From 3b5db95174a13e20db15eecb7837a4447a08e0dd Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Tue, 24 Apr 2018 15:50:53 +0200
Subject: [PATCH 1/6] add: Added 2 relationships seen on stix

---
 relationships/definition.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/relationships/definition.json b/relationships/definition.json
index ae5f3db..d238116 100644
--- a/relationships/definition.json
+++ b/relationships/definition.json
@@ -33,6 +33,22 @@
         "stix-1.1"
       ]
     },
+    {
+      "name": "contains",
+      "description": "The references source is containing the target object.",
+      "format": [
+        "misp",
+        "stix-1.1"
+      ]
+    },
+    {
+      "name": "resolved-to",
+      "description": "The referenced source is resolved to the target object.",
+      "format": [
+        "misp",
+        "stix-1.1"
+      ]
+    },
     {
       "name": "attributed-to",
       "description": "This referenced source is attributed to the target object.",

From 3d75d48051910aa208ca410faa35add6cd06d36b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 26 Apr 2018 15:05:19 +0200
Subject: [PATCH 2/6] chg: [email] add email-body in requiredOneOf

---
 objects/email/definition.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index 770850f..c549f1e 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -163,6 +163,7 @@
     "thread-index",
     "header",
     "x-mailer",
-    "return-path"
+    "return-path",
+    "email-body"
   ]
 }

From 196991c73fd35fef76822102424c2f65f95443f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 26 Apr 2018 15:07:12 +0200
Subject: [PATCH 3/6] fix: Bump email template version

---
 objects/email/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index c549f1e..946954d 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -3,7 +3,7 @@
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "network",
   "description": "Email object describing an email with meta-information",
-  "version": 8,
+  "version": 9,
   "attributes": {
     "reply-to": {
       "description": "Email address the reply will be sent to",

From ef1bcc7067f20b0b0db4a658a80ec0f2c82d4135 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 26 Apr 2018 16:50:25 +0200
Subject: [PATCH 4/6] Allow multiple domains and/or IP addresses per object

---
 objects/whois/definition.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/objects/whois/definition.json b/objects/whois/definition.json
index 0c4d5b0..9e684a9 100644
--- a/objects/whois/definition.json
+++ b/objects/whois/definition.json
@@ -74,6 +74,7 @@
         "External analysis"
       ],
       "ui-priority": 0,
+      "multiple": true,
       "misp-attribute": "domain"
     },
     "comment": {
@@ -84,6 +85,7 @@
     "ip-address": {
       "description": "IP address of the whois entry",
       "ui-priority": 0,
+      "multiple": true,
       "misp-attribute": "ip-src"
     }
   },

From f7b17ab62afdde642810605d2789e537c3c37f8f Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 26 Apr 2018 16:53:24 +0200
Subject: [PATCH 5/6] Update definition.json

---
 objects/whois/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/whois/definition.json b/objects/whois/definition.json
index 9e684a9..ed91c86 100644
--- a/objects/whois/definition.json
+++ b/objects/whois/definition.json
@@ -89,7 +89,7 @@
       "misp-attribute": "ip-src"
     }
   },
-  "version": 9,
+  "version": 10,
   "description": "Whois records information for a domain name or an IP address.",
   "meta-category": "network",
   "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",

From 1fe1f12026c556f6bd184d439a06d1923cb03d5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 27 Apr 2018 14:20:10 +0200
Subject: [PATCH 6/6] new: Add EML to the email template

---
 objects/email/definition.json | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index 946954d..7551d0c 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -3,7 +3,7 @@
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "network",
   "description": "Email object describing an email with meta-information",
-  "version": 9,
+  "version": 10,
   "attributes": {
     "reply-to": {
       "description": "Email address the reply will be sent to",
@@ -146,6 +146,11 @@
       "categories": [
         "Payload delivery"
       ]
+    },
+    "eml": {
+      "description": "Full EML",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
     }
   },
   "requiredOneOf": [
@@ -164,6 +169,7 @@
     "header",
     "x-mailer",
     "return-path",
-    "email-body"
+    "email-body",
+    "eml"
   ]
 }