diff --git a/README.md b/README.md index 150b9b4..437d6b7 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,9 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID ## Existing MISP objects - [objects/ADS](https://github.com/MISP/misp-objects/blob/main/objects/ADS/definition.json) - An object defining ADS - Alerting and Detection Strategy by PALANTIR. Can be used for detection engineering. +- [objects/ai-chat-prompt](https://github.com/MISP/misp-objects/blob/main/objects/ai-chat-prompt/definition.json) - Object describing an AI prompt such as ChatGPT. - [objects/ail-leak](https://github.com/MISP/misp-objects/blob/main/objects/ail-leak/definition.json) - An information leak as defined by the AIL Analysis Information Leak framework. +- [objects/ais](https://github.com/MISP/misp-objects/blob/main/objects/ais/definition.json) - Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships. - [objects/ais-info](https://github.com/MISP/misp-objects/blob/main/objects/ais-info/definition.json) - Automated Indicator Sharing (AIS) Information Source Markings. - [objects/android-app](https://github.com/MISP/misp-objects/blob/main/objects/android-app/definition.json) - Indicators related to an Android app. - [objects/android-permission](https://github.com/MISP/misp-objects/blob/main/objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app). @@ -125,7 +127,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/blog](https://github.com/MISP/misp-objects/blob/main/objects/blog/definition.json) - Blog post like Medium or WordPress. - [objects/boleto](https://github.com/MISP/misp-objects/blob/main/objects/boleto/definition.json) - A common form of payment used in Brazil. - [objects/btc-transaction](https://github.com/MISP/misp-objects/blob/main/objects/btc-transaction/definition.json) - An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet. -- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with bitcoin-transaction. +- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with btc-transaction object. - [objects/cap-alert](https://github.com/MISP/misp-objects/blob/main/objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object. - [objects/cap-info](https://github.com/MISP/misp-objects/blob/main/objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object. - [objects/cap-resource](https://github.com/MISP/misp-objects/blob/main/objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object. @@ -152,6 +154,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/ddos](https://github.com/MISP/misp-objects/blob/main/objects/ddos/definition.json) - DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy or using the type field. - [objects/device](https://github.com/MISP/misp-objects/blob/main/objects/device/definition.json) - An object to define a device. - [objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json) - Attack as seen on the diameter signaling protocol supporting LTE networks. +- [objects/directory](https://github.com/MISP/misp-objects/blob/main/objects/directory/definition.json) - Directory object describing a directory with meta-information. - [objects/dkim](https://github.com/MISP/misp-objects/blob/main/objects/dkim/definition.json) - DomainKeys Identified Mail - DKIM. - [objects/dns-record](https://github.com/MISP/misp-objects/blob/main/objects/dns-record/definition.json) - A set of DNS records observed for a specific domain. - [objects/domain-crawled](https://github.com/MISP/misp-objects/blob/main/objects/domain-crawled/definition.json) - A domain crawled over time. @@ -233,6 +236,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json) - Export from git-vuln-finder. - [objects/github-user](https://github.com/MISP/misp-objects/blob/main/objects/github-user/definition.json) - GitHub user. - [objects/gitlab-user](https://github.com/MISP/misp-objects/blob/main/objects/gitlab-user/definition.json) - GitLab user. Gitlab.com user or self-hosted GitLab instance. +- [objects/greynoise-ip](https://github.com/MISP/misp-objects/blob/main/objects/greynoise-ip/definition.json) - GreyNoise IP Information. - [objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks. - [objects/hashlookup](https://github.com/MISP/misp-objects/blob/main/objects/hashlookup/definition.json) - hashlookup object as described on hashlookup services from circl.lu - https://www.circl.lu/services/hashlookup. - [objects/http-request](https://github.com/MISP/misp-objects/blob/main/objects/http-request/definition.json) - A single HTTP request header. @@ -307,12 +311,14 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/query](https://github.com/MISP/misp-objects/blob/main/objects/query/definition.json) - An object describing a query, along with its format. - [objects/r2graphity](https://github.com/MISP/misp-objects/blob/main/objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml. - [objects/ransom-negotiation](https://github.com/MISP/misp-objects/blob/main/objects/ransom-negotiation/definition.json) - An object to describe ransom negotiations, as seen in ransomware incidents. +- [objects/ransomware-group-post](https://github.com/MISP/misp-objects/blob/main/objects/ransomware-group-post/definition.json) - Ransomware group post as monitored by ransomlook.io. - [objects/reddit-account](https://github.com/MISP/misp-objects/blob/main/objects/reddit-account/definition.json) - Reddit