MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-objects

pull/17/head
Raphaël Vinot 2017-03-17 17:32:21 +01:00
parent 2c2c11c9ca 6fb4acb9da
commit 2c5208aab2
2 changed files with 37 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
objects/email/definition.json
View File

@ -5,16 +5,16 @@
"description": "Email object describing an email with meta-information", "description": "Email object describing an email with meta-information",
"version": 1, "version": 1,
"attributes": { "attributes": {
"from": { "reply-to": {
"misp-attribute": "email-src", "misp-attribute": "email-reply-to",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
] ]
}, },
"from-display-name": { "message-id": {
"misp-attribute": "email-src-display-name", "misp-attribute": "email-message-id",
"misp-usage-frequency": 1, "misp-usage-frequency": 0,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
] ]
@ -50,23 +50,25 @@
], ],
"multiple": true "multiple": true
}, },
"message-id": { "x-mailer": {
"misp-attribute": "email-message-id", "misp-attribute": "email-xmailer",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
] ]
}, },
"reply-to": { "header": {
"misp-attribute": "email-reply-to", "misp-attribute": "email-header",
"misp-usage-frequency": 1, "misp-usage-frequency": 0,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
] ],
"multiple": true
}, },
"send-date": { "send-date": {
"misp-attribute": "datetime", "misp-attribute": "datetime",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"disable_correlation": true,
"categories": [ "categories": [
"Other" "Other"
] ]
@ -93,17 +95,16 @@
"Payload delivery" "Payload delivery"
] ]
}, },
"header": { "from": {
"misp-attribute": "email-header", "misp-attribute": "email-src",
"misp-usage-frequency": 0, "misp-usage-frequency": 1,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
], ]
"multiple": true
}, },
"x-mailer": { "from-display-name": {
"misp-attribute": "email-xmailer", "misp-attribute": "email-src-display-name",
"misp-usage-frequency": 0, "misp-usage-frequency": 1,
"categories": [ "categories": [
"Payload delivery" "Payload delivery"
] ]

25
objects/file/definition.json
View File

@ -5,15 +5,10 @@
"description": "File object describing a file with meta-information", "description": "File object describing a file with meta-information",
"version": 1, "version": 1,
"attributes": { "attributes": {
"filename": { "text": {
"misp-attribute": "filename", "misp-attribute": "text",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"categories": [ "disable_correlation": true
"Payload delivery",
"Artifacts dropped",
"Payload installation",
"External analysis"
]
}, },
"size-in-bytes": { "size-in-bytes": {
"misp-attribute": "size-in-bytes", "misp-attribute": "size-in-bytes",
@ -44,6 +39,20 @@
"misp-attribute": "sha512/224", "misp-attribute": "sha512/224",
"misp-usage-frequency": 0 "misp-usage-frequency": 0
}, },
"malware-sample": {
"misp-attribute": "malware-sample",
"misp-usage-frequency": 1
},
"filename": {
"misp-attribute": "filename",
"misp-usage-frequency": 1,
"categories": [
"Payload delivery",
"Artifacts dropped",
"Payload installation",
"External analysis"
]
},
"sha512/256": { "sha512/256": {
"misp-attribute": "sha512/256", "misp-attribute": "sha512/256",
"misp-usage-frequency": 0 "misp-usage-frequency": 0