From 59d2a301b9fbcb81a34e346c0d9f7961cb2a95ad Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Tue, 11 Jul 2023 16:54:11 +0200 Subject: [PATCH 01/15] new: add basic SigMF templates --- .../sigmf-expanded-recording/definition.json | 136 ++++++++++++++++++ objects/sigmf-recording/definition.json | 25 ++++ 2 files changed, 161 insertions(+) create mode 100644 objects/sigmf-expanded-recording/definition.json create mode 100644 objects/sigmf-recording/definition.json diff --git a/objects/sigmf-expanded-recording/definition.json b/objects/sigmf-expanded-recording/definition.json new file mode 100644 index 0000000..a9dbdae --- /dev/null +++ b/objects/sigmf-expanded-recording/definition.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "iq-sample": { + "description": "Binary file of IQ samples", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, + "datatype": { + "description": "", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "sample_rate": { + "description": "The sample rate of the signal in samples per second.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "version": { + "description": "The version of the SigMF specification used to create the Metadata file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "num_channels": { + "description": "Total number of interleaved channels in the Dataset file. If omitted, this defaults to one.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "sha512": { + "description": "The SHA512 hash of the Dataset file associated with the SigMF file.", + "disable_correlation": true, + "misp-attribute": "sha512", + "ui-priority": 0 + }, + "offset": { + "description": "The index number of the first sample in the Dataset. If not provided, this value defaults to zero. Typically used when a Recording is split over multiple files. All sample indices in SigMF are absolute, and so all other indices referenced in metadata for this recording SHOULD be greater than or equal to this value.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "description": { + "description": "A text description of the SigMF Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "author": { + "description": "A text identifier for the author potentially including name, handle, email, and/or other ID like Amateur Call Sign.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "meta_doi": { + "description": "The registered DOI (ISO 26324) for a Recording's Metadata file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "data_doi": { + "description": "The registered DOI (ISO 26324) for a Recording's Dataset file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "recorder": { + "description": "The name of the software used to make this SigMF Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "license": { + "description": "A URL for the license document under which the Recording is offered.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "hw": { + "description": "A text description of the hardware used to make the Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "dataset": { + "description": "The full filename of the Dataset file this Metadata file describes.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "trailing_bytes": { + "description": "The number of bytes to ignore at the end of a Non-Conforming Dataset file.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "metadata_only": { + "description": "Indicates the Metadata file is intentionally distributed without the Dataset.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "geolocation_lat": { + "description": "The location of the Recording system (latitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "geolocation_long": { + "description": "The location of the Recording system (longitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "geolocation_alt": { + "description": "The location of the Recording system (altitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "collection": { + "description": "The base filename of a collection with which this Recording is associated.