19 NewAttributes

Alexandre Dulaunoy edited this page 2016-12-19 09:47:17 +01:00

Table of Contents

• New categories to be added in 2.4.57
• New attributes to be added in 2.4.57
• To postpone

New categories to be added in 2.4.57

• Support Tool - description "Tools supporting analysis or detection of the event"
  • link, text, attachment and comment https://github.com/MISP/MISP/issues/1108#issuecomment-255714874
• Social Network - description "Social networks and platforms"
• Person - description "A human being - natural person"

New attributes to be added in 2.4.57

• Category: "Attribution" dns-soa-email - flag ids:no https://github.com/MISP/MISP/issues/1357
• Category: "Other" size-in-bytes - long - flag ids:no https://github.com/MISP/MISP/issues/924
• Category: "Other" counter - long - flag ids:no https://github.com/MISP/MISP/issues/943
• Category: "Other" datetime - - flag ids:no https://github.com/MISP/MISP/issues/921
• Category: "Other" cpe - string (cpe 2.2/2.3 regex) - flag ids:no https://github.com/MISP/MISP/issues/1187
• Category: "Other" port - int - flag ids:no https://github.com/MISP/MISP/issues/642
• Category: "Network activity" ip-dst:port flag ids:yes
• Category: "Network activity" hostname:port flag ids:yes
• Category: "Payload delivery" email-dst-display-name https://github.com/MISP/MISP/issues/1108
• Category: "Payload delivery" email-src-display-name https://github.com/MISP/MISP/issues/1108
• Category: "Payload delivery" email-header https://github.com/MISP/MISP/issues/1108
• Category: "Payload delivery" email-reply-to https://github.com/MISP/MISP/issues/460
• Category: "Payload delivery" email-x-mailer https://github.com/MISP/MISP/issues/460
• Category: "Payload delivery" email-mime-boundary https://github.com/MISP/MISP/issues/460
• Category: "Payload delivery" email-thread-index https://github.com/MISP/MISP/issues/460
• Category: "Payload delivery" email-message-id
• Category: "Payload delivery" pehash https://github.com/MISP/MISP/issues/460
• Category: "Social Network" github-username flag ids:no
• Category: "Social Network" github-repository flag ids:no
• Category: "Social Network" github-organisation flag ids:no
• Category: "Social Network" jabber-id flag ids:no
• Category: "Social Network" email flag ids:no - email-src/email-dst?
• Category: "Person" first-name https://github.com/MISP/MISP/issues/1634
• Category: "Person" middle-name
• Category: "Person" last-name
• Category: "Person" date-of-birth
• Category: "Person" place-of-birth
• Category: "Person" gender
• Category: "Person" passport-number
• Category: "Person" passport-country
• Category: "Person" passport-expiration
• Category: "Person" redress-number
• Category: "Person" nationality
• Category: "Person" visa-number
• Category: "Person" issue-date-of-the-visa
• Category: "Person" place-of-issuance-of-the-visa
• Category: "Person" primary-residence
• Category: "Person" country-of-residence
• Category: "Person" special-service-requests
• Category: "Person" frequent-flyer-number
• Category: "Person" comments
• Category: "Person" remarks
• Category: "Person" travel-details
• Category: "Person" payment-details
• Category: "Person" place-port-of-original-embarkation
• Category: "Person" place-port-of-clearance
• Category: "Person" place-port-of-onward-foreign-destination
• Category: "Person" passenger-name-record-locator-number
• Category: "Other" cidr-block
• Category: "External Analysis" / "Payload Delivery" targeted-threat-index https://github.com/MISP/MISP/issues/317 - type was there but no category -> https://citizenlab.org/2013/10/targeted-threat-index/ moved as a taxonomy.
• Category: "Payload Delivery" mobile-application-id - https://developer.android.com/studio/build/application-id.html

All "other" types are mainly there for the misp-object release.

To postpone

• Category: "Network" url-regex(Issue 120) - need a full PCRE parser