MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'rmkml-main' into main

pull/274/head
Alexandre Dulaunoy 2020-08-18 07:55:01 +02:00
parent 2902024f5f bfec61d8b0
commit 115e503c6d
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 91 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
objects/dns-record/definition.json
View File

@ -5,17 +5,37 @@
"Network activity", "Network activity",
"External analysis" "External analysis"
], ],
"description": "IP Address sassociated with A Records", "description": "IPv4 address associated with A record",
"misp-attribute": "ip-dst", "misp-attribute": "ip-dst",
"multiple": true, "multiple": true,
"ui-priority": 1 "ui-priority": 1
}, },
"aaaa-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "IPv6 address associated with AAAA record",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1
},
"cname-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Domain associated with CNAME record",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"mx-record": { "mx-record": {
"categories": [ "categories": [
"Network activity", "Network activity",
"External analysis" "External analysis"
], ],
"description": "Domain associated with MX Record", "description": "Domain associated with MX record",
"misp-attribute": "domain", "misp-attribute": "domain",
"multiple": true, "multiple": true,
"ui-priority": 1 "ui-priority": 1
@ -25,7 +45,17 @@
"Network activity", "Network activity",
"External analysis" "External analysis"
], ],
"description": "Domain associated with NS Records", "description": "Domain associated with NS record",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"ptr-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Domain associated with PTR record",
"misp-attribute": "domain", "misp-attribute": "domain",
"multiple": true, "multiple": true,
"ui-priority": 1 "ui-priority": 1
@ -39,14 +69,54 @@
"misp-attribute": "domain", "misp-attribute": "domain",
"ui-priority": 1 "ui-priority": 1
}, },
"soa-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Domain associated with SOA record",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"spf-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "IP addresses associated with SPF record",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1
},
"srv-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Domain associated with SRV record",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"text": { "text": {
"description": "A description of the records", "description": "A description of the records",
"misp-attribute": "text", "misp-attribute": "text",
"recommended": false, "recommended": false,
"ui-priority": 1 "ui-priority": 1
},
"txt-record": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Content associated with TXT record",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
} }
}, },
"description": "A set of dns records observed for a specific domain.", "description": "A set of DNS records observed for a specific domain.",
"meta-category": "network", "meta-category": "network",
"name": "dns-record", "name": "dns-record",
"required": [ "required": [
@ -54,9 +124,16 @@
], ],
"requiredOneOf": [ "requiredOneOf": [
"a-record", "a-record",
"aaaa-record",
"cname-record",
"mx-record", "mx-record",
"ns-record" "ns-record",
"ptr-record",
"soa-record",
"spf-record",
"srv-record",
"txt-record"
], ],
"uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9", "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9",
"version": 1 "version": 2
} }

7
objects/file/definition.json
View File

@ -424,6 +424,11 @@
"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash", "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
"misp-attribute": "tlsh", "misp-attribute": "tlsh",
"ui-priority": 0 "ui-priority": 0
},
"vhash": {
"description": "vhash by VirusTotal",
"misp-attribute": "vhash",
"ui-priority": 0
} }
}, },
"description": "File object describing a file with meta-information", "description": "File object describing a file with meta-information",
@ -451,5 +456,5 @@
"fullpath" "fullpath"
], ],
"uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"version": 20 "version": 21
} }

2
schema_objects.json
View File

@ -96,6 +96,7 @@
"filename|sha512/256", "filename|sha512/256",
"filename|ssdeep", "filename|ssdeep",
"filename|tlsh", "filename|tlsh",
"filename|vhash",
"first-name", "first-name",
"float", "float",
"frequent-flyer-number", "frequent-flyer-number",
@ -180,6 +181,7 @@
"text", "text",
"threat-actor", "threat-actor",
"tlsh", "tlsh",
"vhash",
"travel-details", "travel-details",
"twitter-id", "twitter-id",
"uri", "uri",