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-expanded-recording", + "uuid": "f1c2c4e1-d3bf-46b1-b34d-f5e9544a4795", + "version": 1 +} \ No newline at end of file diff --git a/objects/sigmf-recording/definition.json b/objects/sigmf-recording/definition.json new file mode 100644 index 0000000..afe313e --- /dev/null +++ b/objects/sigmf-recording/definition.json @@ -0,0 +1,25 @@ +{ + "attributes": { + "SigMF-meta": { + "description": "Metadata file in SigMF format (.sigmf-meta)", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 0 + }, + "SigMF-data": { + "description": "Binary file of IQ or RF samples (.sigmf-data)", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + } + }, + "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-recording", + "required": [ + "SigMF-meta" + ], + "uuid": "0ca64648-38ca-4e48-99ce-2e655cdac02c", + "version": 1 +} \ No newline at end of file From ba6bad723b1b124ed65aaca166a1a26fb01de6fa Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Tue, 11 Jul 2023 17:04:18 +0200 Subject: [PATCH 02/15] fix: jq all the things --- .../sigmf-expanded-recording/definition.json | 266 +++++++++--------- objects/sigmf-recording/definition.json | 44 +-- 2 files changed, 155 insertions(+), 155 deletions(-) diff --git a/objects/sigmf-expanded-recording/definition.json b/objects/sigmf-expanded-recording/definition.json index a9dbdae..ae50d7c 100644 --- a/objects/sigmf-expanded-recording/definition.json +++ b/objects/sigmf-expanded-recording/definition.json @@ -1,136 +1,136 @@ { - "attributes": { - "iq-sample": { - "description": "Binary file of IQ samples", - "disable_correlation": true, - "misp-attribute": "attachment", - "multiple": true, - "ui-priority": 0 - }, - "datatype": { - "description": "", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "sample_rate": { - "description": "The sample rate of the signal in samples per second.", - "disable_correlation": true, - "misp-attribute": "float", - "ui-priority": 0 - }, - "version": { - "description": "The version of the SigMF specification used to create the Metadata file.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "num_channels": { - "description": "Total number of interleaved channels in the Dataset file. If omitted, this defaults to one.", - "disable_correlation": true, - "misp-attribute": "counter", - "ui-priority": 0 - }, - "sha512": { - "description": "The SHA512 hash of the Dataset file associated with the SigMF file.", - "disable_correlation": true, - "misp-attribute": "sha512", - "ui-priority": 0 - }, - "offset": { - "description": "The index number of the first sample in the Dataset. If not provided, this value defaults to zero. Typically used when a Recording is split over multiple files. All sample indices in SigMF are absolute, and so all other indices referenced in metadata for this recording SHOULD be greater than or equal to this value.", - "disable_correlation": true, - "misp-attribute": "counter", - "ui-priority": 0 - }, - "description": { - "description": "A text description of the SigMF Recording.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "author": { - "description": "A text identifier for the author potentially including name, handle, email, and/or other ID like Amateur Call Sign.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "meta_doi": { - "description": "The registered DOI (ISO 26324) for a Recording's Metadata file.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "data_doi": { - "description": "The registered DOI (ISO 26324) for a Recording's Dataset file.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "recorder": { - "description": "The name of the software used to make this SigMF Recording.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "license": { - "description": "A URL for the license document under which the Recording is offered.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "hw": { - "description": "A text description of the hardware used to make the Recording.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "dataset": { - "description": "The full filename of the Dataset file this Metadata file describes.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "trailing_bytes": { - "description": "The number of bytes to ignore at the end of a Non-Conforming Dataset file.", - "disable_correlation": true, - "misp-attribute": "counter", - "ui-priority": 0 - }, - "metadata_only": { - "description": "Indicates the Metadata file is intentionally distributed without the Dataset.", - "disable_correlation": true, - "misp-attribute": "boolean", - "ui-priority": 0 - }, - "geolocation_lat": { - "description": "The location of the Recording system (latitude).", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "geolocation_long": { - "description": "The location of the Recording system (longitude).", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "geolocation_alt": { - "description": "The location of the Recording system (altitude).", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "collection": { - "description": "The base filename of a collection with which this Recording is associated.", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - } + "attributes": { + "author": { + "description": "A text identifier for the author potentially including name, handle, email, and/or other ID like Amateur Call Sign.