From d2cca68c23f262b1ff6bf7e05edea484879175d0 Mon Sep 17 00:00:00 2001 From: Romain Kieffer Date: Thu, 19 Dec 2024 09:56:40 +0100 Subject: [PATCH 1/3] new: [spambee-report] Created an object to symbolize a Spambee analysis report in MISP Signed-off-by: Romain Kieffer --- README.md | 1 + objects/spambee-report/definition.json | 54 ++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 objects/spambee-report/definition.json diff --git a/README.md b/README.md index 3220f95..ab022d8 100644 --- a/README.md +++ b/README.md @@ -396,6 +396,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/sigmf-recording](https://github.com/MISP/misp-objects/blob/main/objects/sigmf-recording/definition.json) - An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF). - [objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel. - [objects/software](https://github.com/MISP/misp-objects/blob/main/objects/software/definition.json) - The Software object represents high-level properties associated with software, including software products. STIX 2.1 - 6.14. +- [objects/spambee-report](https://github.com/MISP/misp-objects/main/objects/spambee-report/definition.json) - A Spambee analysis report. - [objects/spearphishing-attachment](https://github.com/MISP/misp-objects/blob/main/objects/spearphishing-attachment/definition.json) - Spearphishing Attachment. - [objects/spearphishing-link](https://github.com/MISP/misp-objects/blob/main/objects/spearphishing-link/definition.json) - Spearphishing Link. - [objects/splunk](https://github.com/MISP/misp-objects/blob/main/objects/splunk/definition.json) - Splunk / Splunk ES object. diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json new file mode 100644 index 0000000..ce18eae --- /dev/null +++ b/objects/spambee-report/definition.json @@ -0,0 +1,54 @@ +{ + "attributes": { + "privacy": { + "description": "User has requested privacy", + "misp-atrubute": "boolean", + "disable-correlation": true, + "ui-priority": 0 + }, + "feedback-requested": { + "description": "User has requested feedback", + "misp-atrubute": "boolean", + "disable-correlation": true, + "ui-priority": 0 + }, + "feedback-sent": { + "description": "Feedback has been sent to user", + "misp-atrubute": "boolean", + "disable-correlation": true, + "ui-priority": 0 + }, + "feedback-time": { + "description": "Timestamp of the feedback", + "misp-atrubute": "datetime", + "disable-correlation": true, + "ui-priority": 0 + }, + "report-uid": { + "categories": [ + "Internal reference" + ], + "description": "Internal reference to the Spambee report", + "misp-atrubute": "text", + "disable-correlation": true, + "ui-priority": 0 + }, + "report-status": { + "categories": [ + "External analysis" + ], + "description": "Result of the Spambee analysis for the submitted email", + "misp-atrubute": "text", + "disable-correlation": true, + "ui-priority": 0 + } + }, + "description": "A Spambee analysis report", + "meta-category": "network", + "name": "spambee-report", + "requiredOneOf": [ + "report-uid" + ], + "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352", + "version": 1 +} From df070cdaf8235edbd8dadb430e8549ff342dd3cb Mon Sep 17 00:00:00 2001 From: Romain Kieffer Date: Thu, 19 Dec 2024 10:36:08 +0100 Subject: [PATCH 2/3] chg: [spambee-object] Correct jq Signed-off-by: Romain Kieffer --- objects/spambee-report/definition.json | 34 +++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json index ce18eae..68566e3 100644 --- a/objects/spambee-report/definition.json +++ b/objects/spambee-report/definition.json @@ -1,36 +1,27 @@ { "attributes": { - "privacy": { - "description": "User has requested privacy", - "misp-atrubute": "boolean", - "disable-correlation": true, - "ui-priority": 0 - }, "feedback-requested": { "description": "User has requested feedback", - "misp-atrubute": "boolean", "disable-correlation": true, + "misp-atrubute": "boolean", "ui-priority": 0 }, "feedback-sent": { "description": "Feedback has been sent to user", - "misp-atrubute": "boolean", "disable-correlation": true, + "misp-atrubute": "boolean", "ui-priority": 0 }, "feedback-time": { "description": "Timestamp of the feedback", - "misp-atrubute": "datetime", "disable-correlation": true, + "misp-atrubute": "datetime", "ui-priority": 0 }, - "report-uid": { - "categories": [ - "Internal reference" - ], - "description": "Internal reference to the Spambee report", - "misp-atrubute": "text", + "privacy": { + "description": "User has requested privacy", "disable-correlation": true, + "misp-atrubute": "boolean", "ui-priority": 0 }, "report-status": { @@ -38,8 +29,17 @@ "External analysis" ], "description": "Result of the Spambee analysis for the submitted email", - "misp-atrubute": "text", "disable-correlation": true, + "misp-atrubute": "text", + "ui-priority": 0 + }, + "report-uid": { + "categories": [ + "Internal reference" + ], + "description": "Internal reference to the Spambee report", + "disable-correlation": true, + "misp-atrubute": "text", "ui-priority": 0 } }, @@ -51,4 +51,4 @@ ], "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352", "version": 1 -} +} \ No newline at end of file From 9ff2723ff51889e83bc568c6cf4f24350896a9d6 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 19 Dec 2024 10:48:20 +0100 Subject: [PATCH 3/3] fix: [spambee-report] updated --- objects/spambee-report/definition.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json index 68566e3..b4bc119 100644 --- a/objects/spambee-report/definition.json +++ b/objects/spambee-report/definition.json @@ -3,25 +3,25 @@ "feedback-requested": { "description": "User has requested feedback", "disable-correlation": true, - "misp-atrubute": "boolean", + "misp-attribute": "boolean", "ui-priority": 0 }, "feedback-sent": { "description": "Feedback has been sent to user", "disable-correlation": true, - "misp-atrubute": "boolean", + "misp-attribute": "boolean", "ui-priority": 0 }, "feedback-time": { "description": "Timestamp of the feedback", "disable-correlation": true, - "misp-atrubute": "datetime", + "misp-attribute": "datetime", "ui-priority": 0 }, "privacy": { "description": "User has requested privacy", "disable-correlation": true, - "misp-atrubute": "boolean", + "misp-attribute": "boolean", "ui-priority": 0 }, "report-status": { @@ -30,7 +30,7 @@ ], "description": "Result of the Spambee analysis for the submitted email", "disable-correlation": true, - "misp-atrubute": "text", + "misp-attribute": "text", "ui-priority": 0 }, "report-uid": { @@ -39,7 +39,7 @@ ], "description": "Internal reference to the Spambee report", "disable-correlation": true, - "misp-atrubute": "text", + "misp-attribute": "text", "ui-priority": 0 } }, @@ -50,5 +50,5 @@ "report-uid" ], "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352", - "version": 1 + "version": 2 } \ No newline at end of file