Merge branch 'master' of github.com:MISP/misp-objects

2017-03-17 17:32:21 +01:00 · 2017-03-17 17:32:21 +01:00 · 2c5208aab2
parent 2c2c11c9ca 6fb4acb9da
commit 2c5208aab2
2 changed files with 37 additions and 27 deletions
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@ -5,16 +5,16 @@
  "description": "Email object describing an email with meta-information",
  "version": 1,
  "attributes": {
-    "from": {
-      "misp-attribute": "email-src",
+    "reply-to": {
+      "misp-attribute": "email-reply-to",
      "misp-usage-frequency": 1,
      "categories": [
        "Payload delivery"
      ]
    },
-    "from-display-name": {
-      "misp-attribute": "email-src-display-name",
-      "misp-usage-frequency": 1,
+    "message-id": {
+      "misp-attribute": "email-message-id",
+      "misp-usage-frequency": 0,
      "categories": [
        "Payload delivery"
      ]
@ -50,23 +50,25 @@
      ],
      "multiple": true
    },
-    "message-id": {
-      "misp-attribute": "email-message-id",
+    "x-mailer": {
+      "misp-attribute": "email-xmailer",
      "misp-usage-frequency": 0,
      "categories": [
        "Payload delivery"
      ]
    },
-    "reply-to": {
-      "misp-attribute": "email-reply-to",
-      "misp-usage-frequency": 1,
+    "header": {
+      "misp-attribute": "email-header",
+      "misp-usage-frequency": 0,
      "categories": [
        "Payload delivery"
-      ]
+      ],
+      "multiple": true
    },
    "send-date": {
      "misp-attribute": "datetime",
      "misp-usage-frequency": 0,
+      "disable_correlation": true,
      "categories": [
        "Other"
      ]
@ -93,17 +95,16 @@
        "Payload delivery"
      ]
    },
-    "header": {
-      "misp-attribute": "email-header",
-      "misp-usage-frequency": 0,
+    "from": {
+      "misp-attribute": "email-src",
+      "misp-usage-frequency": 1,
      "categories": [
        "Payload delivery"
-      ],
-      "multiple": true
+      ]
    },
-    "x-mailer": {
-      "misp-attribute": "email-xmailer",
-      "misp-usage-frequency": 0,
+    "from-display-name": {
+      "misp-attribute": "email-src-display-name",
+      "misp-usage-frequency": 1,
      "categories": [
        "Payload delivery"
      ]
--- a/objects/file/definition.json
+++ b/objects/file/definition.json
@ -5,15 +5,10 @@
  "description": "File object describing a file with meta-information",
  "version": 1,
  "attributes": {
-    "filename": {
-      "misp-attribute": "filename",
+    "text": {
+      "misp-attribute": "text",
      "misp-usage-frequency": 1,
-      "categories": [
-        "Payload delivery",
-        "Artifacts dropped",
-        "Payload installation",
-        "External analysis"
-      ]
+      "disable_correlation": true
    },
    "size-in-bytes": {
      "misp-attribute": "size-in-bytes",
@ -44,6 +39,20 @@
      "misp-attribute": "sha512/224",
      "misp-usage-frequency": 0
    },
+    "malware-sample": {
+      "misp-attribute": "malware-sample",
+      "misp-usage-frequency": 1
+    },
+    "filename": {
+      "misp-attribute": "filename",
+      "misp-usage-frequency": 1,
+      "categories": [
+        "Payload delivery",
+        "Artifacts dropped",
+        "Payload installation",
+        "External analysis"
+      ]
+    },
    "sha512/256": {
      "misp-attribute": "sha512/256",
      "misp-usage-frequency": 0