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 }, - "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", - "meta-category": "misc", - "name": "sigmf-expanded-recording", - "uuid": "f1c2c4e1-d3bf-46b1-b34d-f5e9544a4795", - "version": 1 + "collection": { + "description": "The base filename of a collection with which this Recording is associated.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "data_doi": { + "description": "The registered DOI (ISO 26324) for a Recording's Dataset file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "dataset": { + "description": "The full filename of the Dataset file this Metadata file describes.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "datatype": { + "description": "", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "description": { + "description": "A text description of the SigMF Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "geolocation_alt": { + "description": "The location of the Recording system (altitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "geolocation_lat": { + "description": "The location of the Recording system (latitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "geolocation_long": { + "description": "The location of the Recording system (longitude).", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "hw": { + "description": "A text description of the hardware used to make the Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "iq-sample": { + "description": "Binary file of IQ samples", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, + "license": { + "description": "A URL for the license document under which the Recording is offered.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "meta_doi": { + "description": "The registered DOI (ISO 26324) for a Recording's Metadata file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "metadata_only": { + "description": "Indicates the Metadata file is intentionally distributed without the Dataset.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "num_channels": { + "description": "Total number of interleaved channels in the Dataset file. If omitted, this defaults to one.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "offset": { + "description": "The index number of the first sample in the Dataset. If not provided, this value defaults to zero. Typically used when a Recording is split over multiple files. All sample indices in SigMF are absolute, and so all other indices referenced in metadata for this recording SHOULD be greater than or equal to this value.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "recorder": { + "description": "The name of the software used to make this SigMF Recording.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "sample_rate": { + "description": "The sample rate of the signal in samples per second.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "sha512": { + "description": "The SHA512 hash of the Dataset file associated with the SigMF file.", + "disable_correlation": true, + "misp-attribute": "sha512", + "ui-priority": 0 + }, + "trailing_bytes": { + "description": "The number of bytes to ignore at the end of a Non-Conforming Dataset file.", + "disable_correlation": true, + "misp-attribute": "counter", + "ui-priority": 0 + }, + "version": { + "description": "The version of the SigMF specification used to create the Metadata file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-expanded-recording", + "uuid": "f1c2c4e1-d3bf-46b1-b34d-f5e9544a4795", + "version": 1 } \ No newline at end of file diff --git a/objects/sigmf-recording/definition.json b/objects/sigmf-recording/definition.json index afe313e..af68a0b 100644 --- a/objects/sigmf-recording/definition.json +++ b/objects/sigmf-recording/definition.json @@ -1,25 +1,25 @@ { - "attributes": { - "SigMF-meta": { - "description": "Metadata file in SigMF format (.sigmf-meta)", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 0 - }, - "SigMF-data": { - "description": "Binary file of IQ or RF samples (.sigmf-data)", - "disable_correlation": true, - "misp-attribute": "attachment", - "multiple": true, - "ui-priority": 1 - } + "attributes": { + "SigMF-data": { + "description": "Binary file of IQ or RF samples (.sigmf-data)", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 }, - "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", - "meta-category": "misc", - "name": "sigmf-recording", - "required": [ - "SigMF-meta" - ], - "uuid": "0ca64648-38ca-4e48-99ce-2e655cdac02c", - "version": 1 + "SigMF-meta": { + "description": "Metadata file in SigMF format (.sigmf-meta)", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 0 + } + }, + "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-recording", + "required": [ + "SigMF-meta" + ], + "uuid": "0ca64648-38ca-4e48-99ce-2e655cdac02c", + "version": 1 } \ No newline at end of file From 316a4b07d1ba49be3c52043f7e59e4f0c7d89152 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 12 Jul 2023 15:33:23 +0200 Subject: [PATCH 03/15] new: add fft and waterfall attributes --- objects/sigmf-expanded-recording/definition.