account. - [objects/reddit-comment](https://github.com/MISP/misp-objects/blob/main/objects/reddit-comment/definition.json) - A Reddit post comment. - [objects/reddit-post](https://github.com/MISP/misp-objects/blob/main/objects/reddit-post/definition.json) - A Reddit post. - [objects/reddit-subreddit](https://github.com/MISP/misp-objects/blob/main/objects/reddit-subreddit/definition.json) - Public or private subreddit. - [objects/regexp](https://github.com/MISP/misp-objects/blob/main/objects/regexp/definition.json) - An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression. - [objects/registry-key](https://github.com/MISP/misp-objects/blob/main/objects/registry-key/definition.json) - Registry key object describing a Windows registry key with value and last-modified timestamp. +- [objects/registry-key-value](https://github.com/MISP/misp-objects/blob/main/objects/registry-key-value/definition.json) - Registry key value object describing a Windows registry key value, with its data, data type and name values. To be used when a registry key has multiple values. - [objects/regripper-NTUser](https://github.com/MISP/misp-objects/blob/main/objects/regripper-NTUser/definition.json) - Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive. - [objects/regripper-sam-hive-single-user](https://github.com/MISP/misp-objects/blob/main/objects/regripper-sam-hive-single-user/definition.json) - Regripper Object template designed to present user profile details extracted from the SAM hive. - [objects/regripper-sam-hive-user-group](https://github.com/MISP/misp-objects/blob/main/objects/regripper-sam-hive-user-group/definition.json) - Regripper Object template designed to present group profile details extracted from the SAM hive. @@ -330,6 +336,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/regripper-system-hive-services-drivers](https://github.com/MISP/misp-objects/blob/main/objects/regripper-system-hive-services-drivers/definition.json) - Regripper Object template designed to gather information regarding the services/drivers from the system-hive. - [objects/report](https://github.com/MISP/misp-objects/blob/main/objects/report/definition.json) - Metadata used to generate an executive level report. - [objects/research-scanner](https://github.com/MISP/misp-objects/blob/main/objects/research-scanner/definition.json) - Information related to known scanning activity (e.g. from research projects). +- [objects/risk-assessment-report](https://github.com/MISP/misp-objects/blob/main/objects/risk-assessment-report/definition.json) - Risk assessment report object which includes the assessment report from a risk assessment platform such as MONARC. - [objects/rogue-dns](https://github.com/MISP/misp-objects/blob/main/objects/rogue-dns/definition.json) - Rogue DNS as defined by CERT.br. - [objects/rtir](https://github.com/MISP/misp-objects/blob/main/objects/rtir/definition.json) - RTIR - Request Tracker for Incident Response. - [objects/sandbox-report](https://github.com/MISP/misp-objects/blob/main/objects/sandbox-report/definition.json) - Sandbox report. @@ -376,6 +383,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/tracking-id](https://github.com/MISP/misp-objects/blob/main/objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform. - [objects/transaction](https://github.com/MISP/misp-objects/blob/main/objects/transaction/definition.json) - An object to describe a financial transaction. - [objects/translation](https://github.com/MISP/misp-objects/blob/main/objects/translation/definition.json) - Used to keep a text and its translation. +- [objects/transport-ticket](https://github.com/MISP/misp-objects/blob/main/objects/transport-ticket/definition.json) - A transport ticket. - [objects/trustar_report](https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json) - TruStar Report. - [objects/tsk-chats](https://github.com/MISP/misp-objects/blob/main/objects/tsk-chats/definition.json) - An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation. - [objects/tsk-web-bookmark](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-bookmark/definition.json) - An Object Template to add evidential bookmarks identified during a digital forensic investigation. @@ -460,11 +468,11 @@ The MISP objects (JSON files) are dual-licensed under: or ~~~~ - Copyright (c) 2016-2021 Alexandre Dulaunoy - a@foo.be - Copyright (c) 2016-2021 CIRCL - Computer Incident Response Center Luxembourg - Copyright (c) 2016-2021 Andras Iklody - Copyright (c) 2016-2021 Raphael Vinot - Copyright (c) 2016-2021 Various contributors to MISP Project + Copyright (c) 2016-2023 Alexandre Dulaunoy - a@foo.be + Copyright (c) 2016-2023 CIRCL - Computer Incident Response Center Luxembourg + Copyright (c) 2016-2023 Andras Iklody + Copyright (c) 2016-2023 Raphael Vinot + Copyright (c) 2016-2023 Various contributors to MISP Project Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -494,9 +502,9 @@ If a specific author of a taxonomy wants to license it under a different license ~~~~ -Copyright (C) 2016-2021 Andras Iklody -Copyright (C) 2016-2021 Alexandre Dulaunoy -Copyright (C) 2016-2021 CIRCL - Computer Incident Response Center Luxembourg +Copyright (C) 2016-2023 Andras Iklody +Copyright (C) 2016-2023 Alexandre Dulaunoy +Copyright (C) 2016-2023 CIRCL - Computer Incident Response Center Luxembourg This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by diff --git a/objects/ai-chat-prompt/definition.json b/objects/ai-chat-prompt/definition.json new file mode 100644 index 0000000..3c048e7 --- /dev/null +++ b/objects/ai-chat-prompt/definition.json @@ -0,0 +1,82 @@ +{ + "attributes": { + "act-as": { + "description": "Act as a specific person.", + "misp-attribute": "text", + "sane_default": [ + "Security Analysts", + "Incident Responder", + "IT Expert", + "Cyber Security Specialists", + "Technical Writer" + ], + "ui-priority": 5 + }, + "comment": { + "description": "Comment associated to the AI chat prompt.