mirror of https://github.com/MISP/misp-objects
Merge branch 'master' of github.com:MISP/misp-objects
commit
d221a5e68e
|
@ -3,7 +3,7 @@
|
||||||
"uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
"uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"description": "Email object describing an email with meta-information",
|
"description": "Email object describing an email with meta-information",
|
||||||
"version": 8,
|
"version": 10,
|
||||||
"attributes": {
|
"attributes": {
|
||||||
"reply-to": {
|
"reply-to": {
|
||||||
"description": "Email address the reply will be sent to",
|
"description": "Email address the reply will be sent to",
|
||||||
|
@ -146,6 +146,11 @@
|
||||||
"categories": [
|
"categories": [
|
||||||
"Payload delivery"
|
"Payload delivery"
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
"eml": {
|
||||||
|
"description": "Full EML",
|
||||||
|
"misp-attribute": "attachment",
|
||||||
|
"ui-priority": 1
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"requiredOneOf": [
|
"requiredOneOf": [
|
||||||
|
@ -163,6 +168,8 @@
|
||||||
"thread-index",
|
"thread-index",
|
||||||
"header",
|
"header",
|
||||||
"x-mailer",
|
"x-mailer",
|
||||||
"return-path"
|
"return-path",
|
||||||
|
"email-body",
|
||||||
|
"eml"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
"requiredOneOf": [
|
||||||
|
"first-seen",
|
||||||
|
"last-seen"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"text": {
|
||||||
|
"description": "Description of the time object.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"disable_correlation": true
|
||||||
|
},
|
||||||
|
"precision": {
|
||||||
|
"description": "Timestamp precision represents the precision given to first_seen and/or last_seen in this object.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"year",
|
||||||
|
"month",
|
||||||
|
"day",
|
||||||
|
"hour",
|
||||||
|
"minute",
|
||||||
|
"full"
|
||||||
|
],
|
||||||
|
"disable_correlation": true
|
||||||
|
},
|
||||||
|
"first-seen": {
|
||||||
|
"description": "First time that the linked object or attribute has been seen.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"disable_correlation": true
|
||||||
|
},
|
||||||
|
"last-seen": {
|
||||||
|
"description": "First time that the linked object or attribute has been seen.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime",
|
||||||
|
"disable_correlation": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"version": 1,
|
||||||
|
"description": "A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"uuid": "c8c91e23-4221-4533-8bf7-64e12b05f265",
|
||||||
|
"name": "timestamp"
|
||||||
|
}
|
|
@ -74,6 +74,7 @@
|
||||||
"External analysis"
|
"External analysis"
|
||||||
],
|
],
|
||||||
"ui-priority": 0,
|
"ui-priority": 0,
|
||||||
|
"multiple": true,
|
||||||
"misp-attribute": "domain"
|
"misp-attribute": "domain"
|
||||||
},
|
},
|
||||||
"comment": {
|
"comment": {
|
||||||
|
@ -84,10 +85,11 @@
|
||||||
"ip-address": {
|
"ip-address": {
|
||||||
"description": "IP address of the whois entry",
|
"description": "IP address of the whois entry",
|
||||||
"ui-priority": 0,
|
"ui-priority": 0,
|
||||||
|
"multiple": true,
|
||||||
"misp-attribute": "ip-src"
|
"misp-attribute": "ip-src"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": 9,
|
"version": 10,
|
||||||
"description": "Whois records information for a domain name or an IP address.",
|
"description": "Whois records information for a domain name or an IP address.",
|
||||||
"meta-category": "network",
|
"meta-category": "network",
|
||||||
"uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
"uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
|
||||||
|
|
|
@ -20,9 +20,20 @@
|
||||||
"description": "Version of the YARA rule depending where the yara rule is known to work as expected.",
|
"description": "Version of the YARA rule depending where the yara rule is known to work as expected.",
|
||||||
"ui-priority": 0,
|
"ui-priority": 0,
|
||||||
"misp-attribute": "text"
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"context": {
|
||||||
|
"description": "Context where the YARA rule can be applied",
|
||||||
|
"sane_default": [
|
||||||
|
"all",
|
||||||
|
"disk",
|
||||||
|
"memory",
|
||||||
|
"network"
|
||||||
|
],
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"ui-priority": 0
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": 2,
|
"version": 3,
|
||||||
"description": "An object describing a YARA rule along with its version.",
|
"description": "An object describing a YARA rule along with its version.",
|
||||||
"meta-category": "misc",
|
"meta-category": "misc",
|
||||||
"uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
|
"uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3",
|
||||||
|
|
Loading…
Reference in New Issue