MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Added current-directory to required field 

This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
pull/159/head
molley 2019-04-02 17:41:07 +01:00 committed by GitHub
parent 0c6b7b4302
commit 490d760a4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
objects/process/definition.json
View File

@ -3,7 +3,7 @@
"uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"meta-category": "misc", "meta-category": "misc",
"description": "Object describing a system process.", "description": "Object describing a system process.",
"version": 3, "version": 4,
"attributes": { "attributes": {
"creation-time": { "creation-time": {
"description": "Local date/time at which the process was created.", "description": "Local date/time at which the process was created.",
@ -91,6 +91,7 @@
"name", "name",
"pid", "pid",
"image", "image",
"command-line" "command-line",
"current-directory"
] ]
} }