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "model": { + "description": "AI chatbot model used for the prompt.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "sane_default": [ + "GPT 3.5", + "GPT 4.0", + "GPT 3.0", + "DALL-E", + "Whisper", + "Embeddings", + "Moderation", + "Codex", + "BioGPT", + "LLaMA", + "GPT4ALL", + "Bing AI", + "Google Bard AI" + ], + "ui-priority": 3 + }, + "prompt": { + "description": "Prompt text used for a specific AI chat.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 2 + }, + "result": { + "description": "Result", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 4, + "values_list": [ + "Unknown", + "Harmless", + "Correct", + "Dangerous", + "Incorrect" + ] + }, + "role": { + "description": "Role as defined in OpenAI or similar API.", + "misp-attribute": "text", + "sane_default": [ + "system", + "user", + "assistant" + ], + "ui-priority": 7 + } + }, + "description": "Object describing an AI prompt such as ChatGPT.", + "meta-category": "misc", + "name": "ai-chat-prompt", + "requiredOneOf": [ + "prompt" + ], + "uuid": "a78f4156-0bb7-405c-aa25-ba16a73f68e4", + "version": 2 +} \ No newline at end of file diff --git a/objects/ais/definition.json b/objects/ais/definition.json new file mode 100644 index 0000000..e77746f --- /dev/null +++ b/objects/ais/definition.json @@ -0,0 +1,135 @@ +{ + "attributes": { + "ETA": { + "description": "Estimated time of arrival at destination", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "IMO-number": { + "description": "IMO ship identification number: a seven digit number that remains unchanged upon transfer of the ship's registration to another country", + "misp-attribute": "text", + "ui-priority": 90 + }, + "MMSI": { + "description": "Vessel Maritime Maritime Mobile Service Identity (MMSI): a unique nine digit identification number.", + "misp-attribute": "text", + "ui-priority": 99 + }, + "call-sign": { + "description": "International radio call-sign, up to 7 characters.", + "misp-attribute": "text", + "ui-priority": 97 + }, + "course-over-ground": { + "description": "The course of the vessel, relative to true north to 0.1 degree", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 78 + }, + "destination": { + "description": "Destination of the vessel in max 20 characters", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "dimension-a": { + "description": "Distance in meters from Forward Perpendicular (FP)", + "misp-attribute": "float", + "ui-priority": 24 + }, + "dimension-b": { + "description": "Distance in meters from After Perpendicular (AP)", + "misp-attribute": "float", + "ui-priority": 23 + }, + "dimension-c": { + "description": "Distance in meters inboard from port side", + "misp-attribute": "float", + "ui-priority": 22 + }, + "dimension-d": { + "description": "Distance in meters inboard from starboard side", + "misp-attribute": "float", + "ui-priority": 21 + }, + "draught": { + "description": "Draught of ship. 0.1-25.5 meters", + "misp-attribute": "float", + "ui-priority": 20 + }, + "first-seen": { + "description": "When the location was seen for the first time.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 87 + }, + "last-seen": { + "description": "When the location was seen for the last time.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 86 + }, + "latitude": { + "description": "The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 89 + }, + "longitude": { + "description": "The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 88 + }, + "name": { + "description": "20 characters to represent the name of the vessel", + "misp-attribute": "text", + "ui-priority": 98 + }, + "navigational-status": { + "description": "1. at anchor, 2. under command, 3. Restricted Manoeuvrability, etc.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 80 + }, + "rate-of-turn": { + "description": "right or left, from 0 to 720 degrees per minute", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 75 + }, + "speed-over-ground": { + "description": "0.1 knot resolution from 0 to 102 knots", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 79 + }, + "true-heading": { + "description": "The true heading of the vessel. 0 to 359 degrees", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 77 + }, + "true-heading-at-own-position": { + "description": "The true heading at own position of the vessel. 