From 03f8622269dcc3697c57b9bf5ac8e2e7fdcb0d2b Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 11 Oct 2018 07:10:26 +0200 Subject: [PATCH] Updated list of objects in README --- README.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7eee687..13cdafc 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,8 @@ for a specific attribute. ## Existing MISP objects -* [objects/ail-leak](objects/ail-leak/definition.json) - information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework). +* [objects/ail-leak](objects/ail-leak/definition.json) - Information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework). +* [objects/ais-info](objects/ais-info/definition.json) - Object describing Automated Indicator Sharing (AIS) information source markings. * [objects/android-permission](objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. file). * [objects/asn](objects/asn/definition.json) - Autonomous system object describing a BGP autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike. * [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature. @@ -89,9 +90,12 @@ for a specific attribute. * [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. * [objects/fail2ban](objects/fail2ban/definition.json) - A fail2ban object. * [objects/file](objects/file/definition.json) - File object describing a file with meta-information. +* [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case. +* [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence. * [objects/geolocation](objects/geolocation/definition.json) - A geolocation object to describe a location. * [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network. * [objects/http-request](objects/http-request/definition.json) - A single HTTP request header object. +* [objects/ip-api-address](objects/ip-api-address/definition.json) - Object describing IP Address information, as defined in [ip-api.com](http://ip-api.com). * [objects/ip-port](objects/ip-port/definition.json) - An IP address and a port seen as a tuple (or as a triple) in a specific time frame. * [objects/ja3](objects/ja3/definition.json) - A ja3 object which describes an SSL client fingerprint in an easy to produce and shareable way. * [objects/legal-entity](objects/legal-entity/definition.json) - Object describing a legal entity, such as an organisation. @@ -103,6 +107,7 @@ for a specific attribute. * [objects/mutex](objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program. * [objects/netflow](objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition. * [objects/network-connection](objects/network-connection/definition.json) - Network object describes a local or remote network connection. +* [objects/network-socket](objects/network-socket/definition.json) - Object to describe a local or remote network connections based on the socket data structure. * [objects/original-imported-file](objects/original-imported-file/definition.json) - Object to describe the original files used to import data in MISP. * [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in [draft-dulaunoy-dnsop-passive-dns-cof-01](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01). * [objects/paste](objects/paste/definition.json) - Object describing a paste or similar post from a website allowing to share privately or publicly posts. @@ -112,31 +117,35 @@ for a specific attribute. * [objects/phishing](objects/phishing/definition.json) - Phishing template to describe a phishing website and its analysis. * [objects/phone](objects/phone/definition.json) - A phone or mobile phone object. * [objects/process](objects/process/definition.json) - A process object. +* [objects/regexp](objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression. * [objects/registry-key](objects/registry-key/definition.json) - A registry-key object. * [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from binary files using radare2 and graphml. +* [objects/report](objects/report/definition.json) - Object to describe metadata used to generate an executive level report. * [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response. * [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox report object. * [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox detection signature object. * [objects/script](objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts. -* [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message(s). * [objects/shortened-link](objects/shortened-link/definition.json) - Shortened link and its redirect target. +* [objects/short-message-service](objects/short-message-service/definition.json) - Short Message Service (SMS) object template describing one or more SMS message(s). * [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging. * [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern. * [objects/suricata](objects/suricata/definition.json) - Suricata rule with context. * [objects/target-system](objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromised internal system. * [objects/threatgrid-report](objects/threatgrid-report/definition.json) - A threatgrid report object. * [objects/timecode](objects/timecode/definition.json) - Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. +* [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) - A timesketch timeline object based on mandatory field in timesketch to describe a log entry. * [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship. * [objects/tor-node](objects/tor-node/definition.json) - Tor node description which are part of the Tor network at a time. * [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform. * [objects/transaction](objects/transaction/definition.json) - Object describing a financial transaction. -* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report. -* [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE. * [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata. * [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template to describe a vehicle information and registration. * [objects/victim](objects/victim/definition.json) - a victim object to describe the organisation being targeted or abused. +* [objects/virustotal-report](objects/virustotal-report/definition.json) - VirusTotal report. +* [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE. * [objects/whois](objects/whois/definition.json) - Whois records information for a domain name. * [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate. +* [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara rules from function prologs, for matching and hunting binaries. ref: [yabin](https://github.com/AlienVault-OTX/yabin). * [objects/yara](objects/yara/definition.json) - YARA object describing a YARA rule along with the version supported and context (such as memory, network, disk). ## MISP objects relationships