Merge branch 'master' of github.com:MISP/misp-objects

2018-05-03 14:11:39 +02:00 · 2018-05-03 14:11:39 +02:00 · d221a5e68e
parent e07f2d5c62 e9e1bdd56c
commit d221a5e68e
4 changed files with 69 additions and 4 deletions
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@ -3,7 +3,7 @@
  "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
  "meta-category": "network",
  "description": "Email object describing an email with meta-information",
-  "version": 8,
+  "version": 10,
  "attributes": {
    "reply-to": {
      "description": "Email address the reply will be sent to",
@ -146,6 +146,11 @@
      "categories": [
        "Payload delivery"
      ]
+    },
+    "eml": {
+      "description": "Full EML",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
    }
  },
  "requiredOneOf": [
@ -163,6 +168,8 @@
    "thread-index",
    "header",
    "x-mailer",
-    "return-path"
+    "return-path",
+    "email-body",
+    "eml"
  ]
 }
--- a/objects/timestamp/definition.json
+++ b/objects/timestamp/definition.json
@ -0,0 +1,45 @@
+{
+  "requiredOneOf": [
+    "first-seen",
+    "last-seen"
+  ],
+  "attributes": {
+    "text": {
+      "description": "Description of the time object.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
+    "precision": {
+      "description": "Timestamp precision represents the precision given to first_seen and/or last_seen in this object.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "sane_default": [
+        "year",
+        "month",
+        "day",
+        "hour",
+        "minute",
+        "full"
+      ],
+      "disable_correlation": true
+    },
+    "first-seen": {
+      "description": "First time that the linked object or attribute has been seen.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    },
+    "last-seen": {
+      "description": "First time that the linked object or attribute has been seen.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    }
+  },
+  "version": 1,
+  "description": "A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.",
+  "meta-category": "misc",
+  "uuid": "c8c91e23-4221-4533-8bf7-64e12b05f265",
+  "name": "timestamp"
+}
--- a/objects/whois/definition.json
+++ b/objects/whois/definition.json
@ -74,6 +74,7 @@
        "External analysis"
      ],
      "ui-priority": 0,
+      "multiple": true,
      "misp-attribute": "domain"
    },
    "comment": {
@ -84,10 +85,11 @@
    "ip-address": {
      "description": "IP address of the whois entry",
      "ui-priority": 0,
+      "multiple": true,
      "misp-attribute": "ip-src"
    }
  },
-  "version": 9,
+  "version": 10,
  "description": "Whois records information for a domain name or an IP address.",
  "meta-category": "network",
  "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
--- a/objects/yara/definition.json
+++ b/objects/yara/definition.json
@ -20,9 +20,20 @@
      "description": "Version of the YARA rule depending where the yara rule is known to work as expected.",
      "ui-priority": 0,
      "misp-attribute": "text"
+    },
+    "context": {
+      "description": "Context where the YARA rule can be applied",
+      "sane_default": [
+        "all",
+        "disk",
+        "memory",
+        "network"
+      ],
+      "misp-attribute": "text",
+      "ui-priority": 0
    }
  },
-  "version": 2,
+  "version": 3,
  "description": "An object describing a YARA rule along with its version.",
  "meta-category": "misc",
  "uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",