0 to 359 degrees", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 76 + }, + "type-of-ship": { + "description": "Type of ship/cargo", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 91 + } + }, + "description": "Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships.", + "meta-category": "marine", + "name": "ais", + "requiredOneOf": [ + "MMSI" + ], + "uuid": "ef90551a-ff34-472c-9fba-c272c4435baa", + "version": 3 +} \ No newline at end of file diff --git a/objects/crowdsec-ip-context/definition.json b/objects/crowdsec-ip-context/definition.json new file mode 100644 index 0000000..19c2734 --- /dev/null +++ b/objects/crowdsec-ip-context/definition.json @@ -0,0 +1,149 @@ +{ + "attributes": { + "as-name": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Autonomous system name", + "disable_correlation": true, + "misp-attribute": "AS", + "multiple": true, + "ui-priority": 0 + }, + "as-num": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Autonomous system number", + "disable_correlation": true, + "misp-attribute": "AS", + "multiple": true, + "ui-priority": 0 + }, + "attack-details": { + "description": "Triggered scenarios", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "background-noise": { + "description": "Background noise", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + }, + "behaviors": { + "description": "Attack categories", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "city": { + "description": "City of origin", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "country": { + "description": "Country of origin", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "country-code": { + "description": "Country Code", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "dst-port": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Destination port", + "disable_correlation": true, + "misp-attribute": "port", + "multiple": true, + "ui-priority": 1 + }, + "ip": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "IP Address", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "ip-range": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "destination IP address", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "ip-range-score": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "destination IP address", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + }, + "latitude": { + "description": "Latitude of origin", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + }, + "longitude": { + "description": "Longitude of origin", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + }, + "reverse-dns": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Reverse DNS name", + "misp-attribute": "hostname", + "ui-priority": 1 + }, + "scores": { + "description": "Scores", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "target-countries": { + "description": "Target countries (top 10)", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "trust": { + "description": "Trust level", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + } + }, + "description": "CrowdSec Threat Intelligence - IP CTI search", + "meta-category": "network", + "name": "crowdsec-ip-context", + "requiredOneOf": [ + "ip" + ], + "uuid": "0f0a6def-a351-4d3b-9868-d732f6f4666f", + "version": 2 +} \ No newline at end of file diff --git a/objects/cs-beacon-config/definition.json b/objects/cs-beacon-config/definition.json new file mode 100644 index 0000000..0330471 --- /dev/null +++ b/objects/cs-beacon-config/definition.json @@ -0,0 +1,73 @@ +{ + "attributes": { + "c2": { + "categories": [ + "Network activity" + ], + "description": "The C2 sample communicates with", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 1 + }, + "jar-md5": { + "categories": [ + "External analysis" + ], + "description": "MD5 of adversary cobaltstrike.jar file", + "misp-attribute": "md5", + "ui-priority": 0 + }, + "md5": { + "categories": [ + "Payload delivery" + ], + "description": "MD5 of sample containing the Cobalt Strike shellcode", + "misp-attribute": "md5", + "ui-priority": 1 + }, + "sha1": { + "categories": [ + "Payload delivery" + ], + "description": "SHA1 of sample containing the Cobalt Strike shellcode", + "misp-attribute": "sha1", + "ui-priority": 1 + }, + "sha256": { + "categories": [ + "Payload delivery" + ], + "description": "SHA256 of sample containing the Cobalt Strike shellcode", + "misp-attribute": "sha256", + "ui-priority": 1 + }, + "vt-sha256": { + "categories": [ + "External analysis" + ], + "description": "SHA256 of sample uploaded to VirusTotal", + "misp-attribute": "sha256", + "ui-priority": 0 + }, + "watermark": { + "categories": [ + "Other" + ], + "description": "The watermark of sample", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Cobalt Strike Beacon Config", + "meta-category": "file", + "name": "cs-beacon-config", + "required": [ + "jar-md5", + "md5", + "sha1", + "sha256", + "watermark" + ], + "uuid": "d17355ef-ca1f-4b5a-86cd-65d877991f54", + "version": 1 +} \ No newline at end of file diff --git a/objects/directory/definition.json b/objects/directory/definition.json new file mode 100644 index 0000000..3c7458c --- /dev/null +++ b/objects/directory/definition.json @@ -0,0 +1,299 @@ +{ + "attributes": { + "access-time": { + "description": "The last time the directory was accessed", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "creation-time": { + "description": "Creation time of the directory", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "modification-time": { + "description": "Modification time of the directory", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "path": { + "description": "Path of the directory, complete or partial", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "path-encoding": { + "description": "Encoding