MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Updates on the attributes format

pull/2/head
Alexandre Dulaunoy 2016-02-08 17:51:47 +01:00
parent 8a1ee8736b
commit 8441a8333b
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -17,21 +17,21 @@ Feel free to propose your own MISP objects to be included in MISP. The system is
"attributes" : "attributes" :
{ {
"ip": { "ip": {
"misp-object": "ip-dst", "misp-attribute": "ip-dst",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"] "categories": ["Network activity","External analysis"]
}, },
"domain": { "domain": {
"misp-object": "domain", "misp-attribute": "domain",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"categories": ["Network activity","External analysis"] "categories": ["Network activity","External analysis"]
}, },
"first-seen": { "first-seen": {
"misp-object": "datetime", "misp-attribute": "datetime",
"misp-usage-frequency": 0 "misp-usage-frequency": 0
}, },
"last-seen": { "last-seen": {
"misp-object": "datetime", "misp-attribute": "datetime",
"misp-usage-frequency": 0 "misp-usage-frequency": 0
} }
@ -46,6 +46,13 @@ A MISP object is described in a simple JSON file containing the following elemen
* **meta-category** is the category where the object falls into. (file, network, financial) * **meta-category** is the category where the object falls into. (file, network, financial)
* **description** is a summary of the object description. * **description** is a summary of the object description.
* **version** is the version number as a decimal value. * **version** is the version number as a decimal value.
* **required** is an array containing the minimal required attributes to describe the object.
* **attributes** contains another JSON object listing all the attributes composing the object.
Each attribute must contain a reference **misp-attribute** to reference an existing attribute definition in MISP.
An array **categories** must be used to described in which categories the attribute is. The **misp-usage-frequency**
is describing the usage frequency of an attribute. This helps to display only the most frequently used attributes and
allowing advanced users to show all the attributes depending of their configuration.
## Existing MISP objects ## Existing MISP objects