A cookie object has been added.

An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
pull/17/head
Alexandre Dulaunoy 2017-08-03 12:15:26 +02:00
parent 08e5ebe995
commit 113eb9e5a0
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 44 additions and 0 deletions

View File

@ -64,6 +64,7 @@ for a specific attribute.
## Existing MISP objects
* [objects/ail-leak](objects/ail-leak/definition.json) - information leak object as defined by the [AIL Analysis Information Leak framework](https://www.github.com/CIRCL/AIL-framework).
* [objects/cookie](objects/cookie/definition.json) - A cookie object describes an HTTP cookie including its use in malicious cases.
* [objects/ddos](objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target.
* [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame.
* [objects/elf](objects/elf/definition.json) - Object describing an Executable and Linkable Format (ELF).

View File

@ -0,0 +1,43 @@
{
"required": [
"cookie"
],
"attributes": {
"cookie": {
"ui-priority": 1,
"misp-attribute": "cookie"
},
"cookie-name": {
"ui-priority": 0,
"misp-attribute": "text"
},
"cookie-value": {
"ui-priority": 0,
"misp-attribute": "text"
},
"text": {
"description": "A description of the cookie.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "text"
},
"type": {
"sane_default": [
"Session management",
"Personalization",
"Tracking",
"Exfiltration",
"Malicious Payload",
"Beaconing"
],
"description": "Type of cookie and how it's used in this specific object.",
"ui-priority": 0,
"misp-attribute": "text"
}
},
"version": 1,
"description": "An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.",
"meta-category": "network",
"uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
"name": "cookie"
}