format of the directory", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Adobe-Standard-Encoding", + "Adobe-Symbol-Encoding", + "Amiga-1251", + "ANSI_X3.110-1983", + "ASMO_449", + "Big5", + "Big5-HKSCS", + "BOCU-1", + "BRF", + "BS_4730", + "BS_viewdata", + "CESU-8", + "CP50220", + "CP51932", + "CSA_Z243.4-1985-1", + "CSA_Z243.4-1985-2", + "CSA_Z243.4-1985-gr", + "CSN_369103", + "DEC-MCS", + "DIN_66003", + "dk-us", + "DS_2089", + "EBCDIC-AT-DE", + "EBCDIC-AT-DE-A", + "EBCDIC-CA-FR", + "EBCDIC-DK-NO", + "EBCDIC-DK-NO-A", + "EBCDIC-ES", + "EBCDIC-ES-A", + "EBCDIC-ES-S", + "EBCDIC-FI-SE", + "EBCDIC-FI-SE-A", + "EBCDIC-FR", + "EBCDIC-IT", + "EBCDIC-PT", + "EBCDIC-UK", + "EBCDIC-US", + "ECMA-cyrillic", + "ES", + "ES2", + "EUC-KR", + "Extended_UNIX_Code_Fixed_Width_for_Japanese", + "Extended_UNIX_Code_Packed_Format_for_Japanese", + "GB18030", + "GB_1988-80", + "GB2312", + "GB_2312-80", + "GBK", + "GOST_19768-74", + "greek7", + "greek7-old", + "greek-ccitt", + "HP-DeskTop", + "HP-Legal", + "HP-Math8", + "HP-Pi-font", + "hp-roman8", + "HZ-GB-2312", + "IBM00858", + "IBM00924", + "IBM01140", + "IBM01141", + "IBM01142", + "IBM01143", + "IBM01144", + "IBM01145", + "IBM01146", + "IBM01147", + "IBM01148", + "IBM01149", + "IBM037", + "IBM038", + "IBM1026", + "IBM1047", + "IBM273", + "IBM274", + "IBM275", + "IBM277", + "IBM278", + "IBM280", + "IBM281", + "IBM284", + "IBM285", + "IBM290", + "IBM297", + "IBM420", + "IBM423", + "IBM424", + "IBM437", + "IBM500", + "IBM775", + "IBM850", + "IBM851", + "IBM852", + "IBM855", + "IBM857", + "IBM860", + "IBM861", + "IBM862", + "IBM863", + "IBM864", + "IBM865", + "IBM866", + "IBM868", + "IBM869", + "IBM870", + "IBM871", + "IBM880", + "IBM891", + "IBM903", + "IBM904", + "IBM905", + "IBM918", + "IBM-Symbols", + "IBM-Thai", + "IEC_P27-1", + "INIS", + "INIS-8", + "INIS-cyrillic", + "INVARIANT", + "ISO_10367-box", + "ISO-10646-J-1", + "ISO-10646-UCS-2", + "ISO-10646-UCS-4", + "ISO-10646-UCS-Basic", + "ISO-10646-Unicode-Latin1", + "ISO-10646-UTF-1", + "ISO-11548-1", + "ISO-2022-CN", + "ISO-2022-CN-EXT", + "ISO-2022-JP", + "ISO-2022-JP-2", + "ISO-2022-KR", + "ISO_2033-1983", + "ISO_5427", + "ISO_5427:1981", + "ISO_5428:1980", + "ISO_646.basic:1983", + "ISO_646.irv:1983", + "ISO_6937-2-25", + "ISO_6937-2-add", + "ISO-8859-10", + "ISO_8859-1:1987", + "ISO-8859-13", + "ISO-8859-14", + "ISO-8859-15", + "ISO-8859-16", + "ISO-8859-1-Windows-3.0-Latin-1", + "ISO-8859-1-Windows-3.1-Latin-1", + "ISO_8859-2:1987", + "ISO-8859-2-Windows-Latin-2", + "ISO_8859-3:1988", + "ISO_8859-4:1988", + "ISO_8859-5:1988", + "ISO_8859-6:1987", + "ISO_8859-6-E", + "ISO_8859-6-I", + "ISO_8859-7:1987", + "ISO_8859-8:1988", + "ISO_8859-8-E", + "ISO_8859-8-I", + "ISO_8859-9:1989", + "ISO-8859-9-Windows-Latin-5", + "ISO_8859-supp", + "iso-ir-90", + "ISO-Unicode-IBM-1261", + "ISO-Unicode-IBM-1264", + "ISO-Unicode-IBM-1265", + "ISO-Unicode-IBM-1268", + "ISO-Unicode-IBM-1276", + "IT", + "JIS_C6220-1969-jp", + "JIS_C6220-1969-ro", + "JIS_C6226-1978", + "JIS_C6226-1983", + "JIS_C6229-1984-a", + "JIS_C6229-1984-b", + "JIS_C6229-1984-b-add", + "JIS_C6229-1984-hand", + "JIS_C6229-1984-hand-add", + "JIS_C6229-1984-kana", + "JIS_Encoding", + "JIS_X0201", + "JIS_X0212-1990", + "JUS_I.B1.002", + "JUS_I.B1.003-mac", + "JUS_I.B1.003-serb", + "KOI7-switched", + "KOI8-R", + "KOI8-U", + "KS_C_5601-1987", + "KSC5636", + "KZ-1048", + "latin-greek", + "Latin-greek-1", + "latin-lap", + "macintosh", + "Microsoft-Publishing", + "MNEM", + "MNEMONIC", + "MSZ_7795.3", + "Name", + "NATS-DANO", + "NATS-DANO-ADD", + "NATS-SEFI", + "NATS-SEFI-ADD", + "NC_NC00-10:81", + "NF_Z_62-010", + "NF_Z_62-010_(1973)", + "NS_4551-1", + "NS_4551-2", + "OSD_EBCDIC_DF03_IRV", + "OSD_EBCDIC_DF04_1", + "OSD_EBCDIC_DF04_15", + "PC8-Danish-Norwegian", + "PC8-Turkish", + "PT", + "PT2", + "PTCP154", + "SCSU", + "SEN_850200_B", + "SEN_850200_C", + "Shift_JIS", + "T.101-G2", + "T.61-7bit", + "T.61-8bit", + "TIS-620", + "TSCII", + "UNICODE-1-1", + "UNICODE-1-1-UTF-7", + "UNKNOWN-8BIT", + "US-ASCII", + "us-dk", + "UTF-16", + "UTF-16BE", + "UTF-16LE", + "UTF-32", + "UTF-32BE", + "UTF-32LE", + "UTF-7", + "UTF-8", + "Ventura-International", + "Ventura-Math", + "Ventura-US", + "videotex-suppl", + "VIQR", + "VISCII", + "windows-1250", + "windows-1251", + "windows-1252", + "windows-1253", + "windows-1254", + "windows-1255", + "windows-1256", + "windows-1257", + "windows-1258", + "Windows-31J", + "windows-874" + ], + "ui-priority": 0 + } + }, + "description": "Directory object describing a directory with meta-information", + "meta-category": "file", + "name": "directory", + "requiredOneOf": [ + "path" + ], + "uuid": "23ac6a02-1017-4ea6-a4df-148ed563988d", + "version": 1 +} \ No newline at end of file diff --git a/objects/file/definition.json b/objects/file/definition.json index 8524380..2f1c53d 100644 --- a/objects/file/definition.json +++ b/objects/file/definition.json @@ -1,5 +1,10 @@ { "attributes": { + "access-time": { + "description": "The last time the file was accessed", + "misp-attribute": "datetime", + "ui-priority": 0 + }, "attachment": { "description": "A non-malicious file.", "misp-attribute": "attachment", @@ -21,6 +26,11 @@ "misp-attribute": "datetime", "ui-priority": 0 }, + "creation-time": { + "description": "Creation time of the file", + "misp-attribute": "datetime", + "ui-priority": 