diff --git a/objects/command-line/definition.json b/objects/command-line/definition.json
index f80dd52..678a34f 100644
--- a/objects/command-line/definition.json
+++ b/objects/command-line/definition.json
@@ -1,20 +1,35 @@
 {
   "attributes": {
+    "command_line": {
+      "description": "command code line",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "description": {
       "description": "description of the command",
       "misp-attribute": "text",
       "ui-priority": 1
     },
-    "value": {
-      "description": "command code",
+    "software": {
+      "description": "type of shell (bash/sh,powershell,cmd.exe)",
       "misp-attribute": "text",
-      "multiple": true,
+      "sane_default": [
+        "Shell",
+        "Bash",
+        "zsh",
+        "Powershell",
+        "cmd.exe"
+      ],
       "ui-priority": 1
     }
   },
   "description": "Command line and options related to a specific command executed by a program, whether it is malicious or not.",
   "meta-category": "misc",
   "name": "command-line",
+  "required": [
+    "command_line"
+  ],
   "uuid": "88ebe222-d3cc-11e9-875d-7f13f460adaf",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file
diff --git a/objects/crowdsec-ip-context/definition.json b/objects/crowdsec-ip-context/definition.json
index a163cde..2d425c9 100644
--- a/objects/crowdsec-ip-context/definition.json
+++ b/objects/crowdsec-ip-context/definition.json
@@ -7,7 +7,7 @@
       ],
       "description": "Autonomous system name",
       "disable_correlation": true,
-      "misp-attribute": "AS",
+      "misp-attribute": "text",
       "multiple": true,
       "ui-priority": 0
     },
diff --git a/objects/cs-beacon-config/definition.json b/objects/cs-beacon-config/definition.json
index bddffb6..48c8111 100644
--- a/objects/cs-beacon-config/definition.json
+++ b/objects/cs-beacon-config/definition.json
@@ -104,7 +104,7 @@
   "description": "Cobalt Strike Beacon Config",
   "meta-category": "file",
   "name": "cs-beacon-config",
-  "required": [
+  "requiredOneOf": [
     "jar-md5",
     "md5",
     "sha1",
@@ -112,5 +112,5 @@
     "watermark"
   ],
   "uuid": "d17355ef-ca1f-4b5a-86cd-65d877991f54",
-  "version": 3
+  "version": 4
 }
\ No newline at end of file
diff --git a/objects/ddos/definition.json b/objects/ddos/definition.json
index e43d181..9df4984 100644
--- a/objects/ddos/definition.json
+++ b/objects/ddos/definition.json
@@ -156,8 +156,9 @@
   "requiredOneOf": [
     "ip-dst",
     "ip-src",
-    "domain-dst"
+    "domain-dst",
+    "type"
   ],
   "uuid": "e2f124d6-f57c-4f93-99e6-8450545fa05d",
-  "version": 9
+  "version": 10
 }
\ No newline at end of file
diff --git a/objects/exploit/definition.json b/objects/exploit/definition.json
index f5d040d..5ad1028 100644
--- a/objects/exploit/definition.json
+++ b/objects/exploit/definition.json
@@ -82,6 +82,11 @@
       "multiple": true,
       "ui-priority": 0
     },
+    "software": {
+      "description": "Software impacted",
+      "misp-attribute": "text",
+      "ui-priority": 10
+    },
     "title": {
       "description": "Title of the exploit.",
       "misp-attribute": "text",
diff --git a/objects/intelmq_event/definition.json b/objects/intelmq_event/definition.json
index 5c7b124..1ec6040 100644
--- a/objects/intelmq_event/definition.json
+++ b/objects/intelmq_event/definition.json
@@ -405,11 +405,13 @@
     },
     "time.observation": {
       "description": "The time the collector of the local instance processed (observed) the event.",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     },
     "time.source": {
       "description": "The time of occurence of the event as reported the feed (source).",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     },
diff --git a/objects/intelmq_report/definition.json b/objects/intelmq_report/definition.json
index bb428ad..8630d2e 100644
--- a/objects/intelmq_report/definition.json
+++ b/objects/intelmq_report/definition.json
@@ -47,6 +47,7 @@
     },
     "time.observation": {
       "description": "The time the collector of the local instance processed (observed) the event.",
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 1
     }
diff --git a/objects/organization/definition.json b/objects/organization/definition.json
index 5b6faeb..ca3fd9c 100644
--- a/objects/organization/definition.json
+++ b/objects/organization/definition.json
@@ -79,7 +79,8 @@
         "Source",
         "Originator",
         "Informant",
-        "Emitter"
+        "Emitter",
+        "Impersonated"
       ]
     },
