Merge branch 'master' of github.com:MISP/misp-objects

2017-03-13 14:50:08 +01:00 · 2017-03-13 14:50:08 +01:00 · 16c7164816
parent b90fd9ddc1 bd79ee4224
commit 16c7164816
4 changed files with 108 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -69,8 +69,10 @@ potential a sane default for an attribute.
 * [objects/ip-port](objects/ip-port/definition.json) - An IP address and a port seen as a tuple (or as a triple) in a specific time frame.
 * [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS records as expressed in [draft-dulaunoy-dnsop-passive-dns-cof-01](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-01).
 * [objects/pe](objects/pe/definition.json) - Portable Executable (PE) object.
+* [objects/pe-section](objects/pe-section/definition.json)  - Portable Executable (PE) object - section description.
 * [objects/registry-key](objects/registry-key/definition.json) - A registry-key object.
 * [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE.
+* [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
 * [objects/whois](objects/whois/definition.json) - Whois records information for a domain name.
 * [objects/x509](objects/x509/definition.json) - x509 object describing a X.509 certificate.

--- a/objects/ddos/definition.json
+++ b/objects/ddos/definition.json
@ -4,30 +4,14 @@
  "description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy",
  "version": 1,
  "attributes": {
-    "total-pps": {
+    "total-bps": {
      "misp-attribute": "counter",
      "misp-usage-frequency": 0
    },
-    "last-seen": {
-      "misp-attribute": "datetime",
-      "misp-usage-frequency": 0
-    },
    "text": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0
    },
-    "total-bps": {
-      "misp-attribute": "counter",
-      "misp-usage-frequency": 0
-    },
-    "ip-src": {
-      "misp-attribute": "ip-src",
-      "misp-usage-frequency": 1,
-      "categories": [
-        "Network activity",
-        "External analysis"
-      ]
-    },
    "ip-dst": {
      "misp-attribute": "ip-dst",
      "misp-usage-frequency": 1,
@ -36,9 +20,9 @@
        "External analysis"
      ]
    },
-    "src-port": {
-      "misp-attribute": "text",
-      "misp-usage-frequency": 0,
+    "ip-src": {
+      "misp-attribute": "ip-src",
+      "misp-usage-frequency": 1,
      "categories": [
        "Network activity",
        "External analysis"
@ -52,6 +36,18 @@
        "External analysis"
      ]
    },
+    "src-port": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ]
+    },
+    "first-seen": {
+      "misp-attribute": "datetime",
+      "misp-usage-frequency": 0
+    },
    "protocol": {
      "misp-attribute": "text",
      "misp-usage-frequency": 0,
@ -62,7 +58,11 @@
        "IP"
      ]
    },
-    "first-seen": {
+    "total-pps": {
+      "misp-attribute": "counter",
+      "misp-usage-frequency": 0
+    },
+    "last-seen": {
      "misp-attribute": "datetime",
      "misp-usage-frequency": 0
    }
--- a/objects/url/definition.json
+++ b/objects/url/definition.json
@ -0,0 +1,78 @@
+{
+  "name": "url",
+  "meta-category": "network",
+  "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
+  "version": 1,
+  "attributes": {
+    "host": {
+      "misp-attribute": "hostname",
+      "misp-usage-frequency": 0
+    },
+    "domain_without_tld": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "domain": {
+      "misp-attribute": "domain",
+      "misp-usage-frequency": 0
+    },
+    "subdomain": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "credential": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "text": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "last-seen": {
+      "misp-attribute": "datetime",
+      "misp-usage-frequency": 0
+    },
+    "fragment": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "query_string": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "resource_path": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "first-seen": {
+      "misp-attribute": "datetime",
+      "misp-usage-frequency": 0
+    },
+    "scheme": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "sane_default": [
+        "http",
+        "https",
+        "ftp",
+        "gopher",
+        "sip"
+      ]
+    },
+    "port": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "tld": {
+      "misp-attribute": "tld",
+      "misp-usage-frequency": 0
+    },
+    "url": {
+      "misp-attribute": "url",
+      "misp-usage-frequency": 1
+    }
+  },
+  "requiredOneOf": [
+    "url"
+  ]
+}
--- a/schema.json
+++ b/schema.json
@ -27,6 +27,13 @@
            "type": "string"
          }
        },
+        "sane_default": {
+          "type": "array",
+          "uniqueItems": true,
+          "items": {
+            "type": "string"
+          }
+        },
        "multiple": {
          "type": "boolean"
        },