system-release'
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
---
name: SystemDriveEnvironmentVariable
Expand All @@ -52,7 +49,6 @@ doc: |
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion', value: 'SystemRoot'}]}
provides: [environ_systemdrive]
supported_os: [Windows]
urls:
- 'http://environmentvariables.org/SystemDrive'
Expand All @@ -63,7 +59,6 @@ doc: The Windows domain the system is connected to.
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters', value: 'Domain'}]}
provides: [domain]
supported_os: [Windows]
---
name: WindowsEnvironmentVariableAllUsersAppData
Expand All @@ -73,6 +68,5 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}
provides: [environ_allusersappdata]
supported_os: [Windows]
urls: ['http://environmentvariables.org/ProgramData']
7 changes: 0 additions & 7 deletions artifacts/data/linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ doc: Debian version information.
sources:
- type: FILE
attributes: {paths: ['/etc/debian_version']}
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
---
name: DNSResolvConfFile
Expand Down Expand Up @@ -285,7 +284,6 @@ sources:
- '/etc/rocky-release'
- '/etc/SuSE-release'
- '/etc/system-release'
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
---
name: LinuxDSDTTable
Expand Down Expand Up @@ -410,7 +408,6 @@ doc: Linux Standard Base (LSB) release information
sources:
- type: FILE
attributes: {paths: ['/etc/lsb-release']}
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
urls: ['https://linux.die.net/man/1/lsb_release']
---
Expand Down Expand Up @@ -499,7 +496,6 @@ sources:
- LinuxDistributionRelease
- LinuxLSBRelease
- LinuxSystemdOSRelease
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
---
name: LinuxRsyslogConfigs
Expand Down Expand Up @@ -613,7 +609,6 @@ sources:
paths:
- '/etc/os-release'
- '/usr/lib/os-release'
provides: [os_release, os_major_version, os_minor_version]
supported_os: [Linux]
urls: ['https://www.freedesktop.org/software/systemd/man/os-release.html']
---
Expand Down Expand Up @@ -736,7 +731,6 @@ doc: Linux wtmp login record file
sources:
- type: FILE
attributes: {paths: ['/var/log/wtmp']}
provides: [users.username, users.last_logon]
supported_os: [Linux]
urls: ['https://github.com/libyal/dtformats/blob/main/documentation/Utmp%20login%20records%20format.asciidoc']
---
Expand Down Expand Up @@ -821,7 +815,6 @@ doc: Linux netgroup configuration.
sources:
- type: FILE
attributes: {paths: ['/etc/netgroup']}
provides: [users.username]
supported_os: [Linux]
---
name: NtpConfFile
Expand Down
1 change: 0 additions & 1 deletion artifacts/data/macos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -971,7 +971,6 @@ sources:
- '%%users.homedir%%/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm'
- '/private/var/db/com.apple.backgroundtaskmanagement/BackgroundItems-v*.btm'
- '/var/db/com.apple.backgroundtaskmanagement/BackgroundItems-v*.btm'

supported_os: [Darwin]
urls:
- 'https://forensics.wiki/mac_os_x_10.9_artifacts_location#autorun-locations-2'
Expand Down
3 changes: 1 addition & 2 deletions artifacts/data/user.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,5 @@ doc: Contents of the Users directory.
