From 37c1722d3effbad77d46652fda2f2ea444913f61 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 15 Mar 2017 07:42:14 +0100 Subject: [PATCH 1/2] disable_correlation added --- objects/email/definition.json | 39 ++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/objects/email/definition.json b/objects/email/definition.json index a211aa7..047d5d6 100644 --- a/objects/email/definition.json +++ b/objects/email/definition.json @@ -4,16 +4,16 @@ "description": "Email object describing an email with meta-information", "version": 1, "attributes": { - "from": { - "misp-attribute": "email-src", + "reply-to": { + "misp-attribute": "email-reply-to", "misp-usage-frequency": 1, "categories": [ "Payload delivery" ] }, - "from-display-name": { - "misp-attribute": "email-src-display-name", - "misp-usage-frequency": 1, + "message-id": { + "misp-attribute": "email-message-id", + "misp-usage-frequency": 0, "categories": [ "Payload delivery" ] @@ -49,23 +49,25 @@ ], "multiple": true }, - "message-id": { - "misp-attribute": "email-message-id", + "x-mailer": { + "misp-attribute": "email-xmailer", "misp-usage-frequency": 0, "categories": [ "Payload delivery" ] }, - "reply-to": { - "misp-attribute": "email-reply-to", - "misp-usage-frequency": 1, + "header": { + "misp-attribute": "email-header", + "misp-usage-frequency": 0, "categories": [ "Payload delivery" - ] + ], + "multiple": true }, "send-date": { "misp-attribute": "datetime", "misp-usage-frequency": 0, + "disable_correlation": true, "categories": [ "Other" ] @@ -92,17 +94,16 @@ "Payload delivery" ] }, - "header": { - "misp-attribute": "email-header", - "misp-usage-frequency": 0, + "from": { + "misp-attribute": "email-src", + "misp-usage-frequency": 1, "categories": [ "Payload delivery" - ], - "multiple": true + ] }, - "x-mailer": { - "misp-attribute": "email-xmailer", - "misp-usage-frequency": 0, + "from-display-name": { + "misp-attribute": "email-src-display-name", + "misp-usage-frequency": 1, "categories": [ "Payload delivery" ] From 6fb4acb9daa636d689e70b72ee777356c1b5de2f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 16 Mar 2017 23:06:36 +0100 Subject: [PATCH 2/2] jq all --- objects/file/definition.json | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/objects/file/definition.json b/objects/file/definition.json index a4f60e1..8e020e5 100644 --- a/objects/file/definition.json +++ b/objects/file/definition.json @@ -4,15 +4,10 @@ "description": "File object describing a file with meta-information", "version": 1, "attributes": { - "filename": { - "misp-attribute": "filename", + "text": { + "misp-attribute": "text", "misp-usage-frequency": 1, - "categories": [ - "Payload delivery", - "Artifacts dropped", - "Payload installation", - "External analysis" - ] + "disable_correlation": true }, "size-in-bytes": { "misp-attribute": "size-in-bytes", @@ -43,6 +38,20 @@ "misp-attribute": "sha512/224", "misp-usage-frequency": 0 }, + "malware-sample": { + "misp-attribute": "malware-sample", + "misp-usage-frequency": 1 + }, + "filename": { + "misp-attribute": "filename", + "misp-usage-frequency": 1, + "categories": [ + "Payload delivery", + "Artifacts dropped", + "Payload installation", + "External analysis" + ] + }, "sha512/256": { "misp-attribute": "sha512/256", "misp-usage-frequency": 0 @@ -76,15 +85,6 @@ "Payload installation", "External analysis" ] - }, - "text": { - "misp-attribute": "text", - "misp-usage-frequency": 1, - "disable_correlation": true - }, - "malware-sample": { - "misp-attribute": "malware-sample", - "misp-usage-frequency": 1 } }, "requiredOneOf": [