0 + }, "entropy": { "description": "Entropy of the whole file", "disable_correlation": true, @@ -334,6 +344,11 @@ "misp-attribute": "mime-type", "ui-priority": 0 }, + "modification-time": { + "description": "Last time the file was modified", + "misp-attribute": "datetime", + "ui-priority": 0 + }, "path": { "description": "Path of the filename complete or partial", "disable_correlation": true, diff --git a/objects/greynoise-ip/definition.json b/objects/greynoise-ip/definition.json new file mode 100644 index 0000000..54a9b8a --- /dev/null +++ b/objects/greynoise-ip/definition.json @@ -0,0 +1,71 @@ +{ + "attributes": { + "actor": { + "description": "GreyNoise Actor", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "classification": { + "description": "GreyNoise Classification", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "first-seen": { + "description": "First Seen", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 2 + }, + "ip-src": { + "description": "Source IP address of the network connection.", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "last-seen": { + "description": "Last Seen", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 1 + }, + "link": { + "description": "GreyNoise Visualizer Link", + "disable_correlation": true, + "misp-attribute": "link", + "ui-priority": 2 + }, + "noise": { + "description": "GreyNoise Internet Scanning Flag", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "provider": { + "description": "GreyNoise Service Provider", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "riot": { + "description": "GreyNoise Common Business Service Flag", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "trust-level": { + "description": "GreyNoise RIOT Trust Level", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "GreyNoise IP Information", + "meta-category": "network", + "name": "greynoise-ip", + "requiredOneOf": [ + "ip-src" + ], + "uuid": "6B14A94A-46E4-4B82-B24D-0DBF8E8B3FD9", + "version": 1 +} \ No newline at end of file diff --git a/objects/network-connection/definition.json b/objects/network-connection/definition.json index 9d30c5a..75a6567 100644 --- a/objects/network-connection/definition.json +++ b/objects/network-connection/definition.json @@ -10,6 +10,18 @@ "misp-attribute": "counter", "ui-priority": 1 }, + "dst-bytes-count": { + "description": "Number of bytes sent from the source to the destination.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "dst-packets-count": { + "description": "Number of packets sent from the source to the destination.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, "dst-port": { "categories": [ "Network activity", @@ -53,6 +65,12 @@ "misp-attribute": "ip-src", "ui-priority": 1 }, + "last-packet-seen": { + "description": "Datetime of the last packet seen.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 1 + }, "layer3-protocol": { "description": "Layer 3 protocol of the network connection.", "disable_correlation": true, @@ -85,6 +103,28 @@ ], "ui-priority": 0 }, + "mac-dst": { + "description": "Destination MAC address of the network connection.", + "misp-attribute": "mac-address", + "ui-priority": 1 + }, + "mac-src": { + "description": "Source MAC address of the network connection.", + "misp-attribute": "mac-address", + "ui-priority": 1 + }, + "src-bytes-count": { + "description": "Number of bytes sent from the destination to the source.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "src-packets-count": { + "description": "Number of packets sent from the destination to the source.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, "src-port": { "categories": [ "Network activity", @@ -107,5 +147,5 @@ "community-id" ], "uuid": "af16764b-f8e5-4603-9de1-de34d272f80b", - "version": 4 + "version": 6 } \ No newline at end of file diff --git a/objects/network-socket/definition.json b/objects/network-socket/definition.json index dd3ee2c..bae4f7e 100644 --- a/objects/network-socket/definition.json +++ b/objects/network-socket/definition.json @@ -106,6 +106,18 @@ ], "ui-priority": 1 }, + "dst-bytes-count": { + "description": "Number of bytes sent from the source to the destination.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "dst-packets-count": { + "description": "Number of packets sent from the source to the destination.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, "dst-port": { "categories": [ "Network activity", @@ -120,6 +132,12 @@ "misp-attribute": "filename", "ui-priority": 1 }, + "first-packet-seen": { + "description": "Datetime of the first packet seen.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 1 + }, "hostname-dst": { "description": "Destination hostname of the network socket connection.", "misp-attribute": "hostname", @@ -148,6 +166,22 @@ "misp-attribute": "ip-src", "ui-priority": 1 }, + "last-packet-seen": { + "description": "Datetime of the last packet seen.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 1 + }, + "mac-dst": { + "description": "Destination MAC address as it is included in the packets sent", + "misp-attribute": "mac-address", + "ui-priority": 1 + }, + "mac-src": { + "description": "Source (local) MAC address as it is included in the packets sent", + "misp-attribute": "mac-address", + "ui-priority": 1 + }, "option": { "description": "Option on the socket connection.", "misp-attribute": "text", @@ -157,6 +191,7 @@ "protocol": { "description": "Protocol used by the network socket.", "misp-attribute": "text", + "multiple": true, "ui-priority": 0, "values_list": [ "TCP", @@ -177,6 +212,18 @@ ], "ui-priority": 1 }, + "src-bytes-count": { + "description": "Number of bytes sent from the destination to the source.