From 6002bf3203c52a52e7f66b96ea18a3e6c0c83726 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Wed, 30 Jan 2019 23:12:30 +0100
Subject: [PATCH 1/2] chg: [data] types updated to include the new zeek type
---
pymisp/data/describeTypes.json | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/pymisp/data/describeTypes.json b/pymisp/data/describeTypes.json
index 015b943..9d6d0d5 100644
--- a/pymisp/data/describeTypes.json
+++ b/pymisp/data/describeTypes.json
@@ -121,6 +121,10 @@
"default_category": "Network activity",
"to_ids": 1
},
+ "zeek": {
+ "default_category": "Network activity",
+ "to_ids": 1
+ },
"pattern-in-file": {
"default_category": "Payload installation",
"to_ids": 1
@@ -657,6 +661,7 @@
"AS",
"snort",
"bro",
+ "zeek",
"pattern-in-file",
"pattern-in-traffic",
"pattern-in-memory",
@@ -1056,7 +1061,8 @@
"hex",
"cookie",
"hostname|port",
- "bro"
+ "bro",
+ "zeek"
],
"Payload type": [
"comment",
@@ -1105,6 +1111,7 @@
"AS",
"snort",
"bro",
+ "zeek",
"pattern-in-file",
"pattern-in-traffic",
"pattern-in-memory",
From dc5d40a327233895792b8148a7c87d5a1c2ebfb1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Thu, 31 Jan 2019 23:23:15 +0100
Subject: [PATCH 2/2] chg: [datamodel] new anonymised type added
---
pymisp/data/describeTypes.json | 55 +++++++++++++++++++++++-----------
1 file changed, 38 insertions(+), 17 deletions(-)
diff --git a/pymisp/data/describeTypes.json b/pymisp/data/describeTypes.json
index 9d6d0d5..71f4fea 100644
--- a/pymisp/data/describeTypes.json
+++ b/pymisp/data/describeTypes.json
@@ -628,6 +628,10 @@
"boolean": {
"default_category": "Other",
"to_ids": 0
+ },
+ "anonymised": {
+ "default_category": "Other",
+ "to_ids": 0
}
},
"types": [
@@ -787,7 +791,8 @@
"passenger-name-record-locator-number",
"mobile-application-id",
"cortex",
- "boolean"
+ "boolean",
+ "anonymised"
],
"categories": [
"Internal reference",
@@ -813,7 +818,8 @@
"link",
"comment",
"other",
- "hex"
+ "hex",
+ "anonymised"
],
"Targeting data": [
"target-user",
@@ -822,7 +828,8 @@
"target-org",
"target-location",
"target-external",
- "comment"
+ "comment",
+ "anonymised"
],
"Antivirus detection": [
"link",
@@ -830,7 +837,8 @@
"text",
"hex",
"attachment",
- "other"
+ "other",
+ "anonymised"
],
"Payload delivery": [
"md5",
@@ -910,7 +918,8 @@
"email-thread-index",
"email-message-id",
"mobile-application-id",
- "whois-registrant-email"
+ "whois-registrant-email",
+ "anonymised"
],
"Artifacts dropped": [
"md5",
@@ -965,7 +974,8 @@
"other",
"cookie",
"gene",
- "mime-type"
+ "mime-type",
+ "anonymised"
],
"Payload installation": [
"md5",
@@ -1016,7 +1026,8 @@
"x509-fingerprint-sha256",
"mobile-application-id",
"other",
- "mime-type"
+ "mime-type",
+ "anonymised"
],
"Persistence mechanism": [
"filename",
@@ -1025,7 +1036,8 @@
"comment",
"text",
"other",
- "hex"
+ "hex",
+ "anonymised"
],
"Network activity": [
"ip-src",
@@ -1062,12 +1074,14 @@
"cookie",
"hostname|port",
"bro",
- "zeek"
+ "zeek",
+ "anonymised"
],
"Payload type": [
"comment",
"text",
- "other"
+ "other",
+ "anonymised"
],
"Attribution": [
"threat-actor",
@@ -1085,7 +1099,8 @@
"x509-fingerprint-md5",
"x509-fingerprint-sha256",
"other",
- "dns-soa-email"
+ "dns-soa-email",
+ "anonymised"
],
"External analysis": [
"md5",
@@ -1129,7 +1144,8 @@
"hasshserver-md5",
"github-repository",
"other",
- "cortex"
+ "cortex",
+ "anonymised"
],
"Financial fraud": [
"btc",
@@ -1145,7 +1161,8 @@
"comment",
"text",
"other",
- "hex"
+ "hex",
+ "anonymised"
],
"Support Tool": [
"link",
@@ -1153,7 +1170,8 @@
"attachment",
"comment",
"other",
- "hex"
+ "hex",
+ "anonymised"
],
"Social network": [
"github-username",
@@ -1166,7 +1184,8 @@
"comment",
"text",
"other",
- "whois-registrant-email"
+ "whois-registrant-email",
+ "anonymised"
],
"Person": [
"first-name",
@@ -1196,7 +1215,8 @@
"text",
"other",
"phone-number",
- "identity-card-number"
+ "identity-card-number",
+ "anonymised"
],
"Other": [
"comment",
@@ -1210,7 +1230,8 @@
"float",
"hex",
"phone-number",
- "boolean"
+ "boolean",
+ "anonymised"
]
}
}