     "sector": {
@@ -138,5 +139,5 @@
     "alias"
   ],
   "uuid": "f750e12b-127a-432c-b022-b3f9153c4e2a",
-  "version": 6
+  "version": 7
 }
\ No newline at end of file
diff --git a/objects/person/definition.json b/objects/person/definition.json
index c34a977..295d9a7 100644
--- a/objects/person/definition.json
+++ b/objects/person/definition.json
@@ -223,7 +223,8 @@
         "Source",
         "Originator",
         "Informant",
-        "Emitter"
+        "Emitter",
+        "Impersonated"
       ]
     },
     "social-security-number": {
@@ -255,5 +256,5 @@
     "handle"
   ],
   "uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248",
-  "version": 19
+  "version": 20
 }
\ No newline at end of file
diff --git a/objects/stairwell/definition.json b/objects/stairwell/definition.json
new file mode 100644
index 0000000..bfb066e
--- /dev/null
+++ b/objects/stairwell/definition.json
@@ -0,0 +1,89 @@
+{
+  "attributes": {
+    "entropy": {
+      "description": "Measure of the information contained in a object as opposed to the portion of the object that is determined (or predictable)",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 1
+    },
+    "environment": {
+      "description": "Stairwell environments that this object has been seen within",
+      "misp-attribute": "comment",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "imphash": {
+      "description": "The Mandiant import hash (imphash) of the object",
+      "misp-attribute": "imphash",
+      "ui-priority": 0
+    },
+    "magic": {
+      "description": "Magic number as determined by yara rule based identification",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "malEval-probability": {
+      "description": "Confidence that the label applies on the object",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "malEval-severity": {
+      "description": "Severity of malware detected",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "md5": {
+      "description": "The md5 hash signature of an object",
+      "misp-attribute": "md5",
+      "ui-priority": 1
+    },
+    "mime-type": {
+      "description": "MIME type as determined by yara rule based identification",
+      "disable_correlation": true,
+      "misp-attribute": "mime-type",
+      "ui-priority": 0
+    },
+    "sha1": {
+      "description": "The sha1 hash signature of an object",
+      "misp-attribute": "sha1",
+      "ui-priority": 1
+    },
+    "sha256": {
+      "description": "The sha256 hash signature of an object",
+      "misp-attribute": "sha256",
+      "ui-priority": 1
+    },
+    "size-in-bytes": {
+      "description": "The size of the file in bytes",
+      "disable_correlation": true,
+      "misp-attribute": "size-in-bytes",
+      "ui-priority": 0
+    },
+    "stairwell-first-seen": {
+      "description": "The timestamp at which an object was first observed by Stairwell",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "tlsh": {
+      "description": "The TLSH of the object",
+      "misp-attribute": "tlsh",
+      "ui-priority": 0
+    },
+    "yara-rule-match": {
+      "description": "Stairwell yara rule resource names which have matched on this object",
+      "misp-attribute": "comment",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Stairwell leverages automated analysis, YARA rule libraries, shared malware feeds, privately run AV verdicts, static & dynamic analysis, malware unpacking, and variant discovery.",
+  "meta-category": "file",
+  "name": "stairwell",
+  "requiredOneOf": [
+    "md5",
+    "sha1",
+    "sha256"
+  ],
+  "uuid": "113d31ab-6eea-46df-976c-e955c369acd2",
+  "version": 1
+}
\ No newline at end of file
diff --git a/relationships/definition.json b/relationships/definition.json
index f128a07..e7d2203 100644
--- a/relationships/definition.json
+++ b/relationships/definition.json
@@ -1725,7 +1725,30 @@
         "stix-2.1"
       ],
       "name": "sample-of"
+    },
+    {
+      "description": "This relationship describes an object which is allied with another object.",
+      "format": [
+        "misp"
+      ],
+      "name": "is-allied-with "
+    },
+    {
+      "description": "The source object acquires the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "acquires",
+      "opposite": "is-acquired-by"
+    },
+    {
+      "description": "The source object is acquired by the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "is-acquired-by",
+      "opposite": "acquires"
     }
   ],
-  "version": 40
+  "version": 41
 }
\ No newline at end of file