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/objects/sigmf-expanded-recording/definition.json b/objects/sigmf-expanded-recording/definition.json index ae50d7c..d852864 100644 --- a/objects/sigmf-expanded-recording/definition.json +++ b/objects/sigmf-expanded-recording/definition.json @@ -36,6 +36,13 @@ "misp-attribute": "text", "ui-priority": 0 }, + "fft-plot": { + "description": "FFT plot of the signal", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, "geolocation_alt": { "description": "The location of the Recording system (altitude).", "disable_correlation": true, @@ -126,6 +133,13 @@ "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 + }, + "waterfall-plot": { + "description": "Waterfall plot of the signal", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 } }, "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", From 22477f7bc6b27ee435b3dcecbf382776fda8c8d9 Mon Sep 17 00:00:00 2001 From: Matthieu Faou Date: Fri, 28 Jul 2023 15:09:25 -0400 Subject: [PATCH 04/15] Added internet scanning tools to scan-result --- objects/scan-result/definition.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index af7fdff..0eb0a38 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -18,6 +18,7 @@ "misp-attribute": "attachment", "ui-priority": 1 }, + "scan-result-format": { "description": "Format used for the scan-result.", "misp-attribute": "text", @@ -54,6 +55,7 @@ "AuditJS Scan", "Azure Security Center Recommendations Scan", "Bandit Scan", + "BinaryEdge", "BlackDuck API", "Blackduck Component Risk", "Blackduck Hub Scan", @@ -66,6 +68,7 @@ "Burp REST API", "Burp Scan", "CargoAudit Scan", + "Censys", "Checkmarx OSA", "Checkmarx Scan", "Checkmarx Scan detailed", @@ -133,6 +136,7 @@ "Nmap Scan", "Node Security Platform Scan", "Nuclei Scan", + "ONYPHE", "ORT evaluated model Importer", "OpenVAS CSV", "Openscap Vulnerability Scan", @@ -156,6 +160,7 @@ "Scantist Scan", "Scout Suite Scan", "Semgrep JSON Report", + "Shodan", "Snyk Scan", "Solar Appscreener Scan", "SonarQube API Import", @@ -191,12 +196,18 @@ "Xanitizer Scan", "Yarn Audit Scan", "ZAP Scan", + "ZoomEye", "docker-bench-security Scan", "kube-bench Scan", "pip-audit Scan" ], "ui-priority": 0 }, + "scan-result-query": { + "description": "Query or parameters provided to scan-result-tool to generate the scan-result.", + "misp-attribute": "text", + "ui-priority": 1 + }, "scan-start": { "description": "Start of scanning activity", "disable_correlation": true, @@ -225,4 +236,4 @@ ], "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", "version": 2 -} \ No newline at end of file +} From 5e201f4e0dcca7323892f6d9e44a0ffad32050a5 Mon Sep 17 00:00:00 2001 From: Matthieu Faou Date: Fri, 28 Jul 2023 15:15:17 -0400 Subject: [PATCH 05/15] removed line break --- objects/scan-result/definition.json | 1 - 1 file changed, 1 deletion(-) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index 0eb0a38..b9e5488 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -18,7 +18,6 @@ "misp-attribute": "attachment", "ui-priority": 1 }, - "scan-result-format": { "description": "Format used for the scan-result.", "misp-attribute": "text", From 17f71b39bd8b1306afc9139acc62815911533438 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 28 Jul 2023 22:25:37 +0200 Subject: [PATCH 06/15] chg: [scan-results] jq all the things --- objects/scan-result/definition.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index b9e5488..eeda424 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -32,6 +32,11 @@ "Unknown" ] }, + "scan-result-query": { + "description": "Query or parameters provided to scan-result-tool to generate the scan-result.", + "misp-attribute": "text", + "ui-priority": 1 + }, "scan-result-tool": { "description": "Tool used which generated the scan-result.", "disable_correlation": true, @@ -202,11 +207,6 @@ ], "ui-priority": 0 }, - "scan-result-query": { - "description": "Query or parameters provided to scan-result-tool to generate the scan-result.", - "misp-attribute": "text", - "ui-priority": 1 - }, "scan-start": { "description": "Start of scanning activity", "disable_correlation": true, @@ -235,4 +235,4 @@ ], "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", "version": 2 -} +} \ No newline at end of file From