From 3d75d48051910aa208ca410faa35add6cd06d36b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 26 Apr 2018 15:05:19 +0200
Subject: [PATCH 1/7] chg: [email] add email-body in requiredOneOf

---
 objects/email/definition.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index 770850f..c549f1e 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -163,6 +163,7 @@
     "thread-index",
     "header",
     "x-mailer",
-    "return-path"
+    "return-path",
+    "email-body"
   ]
 }

From 196991c73fd35fef76822102424c2f65f95443f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 26 Apr 2018 15:07:12 +0200
Subject: [PATCH 2/7] fix: Bump email template version

---
 objects/email/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index c549f1e..946954d 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -3,7 +3,7 @@
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "network",
   "description": "Email object describing an email with meta-information",
-  "version": 8,
+  "version": 9,
   "attributes": {
     "reply-to": {
       "description": "Email address the reply will be sent to",

From ef1bcc7067f20b0b0db4a658a80ec0f2c82d4135 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 26 Apr 2018 16:50:25 +0200
Subject: [PATCH 3/7] Allow multiple domains and/or IP addresses per object

---
 objects/whois/definition.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/objects/whois/definition.json b/objects/whois/definition.json
index 0c4d5b0..9e684a9 100644
--- a/objects/whois/definition.json
+++ b/objects/whois/definition.json
@@ -74,6 +74,7 @@
         "External analysis"
       ],
       "ui-priority": 0,
+      "multiple": true,
       "misp-attribute": "domain"
     },
     "comment": {
@@ -84,6 +85,7 @@
     "ip-address": {
       "description": "IP address of the whois entry",
       "ui-priority": 0,
+      "multiple": true,
       "misp-attribute": "ip-src"
     }
   },

From f7b17ab62afdde642810605d2789e537c3c37f8f Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 26 Apr 2018 16:53:24 +0200
Subject: [PATCH 4/7] Update definition.json

---
 objects/whois/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/whois/definition.json b/objects/whois/definition.json
index 9e684a9..ed91c86 100644
--- a/objects/whois/definition.json
+++ b/objects/whois/definition.json
@@ -89,7 +89,7 @@
       "misp-attribute": "ip-src"
     }
   },
-  "version": 9,
+  "version": 10,
   "description": "Whois records information for a domain name or an IP address.",
   "meta-category": "network",
   "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",

From 1fe1f12026c556f6bd184d439a06d1923cb03d5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 27 Apr 2018 14:20:10 +0200
Subject: [PATCH 5/7] new: Add EML to the email template

---
 objects/email/definition.json | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index 946954d..7551d0c 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -3,7 +3,7 @@
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "network",
   "description": "Email object describing an email with meta-information",
-  "version": 9,
+  "version": 10,
   "attributes": {
     "reply-to": {
       "description": "Email address the reply will be sent to",
@@ -146,6 +146,11 @@
       "categories": [
         "Payload delivery"
       ]
+    },
+    "eml": {
+      "description": "Full EML",
+      "misp-attribute": "attachment",
+      "ui-priority": 1
     }
   },
   "requiredOneOf": [
@@ -164,6 +169,7 @@
     "header",
     "x-mailer",
     "return-path",
-    "email-body"
+    "email-body",
+    "eml"
   ]
 }

From 3382e18393781c2802b4fecde9662c87a78e47de Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 30 Apr 2018 16:27:17 +0200
Subject: [PATCH 6/7] add: new timestamp object

---
 objects/timestamp/definition.json | 45 +++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 objects/timestamp/definition.json

diff --git a/objects/timestamp/definition.json b/objects/timestamp/definition.json
new file mode 100644
index 0000000..c1a8da0
--- /dev/null
+++ b/objects/timestamp/definition.json
@@ -0,0 +1,45 @@
+{
+  "requiredOneOf": [
+    "first-seen",
+    "last-seen"
+  ],
+  "attributes": {
+    "text": {
+      "description": "Description of the time object.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "disable_correlation": true
+    },
+    "precision": {
+      "description": "Timestamp precision represents the precision given to first_seen and/or last_seen in this object.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "sane_default": [
+        "year",
+        "month",
+        "day",
+        "hour",
+        "minute",
+        "full"
+      ],
+      "disable_correlation": true
+    },
+    "first-seen": {
+      "description": "First time that the linked object or attribute has been seen.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    },
+    "last-seen": {
+      "description": "First time that the linked object or attribute has been seen.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    }
+  },
+  "version": 1,
+  "description": "A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.",
+  "meta-category": "misc",
+  "uuid": "c8c91e23-4221-4533-8bf7-64e12b05f265",
+  "name": "timestamp"
+}

From e9e1bdd56cd1fba09a525b1c27434d6ec2b3b9fd Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 1 May 2018 11:21:05 +0200
Subject: [PATCH 7/7] add: Context where the YARA rule can be applied

---
 objects/yara/definition.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/objects/yara/definition.json b/objects/yara/definition.json
index 4b4724d..370bfdb 100644
--- a/objects/yara/definition.json
+++ b/objects/yara/definition.json
@@ -20,9 +20,20 @@
       "description": "Version of the YARA rule depending where the yara rule is known to work as expected.",
       "ui-priority": 0,
       "misp-attribute": "text"
+    },
+    "context": {
+      "description": "Context where the YARA rule can be applied",
+      "sane_default": [
+        "all",
+        "disk",
+        "memory",
+        "network"
+      ],
+      "misp-attribute": "text",
+      "ui-priority": 0
     }
   },
-  "version": 2,
+  "version": 3,
   "description": "An object describing a YARA rule along with its version.",
   "meta-category": "misc",
   "uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",