mirror of https://github.com/MISP/misp-book
Merge branch 'master' of github.com:MISP/misp-book
commit
43d2dfcc04
|
@ -22,21 +22,20 @@ After pressing "Submit, you are given the possibility to review your object befo
|
||||||
|
|
||||||
### Creating object
|
### Creating object
|
||||||
|
|
||||||
An object is designed using a JSON file which should repect a format described in [this document](https://github.com/MISP/misp-objects/blob/master/schema_objects.json).
|
An object is designed using a JSON file which should respect a format described in [this document](https://github.com/MISP/misp-objects/blob/master/schema_objects.json).
|
||||||
|
|
||||||
An object is basically a combinaison of two or more attributes that can be used together to represent real cyber security use-cases. These attributes are listed in a JSON object.
|
An object is basically a combination of two or more attributes that can be used together to represent real cyber security use-cases. These attributes are listed in a JSON object.
|
||||||
|
|
||||||
Each attribute is an JSON object defined by a name, a description, a misp-attribute and an ui-priority value.
|
Each attribute is an JSON object defined by a name, a description, a misp-attribute and an ui-priority value.
|
||||||
- Name and description are self-explanatory.
|
- Name and description are self-explanatory.
|
||||||
- misp-attribute is an existing type of attribute in misp that matches the attribute.
|
- misp-attribute is an existing type of attribute in misp that matches the attribute.
|
||||||
- Concerning ui-priority, the higher the number is, the most it is expected to be seen.
|
- Concerning ui-priority, the higher the number is, the most it is expected to be seen.
|
||||||
|
|
||||||
There are also others options that can be added to define an attribute more precisely.
|
There are also others options that can be added to define an attribute more precisely.
|
||||||
- sane_default is a list of default valid value for this attribute. The user can pick a value from this list or choose "Enter value manually"
|
- sane_default is a list of default valid value for this attribute. The user can pick a value from this list or choose "Enter value manually"
|
||||||
- disable_correlation will disable correlation for this value. Usefull for dates for instance
|
- disable_correlation will disable correlation for this value. Useful for dates for instance
|
||||||
- recommended value for this field
|
- recommended value for this field
|
||||||
- multiple, if set to true, allow the user to add multiple instances of this attribute.
|
- multiple, if set to true, allow the user to add multiple instances of this attribute.
|
||||||
|
|
||||||
Not all attributes are mandatory, but some can be required. If s, they need to be listed in a list called "required". The object will only be valid if the listed attributes are set.
|
Not all attributes are mandatory, but some can be required. If so, they need to be listed in a list called "required". The object will only be valid if the listed attributes are set.
|
||||||
The same way, there are sometimes when only one attribute in a set is needed. This set can be put in a list called "requiredOneOf". If at least oen of the attributes in this list is set, the object will be valid.
|
The same way, there are sometimes when only one attribute in a set is needed. This set can be put in a list called "requiredOneOf". If at least oen of the attributes in this list is set, the object will be valid.
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<!-- toc -->
|
||||||
|
|
||||||
|
## MISP-noticelist
|
Loading…
Reference in New Issue