mirror of https://github.com/MISP/MISP
Page:
NewAttributes
Pages
3rd party modules
AddNewAttributes
AuthenticationProject
Categories & Types changes CheckList
CommitMessageBestPractices
Contributing to MISP Project
CortexIntegration
Critical aspects or features
DeploymentTools
EnhancedSighting
Frequently Asked Questions
Hackathon
Hardening
Home
Max and min value for first_seen last_seen
NewAttributes
Notes: MISP STIX2
Planned features and functionalities
Presentations about MISP or mentioning MISP
Project dependencies
Proxy
RedisAllocation
ReleaseCheckList
Rename default branches master to main
STIX2.0 to STIX2.1 changes
Sharing guidelines
TaxonomiesResearch
Use cases
UserInterface
19
NewAttributes
Alexandre Dulaunoy edited this page 2016-12-19 09:47:17 +01:00
New categories to be added in 2.4.57
Support Tool
- description "Tools supporting analysis or detection of the event"- link, text, attachment and comment https://github.com/MISP/MISP/issues/1108#issuecomment-255714874
Social Network
- description "Social networks and platforms"Person
- description "A human being - natural person"
New attributes to be added in 2.4.57
- Category: "Attribution"
dns-soa-email
- flag ids:no https://github.com/MISP/MISP/issues/1357 - Category: "Other"
size-in-bytes
- long - flag ids:no https://github.com/MISP/MISP/issues/924 - Category: "Other"
counter
- long - flag ids:no https://github.com/MISP/MISP/issues/943 - Category: "Other"
datetime
- - flag ids:no https://github.com/MISP/MISP/issues/921 - Category: "Other"
cpe
- string (cpe 2.2/2.3 regex) - flag ids:no https://github.com/MISP/MISP/issues/1187 - Category: "Other"
port
- int - flag ids:no https://github.com/MISP/MISP/issues/642 - Category: "Network activity"
ip-dst:port
flag ids:yes - Category: "Network activity"
hostname:port
flag ids:yes - Category: "Payload delivery"
email-dst-display-name
https://github.com/MISP/MISP/issues/1108 - Category: "Payload delivery"
email-src-display-name
https://github.com/MISP/MISP/issues/1108 - Category: "Payload delivery"
email-header
https://github.com/MISP/MISP/issues/1108 - Category: "Payload delivery"
email-reply-to
https://github.com/MISP/MISP/issues/460 - Category: "Payload delivery"
email-x-mailer
https://github.com/MISP/MISP/issues/460 - Category: "Payload delivery"
email-mime-boundary
https://github.com/MISP/MISP/issues/460 - Category: "Payload delivery"
email-thread-index
https://github.com/MISP/MISP/issues/460 - Category: "Payload delivery"
email-message-id
- Category: "Payload delivery"
pehash
https://github.com/MISP/MISP/issues/460 - Category: "Social Network"
github-username
flag ids:no - Category: "Social Network"
github-repository
flag ids:no - Category: "Social Network"
github-organisation
flag ids:no - Category: "Social Network"
jabber-id
flag ids:no - Category: "Social Network"
email
flag ids:no - email-src/email-dst? - Category: "Person"
first-name
https://github.com/MISP/MISP/issues/1634 - Category: "Person"
middle-name
- Category: "Person"
last-name
- Category: "Person"
date-of-birth
- Category: "Person"
place-of-birth
- Category: "Person"
gender
- Category: "Person"
passport-number
- Category: "Person"
passport-country
- Category: "Person"
passport-expiration
- Category: "Person"
redress-number
- Category: "Person"
nationality
- Category: "Person"
visa-number
- Category: "Person"
issue-date-of-the-visa
- Category: "Person"
place-of-issuance-of-the-visa
- Category: "Person"
primary-residence
- Category: "Person"
country-of-residence
- Category: "Person"
special-service-requests
- Category: "Person"
frequent-flyer-number
- Category: "Person"
comments
- Category: "Person"
remarks
- Category: "Person"
travel-details
- Category: "Person"
payment-details
- Category: "Person"
place-port-of-original-embarkation
- Category: "Person"
place-port-of-clearance
- Category: "Person"
place-port-of-onward-foreign-destination
- Category: "Person"
passenger-name-record-locator-number
- Category: "Other"
cidr-block
- Category: "External Analysis" / "Payload Delivery"
targeted-threat-index
https://github.com/MISP/MISP/issues/317 - type was there but no category -> https://citizenlab.org/2013/10/targeted-threat-index/ moved as a taxonomy. - Category: "Payload Delivery"
mobile-application-id
- https://developer.android.com/studio/build/application-id.html
All "other" types are mainly there for the misp-object release.
To postpone
- Category: "Network"
url-regex
(Issue 120) - need a full PCRE parser