diff --git a/objects/email/definition.json b/objects/email/definition.json index 770850f..7551d0c 100644 --- a/objects/email/definition.json +++ b/objects/email/definition.json @@ -3,7 +3,7 @@ "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "meta-category": "network", "description": "Email object describing an email with meta-information", - "version": 8, + "version": 10, "attributes": { "reply-to": { "description": "Email address the reply will be sent to", @@ -146,6 +146,11 @@ "categories": [ "Payload delivery" ] + }, + "eml": { + "description": "Full EML", + "misp-attribute": "attachment", + "ui-priority": 1 } }, "requiredOneOf": [ @@ -163,6 +168,8 @@ "thread-index", "header", "x-mailer", - "return-path" + "return-path", + "email-body", + "eml" ] } diff --git a/objects/timestamp/definition.json b/objects/timestamp/definition.json new file mode 100644 index 0000000..c1a8da0 --- /dev/null +++ b/objects/timestamp/definition.json @@ -0,0 +1,45 @@ +{ + "requiredOneOf": [ + "first-seen", + "last-seen" + ], + "attributes": { + "text": { + "description": "Description of the time object.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "precision": { + "description": "Timestamp precision represents the precision given to first_seen and/or last_seen in this object.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "year", + "month", + "day", + "hour", + "minute", + "full" + ], + "disable_correlation": true + }, + "first-seen": { + "description": "First time that the linked object or attribute has been seen.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "last-seen": { + "description": "First time that the linked object or attribute has been seen.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + } + }, + "version": 1, + "description": "A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.", + "meta-category": "misc", + "uuid": "c8c91e23-4221-4533-8bf7-64e12b05f265", + "name": "timestamp" +} diff --git a/objects/whois/definition.json b/objects/whois/definition.json index 0c4d5b0..ed91c86 100644 --- a/objects/whois/definition.json +++ b/objects/whois/definition.json @@ -74,6 +74,7 @@ "External analysis" ], "ui-priority": 0, + "multiple": true, "misp-attribute": "domain" }, "comment": { @@ -84,10 +85,11 @@ "ip-address": { "description": "IP address of the whois entry", "ui-priority": 0, + "multiple": true, "misp-attribute": "ip-src" } }, - "version": 9, + "version": 10, "description": "Whois records information for a domain name or an IP address.", "meta-category": "network", "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a", diff --git a/objects/yara/definition.json b/objects/yara/definition.json index 4b4724d..370bfdb 100644 --- a/objects/yara/definition.json +++ b/objects/yara/definition.json @@ -20,9 +20,20 @@ "description": "Version of the YARA rule depending where the yara rule is known to work as expected.", "ui-priority": 0, "misp-attribute": "text" + }, + "context": { + "description": "Context where the YARA rule can be applied", + "sane_default": [ + "all", + "disk", + "memory", + "network" + ], + "misp-attribute": "text", + "ui-priority": 0 } }, - "version": 2, + "version": 3, "description": "An object describing a YARA rule along with its version.", "meta-category": "misc", "uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",