fb0ffd5d4b0a16f89b4a6293ad559ac2d75f1256 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 31 Jul 2023 11:17:23 +0200 Subject: [PATCH 07/15] chg: [malware-config] to add attachment and description of the malware config --- objects/malware-config/definition.json | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/objects/malware-config/definition.json b/objects/malware-config/definition.json index e8ec946..06072f3 100644 --- a/objects/malware-config/definition.json +++ b/objects/malware-config/definition.json @@ -5,11 +5,21 @@ "misp-attribute": "text", "ui-priority": 1 }, + "description": { + "description": "Description of the malware configuration", + "misp-attribite": "text", + "ui-priority": 1 + }, "encrypted": { "description": "Encrypted or encoded text of the malware configuration in base64.", "misp-attribute": "text", "ui-priority": 1 }, + "file-config": { + "description": "File configuration as an attachment", + "misp-attribute": "attachment", + "ui-priority": 1 + }, "first-seen": { "description": "When the malware configuration has been seen for the first time.", "disable_correlation": true, @@ -44,8 +54,9 @@ "meta-category": "file", "name": "malware-config", "requiredOneOf": [ - "config" + "config", + "file-config" ], "uuid": "8200b79b-1d8c-49a8-9a63-7710e613c059", - "version": 1 + "version": 2 } \ No newline at end of file From 4da05293d723ad6f9db4a3e349e140daa5d2a28d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 31 Jul 2023 11:21:29 +0200 Subject: [PATCH 08/15] fix: [malware-config] typo fixed --- objects/malware-config/definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/malware-config/definition.json b/objects/malware-config/definition.json index 06072f3..a69b168 100644 --- a/objects/malware-config/definition.json +++ b/objects/malware-config/definition.json @@ -7,7 +7,7 @@ }, "description": { "description": "Description of the malware configuration", - "misp-attribite": "text", + "misp-attribute": "text", "ui-priority": 1 }, "encrypted": { From 56941c6e937442938edc3194e5b2ba6c36159cf6 Mon Sep 17 00:00:00 2001 From: Matthieu Faou Date: Tue, 1 Aug 2023 16:33:23 -0400 Subject: [PATCH 09/15] Removed the scan-result field requirement in the scan-result object --- objects/scan-result/definition.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index eeda424..1ddcf6a 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -230,9 +230,6 @@ "description": "Scan result object to add meta-data and the output of the scan result by itself.", "meta-category": "network", "name": "scan-result", - "required": [ - "scan-result" - ], "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", "version": 2 -} \ No newline at end of file +} From 0515870942d60e4a97561271a15635946ec4a7eb Mon Sep 17 00:00:00 2001 From: Matthieu Faou Date: Wed, 2 Aug 2023 15:35:12 -0400 Subject: [PATCH 10/15] Added requiredOneOf to scan-result object definition --- objects/scan-result/definition.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index 1ddcf6a..d92e92f 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -230,6 +230,10 @@ "description": "Scan result object to add meta-data and the output of the scan result by itself.", "meta-category": "network", "name": "scan-result", + "requiredOneOf": [ + "scan-result", + "scan-result-query", + ], "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", "version": 2 } From ac201f475ae90ff929c3c51843006336e8983303 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 3 Aug 2023 08:07:33 +0200 Subject: [PATCH 11/15] new: sigmf archive object --- objects/sigmf-archive/definition.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 objects/sigmf-archive/definition.json diff --git a/objects/sigmf-archive/definition.json b/objects/sigmf-archive/definition.json new file mode 100644 index 0000000..b846ba5 --- /dev/null +++ b/objects/sigmf-archive/definition.json @@ -0,0 +1,18 @@ +{ + "attributes": { + "SigMF-archive": { + "description": "tar archive (.sigmf)", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 1 + } + }, + "description": "An object representing an archive containing one or multiple recordings in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-archive", + "required": [ + "SigMF-archive" + ], + "uuid": "5985d34d-3657-4828-9788-470175bcc3b1", + "version": 1 + } \ No newline at end of file From 17a68d93aefe0eb13c54ce5d7f95046aea5650e3 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 3 Aug 2023 08:07:47 +0200 Subject: [PATCH 12/15] fix: minor fixes --- objects/sigmf-expanded-recording/definition.json | 3 --- objects/sigmf-recording/definition.json | 3 +-- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/objects/sigmf-expanded-recording/definition.json