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "src-packets-count": { + "description": "Number of packets sent from the destination to the source.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, "src-port": { "categories": [ "Network activity", @@ -207,5 +254,5 @@ "dst-port" ], "uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2", - "version": 3 + "version": 4 } \ No newline at end of file diff --git a/objects/registry-key-value/definition.json b/objects/registry-key-value/definition.json new file mode 100644 index 0000000..daf1f05 --- /dev/null +++ b/objects/registry-key-value/definition.json @@ -0,0 +1,53 @@ +{ + "attributes": { + "data": { + "categories": [ + "Persistence mechanism" + ], + "description": "Data stored in the registry key value", + "misp-attribute": "text", + "ui-priority": 1 + }, + "data-type": { + "categories": [ + "Persistence mechanism" + ], + "description": "Registry key value type", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "REG_NONE", + "REG_SZ", + "REG_EXPAND_SZ", + "REG_BINARY", + "REG_DWORD", + "REG_DWORD_LITTLE_ENDIAN", + "REG_DWORD_BIG_ENDIAN", + "REG_LINK", + "REG_MULTI_SZ", + "REG_RESOURCE_LIST", + "REG_FULL_RESOURCE_DESCRIPTOR", + "REG_RESOURCE_REQUIREMENTS_LIST", + "REG_QWORD", + "REG_QWORD_LITTLE_ENDIAN" + ], + "ui-priority": 0 + }, + "name": { + "categories": [ + "Persistence mechanism" + ], + "description": "Name of the registry key value", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "Registry key value object describing a Windows registry key value, with its data, data type and name values. To be used when a registry key has multiple values.", + "meta-category": "file", + "name": "registry-key-value", + "requiredOneOf": [ + "data" + ], + "uuid": "4626a273-72c1-48d3-8595-ff48ea2277f7", + "version": 1 +} \ No newline at end of file diff --git a/objects/risk-assessment-report/definition.json b/objects/risk-assessment-report/definition.json new file mode 100644 index 0000000..0210fce --- /dev/null +++ b/objects/risk-assessment-report/definition.json @@ -0,0 +1,55 @@ +{ + "attributes": { + "case-number": { + "categories": [ + "Internal reference", + "Other" + ], + "description": "Case number", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Link to the report mentioned", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 100 + }, + "report-file": { + "description": "Attachment(s) that is related to the report in human readable format (PDF)", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 99 + }, + "summary": { + "categories": [ + "Other", + "Internal reference" + ], + "description": "Free text summary of the risk assessment report", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 100 + }, + "type": { + "description": "Source of the risk assessment report", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "MONARC", + "Serima" + ], + "ui-priority": 100 + } + }, + "description": "Risk assessment report object which includes the assessment report from a risk assessment platform such as MONARC", + "meta-category": "misc", + "name": "risk-assessment-report", + "requiredOneOf": [ + "summary", + "link", + "report-file" + ], + "uuid": "72989321-6866-40c6-a9b5-4c5869ec2a76", + "version": 1 +} \ No newline at end of file diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json new file mode 100644 index 0000000..af7fdff --- /dev/null +++ b/objects/scan-result/definition.json @@ -0,0 +1,228 @@ +{ + "attributes": { + "description": { + "description": "Description of the scanning performed in this scan-result", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "scan-end": { + "description": "End of scanning activity", + "disable_correlation": true, + "misp-attribute": "datetime", + "multiple": true, + "ui-priority": 0 + }, + "scan-result": { + "description": "The scan-result as a file (in machine-readable or human-readable format). The file is always consider non-malicious.", + "misp-attribute": "attachment", + "ui-priority": 1 + }, + "scan-result-format": { + "description": "Format used for the scan-result.", + "misp-attribute": "text", + "ui-priority": 1, + "values_list": [ + "free-text output", + "XML", + "JSON", + "CSV", + "HTML", + "PDF", + "Unknown" + ] + }, + "scan-result-tool": { + "description": "Tool used which generated the scan-result.