sources:
- type: PATH
attributes: {paths: ['/Users/*']}
supported_os: [Darwin]
provides: [users.username]
supported_os: [Darwin, Windows]
urls: ['https://forensics.wiki/mac_os_x_10.9_artifacts_location#users']
32 changes: 0 additions & 32 deletions artifacts/data/windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage', value: 'ACP'}
provides: [code_page]
supported_os: [Windows]
urls: ['https://winreg-kb.readthedocs.io/en/latest/sources/system-keys/Codepage.html']
---
Expand Down Expand Up @@ -767,7 +766,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters', value: 'Domain'}
provides: [domain]
supported_os: [Windows]
---
name: WindowsDisallowedSystemCertificates
Expand Down Expand Up @@ -810,7 +808,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'AllUsersProfile'}
provides: [environ_allusersprofile]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -834,7 +831,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'CommonFilesDir'}
provides: [environ_commonprogramfiles]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -845,7 +841,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'CommonFilesDir (x86)'}
provides: [environ_commonprogramfilesx86]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -856,7 +851,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment', value: 'ComSpec'}
provides: [environ_comspec]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -867,7 +861,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment', value: 'DriverData'}
provides: [environ_driverdata]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -879,7 +872,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'Path'}
provides: [environ_path]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -890,7 +882,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProfilesDirectory'}
provides: [environ_profilesdirectory]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -901,7 +892,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'}
provides: [environ_programdata]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -917,7 +907,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'ProgramFilesDir'}
provides: [environ_programfiles]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -933,7 +922,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion', value: 'ProgramFilesDir (x86)'}
provides: [environ_programfilesx86]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -945,7 +933,6 @@ doc: |
sources:
- type: ARTIFACT_GROUP
attributes: {names: ['WindowsEnvironmentVariableSystemRoot']}
provides: [environ_systemdrive]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -965,7 +952,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion', value: 'SystemRoot'}
provides: [environ_systemroot]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -977,7 +963,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'TEMP'}
provides: [environ_temp]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand All @@ -997,7 +982,6 @@ sources:
attributes:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment', value: 'windir'}
provides: [environ_windir]
supported_os: [Windows]
urls: ['https://artifacts-kb.readthedocs.io/en/latest/sources/windows/EnvironmentVariables.html']
---
Expand Down Expand Up @@ -2075,7 +2059,6 @@ doc: The current control set of the Windows Registry.
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\System\Select', value: 'Current'}]}
provides: [current_control_set]
supported_os: [Windows]
urls: ['https://github.com/libyal/winreg-kb/blob/main/documentation/System%20keys.asciidoc']
---
Expand All @@ -2101,7 +2084,6 @@ doc: |
sources:
- type: REGISTRY_VALUE
attributes: {key_value_pairs: [{key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\*', value: 'ProfileImagePath'}]}
provides: [users.sid, users.userprofile, users.homedir, users.username]
supported_os: [Windows]
urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/bb776892(v=vs.85).aspx']
---
Expand Down Expand Up @@ -3065,7 +3047,6 @@ sources:
key_value_pairs:
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation', value: 'StandardName'}
- {key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation', value: 'TimeZoneKeyName'}
provides: [time_zone]
supported_os: [Windows]
urls: ['https://winreg-kb.readthedocs.io/en/latest/sources/system-keys/Time-zones.html']
---
Expand Down Expand Up @@ -3340,19 +3321,6 @@ sources:
- 'HKEY_USERS\%%users.sid%%\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\*'
- 'HKEY_USERS\%%users.sid%%\Environment\*'
- 'HKEY_USERS\%%users.sid%%\Volatile Environment\*'
provides:
- users.cookies
- users.appdata
- users.personal
- users.startup
- users.homedir
- users.desktop
- users.internet_cache
- users.localappdata
- users.localappdata_low
- users.recent
- users.userprofile
- users.temp
supported_os: [Windows]
---
name: WindowsWebCacheStorageQuotaDatabaseFile
Expand Down
2 changes: 0 additions & 2 deletions artifacts/data/wmi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ doc: |
sources:
- type: WMI
attributes: {query: SELECT * FROM Win32_UserAccount WHERE name='%%users.username%%'}
provides: [users.userdomain]
supported_os: [Windows]
urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/aa394507(v=vs.85).aspx']
---
Expand Down Expand Up @@ -184,7 +183,6 @@ doc: |
sources:
- type: WMI
attributes: {query: SELECT * FROM Win32_UserProfile WHERE SID='%%users.sid%%'}
provides: [users.homedir]
supported_os: [Windows]
urls: ['http://msdn.microsoft.com/en-us/library/windows/desktop/ee886409(v=vs.85).aspx']
---
Expand Down
2 changes: 1 addition & 1 deletion artifacts/definitions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
# labels have been deprecated as of version 20220311.
'labels',
'name',
# `provides` have been deprecated.
# provides have been deprecated as of version 20240210.
'provides',
'sources',
'supported_os',
Expand Down