b/objects/sigmf-expanded-recording/definition.json index d852864..e4254e5 100644 --- a/objects/sigmf-expanded-recording/definition.json +++ b/objects/sigmf-expanded-recording/definition.json @@ -40,7 +40,6 @@ "description": "FFT plot of the signal", "disable_correlation": true, "misp-attribute": "attachment", - "multiple": true, "ui-priority": 0 }, "geolocation_alt": { @@ -71,7 +70,6 @@ "description": "Binary file of IQ samples", "disable_correlation": true, "misp-attribute": "attachment", - "multiple": true, "ui-priority": 0 }, "license": { @@ -138,7 +136,6 @@ "description": "Waterfall plot of the signal", "disable_correlation": true, "misp-attribute": "attachment", - "multiple": true, "ui-priority": 0 } }, diff --git a/objects/sigmf-recording/definition.json b/objects/sigmf-recording/definition.json index af68a0b..1bc98d8 100644 --- a/objects/sigmf-recording/definition.json +++ b/objects/sigmf-recording/definition.json @@ -4,7 +4,6 @@ "description": "Binary file of IQ or RF samples (.sigmf-data)", "disable_correlation": true, "misp-attribute": "attachment", - "multiple": true, "ui-priority": 1 }, "SigMF-meta": { @@ -14,7 +13,7 @@ "ui-priority": 0 } }, - "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", + "description": "An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF)", "meta-category": "misc", "name": "sigmf-recording", "required": [ From 21b06c2f48dc091381bb813160fa257718f0cc51 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 3 Aug 2023 09:30:58 +0200 Subject: [PATCH 13/15] fix: jq all the things --- objects/sigmf-archive/definition.json | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/objects/sigmf-archive/definition.json b/objects/sigmf-archive/definition.json index b846ba5..d5c3d3e 100644 --- a/objects/sigmf-archive/definition.json +++ b/objects/sigmf-archive/definition.json @@ -1,18 +1,18 @@ { - "attributes": { - "SigMF-archive": { - "description": "tar archive (.sigmf)", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 1 - } - }, - "description": "An object representing an archive containing one or multiple recordings in the Signal Metadata Format Specification (SigMF)", - "meta-category": "misc", - "name": "sigmf-archive", - "required": [ - "SigMF-archive" - ], - "uuid": "5985d34d-3657-4828-9788-470175bcc3b1", - "version": 1 - } \ No newline at end of file + "attributes": { + "SigMF-archive": { + "description": "tar archive (.sigmf)", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 1 + } + }, + "description": "An object representing an archive containing one or multiple recordings in the Signal Metadata Format Specification (SigMF)", + "meta-category": "misc", + "name": "sigmf-archive", + "required": [ + "SigMF-archive" + ], + "uuid": "5985d34d-3657-4828-9788-470175bcc3b1", + "version": 1 +} \ No newline at end of file From 3d81ef381cc10ba4aa73d2137a460b37a21bad6d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 3 Aug 2023 10:47:45 +0200 Subject: [PATCH 14/15] fix: [scan-results] JSON and trailing comma ;-) --- objects/scan-result/definition.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/objects/scan-result/definition.json b/objects/scan-result/definition.json index d92e92f..da00cd8 100644 --- a/objects/scan-result/definition.json +++ b/objects/scan-result/definition.json @@ -232,8 +232,8 @@ "name": "scan-result", "requiredOneOf": [ "scan-result", - "scan-result-query", + "scan-result-query" ], "uuid": "ebe2a359-8f5b-4a45-8106-d1678935b4c4", - "version": 2 -} + "version": 3 +} \ No newline at end of file From 0037856e60bcf9196eb9b056a10080957c855526 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 7 Aug 2023 14:36:24 +0200 Subject: [PATCH 15/15] new: [x-header] new generic X header object for SMTP, HTTP and others --- objects/x-header/definition.json | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 objects/x-header/definition.json diff --git a/objects/x-header/definition.json b/objects/x-header/definition.json new file mode 100644 index 0000000..bdc063c --- /dev/null +++ b/objects/x-header/definition.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "x-header-name": { + "description": "X header name is the value of the header key. The name is case sensitive.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "x-value": { + "description": "X value is the value of the specified header name.", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "X header generic object for SMTP, HTTP or any other protocols using X headers.", + "meta-category": "network", + "name": "x-header", + "requiredOneOf": [ + "x-header-name", + "x-value" + ], + "uuid": "9a7028df-e238-45e8-893c-8e67d273fb61", + "version": 1 +} \ No newline at end of file