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "AWS Prowler Scan", + "AWS Scout2 Scan", + "AWS Security Finding Format (ASFF) Scan", + "AWS Security Hub Scan", + "Acunetix Scan", + "Acunetix360 Scan", + "Anchore Engine Scan", + "Anchore Enterprise Policy Check", + "Anchore Grype", + "AnchoreCTL Policies Report", + "AnchoreCTL Vuln Report", + "AppSpider Scan", + "Aqua Scan", + "Arachni Scan", + "AuditJS Scan", + "Azure Security Center Recommendations Scan", + "Bandit Scan", + "BlackDuck API", + "Blackduck Component Risk", + "Blackduck Hub Scan", + "Brakeman Scan", + "BugCrowd Scan", + "Bugcrowd API Import", + "Bundler-Audit Scan", + "Burp Enterprise Scan", + "Burp GraphQL API", + "Burp REST API", + "Burp Scan", + "CargoAudit Scan", + "Checkmarx OSA", + "Checkmarx Scan", + "Checkmarx Scan detailed", + "Checkov Scan", + "Clair Klar Scan", + "Clair Scan", + "Cloudsploit Scan", + "Cobalt.io API Import", + "Cobalt.io Scan", + "Codechecker Report native", + "Contrast Scan", + "Coverity API", + "Crashtest Security JSON File", + "Crashtest Security XML File", + "CredScan Scan", + "CycloneDX Scan", + "DSOP Scan", + "DawnScanner Scan", + "Dependency Check Scan", + "Dependency Track Finding Packaging Format (FPF) Export", + "Detect-secrets Scan", + "Dockle Scan", + "DrHeader JSON Importer", + "ESLint Scan", + "Edgescan Scan", + "Fortify Scan", + "Generic Findings Import", + "Ggshield Scan", + "GitLab API Fuzzing Report Scan", + "GitLab Container Scan", + "GitLab DAST Report", + "GitLab Dependency Scanning Report", + "GitLab SAST Report", + "GitLab Secret Detection Report", + "Github Vulnerability Scan", + "Gitleaks Scan", + "Gosec Scanner", + "HackerOne Cases", + "Hadolint Dockerfile check", + "Harbor Vulnerability Scan", + "Horusec Scan", + "HuskyCI Report", + "Hydra Scan", + "IBM AppScan DAST", + "Immuniweb Scan", + "IntSights Report", + "JFrog Xray API Summary Artifact Scan", + "JFrog Xray Scan", + "JFrog Xray Unified Scan", + "KICS Scan", + "Kiuwan Scan", + "Meterian Scan", + "Microfocus Webinspect Scan", + "MobSF Scan", + "Mobsfscan Scan", + "Mozilla Observatory Scan", + "NPM Audit Scan", + "Nessus Scan", + "Nessus WAS Scan", + "Netsparker Scan", + "NeuVector (REST)", + "NeuVector (compliance)", + "Nexpose Scan", + "Nikto Scan", + "Nmap Scan", + "Node Security Platform Scan", + "Nuclei Scan", + "ORT evaluated model Importer", + "OpenVAS CSV", + "Openscap Vulnerability Scan", + "OssIndex Devaudit SCA Scan Importer", + "Outpost24 Scan", + "PHP Security Audit v2", + "PHP Symfony Security Check", + "PMD Scan", + "PWN SAST", + "Qualys Infrastructure Scan (WebGUI XML)", + "Qualys Scan", + "Qualys Webapp Scan", + "Retire.js Scan", + "Risk Recon API Importer", + "Rubocop Scan", + "Rusty Hog Scan", + "SARIF", + "SKF Scan", + "SSL Labs Scan", + "SSLyze Scan (JSON)", + "Scantist Scan", + "Scout Suite Scan", + "Semgrep JSON Report", + "Snyk Scan", + "Solar Appscreener Scan", + "SonarQube API Import", + "SonarQube Scan", + "SonarQube Scan detailed", + "Sonatype Application Scan", + "SpotBugs Scan", + "Sslscan", + "Sslyze Scan", + "StackHawk HawkScan", + "TFSec Scan", + "Talisman Scan", + "Terrascan Scan", + "Testssl Scan", + "Trivy Operator Scan", + "Trivy Scan", + "Trufflehog Scan", + "Trufflehog3 Scan", + "Trustwave Fusion API Scan", + "Trustwave Scan (CSV)", + "Twistlock Image Scan", + "VCG Scan", + "Veracode Scan", + "Veracode SourceClear Scan", + "Vulners", + "WFuzz JSON report", + "Wapiti Scan", + "Wazuh", + "Whispers Scan", + "WhiteHat Sentinel", + "Whitesource Scan", + "Wpscan", + "Xanitizer Scan", + "Yarn Audit Scan", + "ZAP Scan", + "docker-bench-security Scan", + "kube-bench Scan", + "pip-audit Scan" + ], + "ui-priority": 0 + }, + "scan-start": { + "description": "Start of scanning activity", + "disable_correlation": true, + "misp-attribute": "datetime", + "multiple": true, + "ui-priority": 1 + }, + "scan-type": { + "description": "Type of scanning in the scan-result.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0, + "values_list": [ + "Network", + "System", + "Unknown" + ] + } + }, + "description": "Scan result object to add meta-data and the output of the scan result by itself.", + "meta-category": "network", + "name": "scan-result", + "required": [ + "scan-result" + ], + "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", + "version": 2 +} \ No newline at end of file diff --git a/relationships/definition.json b/relationships/definition.json index 8f83332..3ae958e 100644 --- a/relationships/definition.json +++ b/relationships/definition.json @@ -1267,6 +1267,13 @@ ], "name": "drives" }, + { + "description": "The referenced source object is a rewrite specified in the target object. The rewrite can be for a computer program text but also any rewrite of a text.", + "format": [ + "misp" + ], + "name": "rewrite" + }, { "description": "The referenced source object is a friend of the target object.", "format": [ @@ -1303,11 +1310,11 @@ "name": "spouse-of" }, { - "description": "The referenced source object is an ennemy of the target object.", + "description": "The referenced source object is an enemy of the target object.", "format": [ "foaf" ], - "name": "ennemy-of" + "name": "enemy-of" }, { "description": "The referenced source object is an antagonist of the target object.", @@ -1374,6 +1381,13 @@ ], "name": "is-not-targeted-by" }, + { + "description": "This relationship describes that the source object provides services described in the target object.", + "format": [ + "misp" + ], + "name": "serves" + }, { "description": "The source object considers the target object as a friend. Is not necessarily symmetric.", "format": [ @@ -1501,5 +1515,5 @@ "name": "Me" } ], - "version": 35 + "version": 37 } \ No newline at end of file diff --git a/schema_objects.json b/schema_objects.json index 9f57a44..5a66390 100644 --- a/schema_objects.json +++ b/schema_objects.json @@ -43,6 +43,7 @@ "anonymised", "attachment", "authentihash", + "azure-application-id", "bank-account-nr", "bic", "bin", @@ -280,6 +281,7 @@ "file", "network", "financial", + "marine", "misc", "mobile", "internal",