From e44dd16b1841035df0f4a2e8e98a753952eff9cc Mon Sep 17 00:00:00 2001
From: Alexander J <deralexxx@users.noreply.github.com>
Date: Fri, 23 Nov 2018 15:40:57 +0100
Subject: [PATCH] new misp object for a timesketch message

to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
---
 objects/timesketch_message/definition.json | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 objects/timesketch_message/definition.json

diff --git a/objects/timesketch_message/definition.json b/objects/timesketch_message/definition.json
new file mode 100644
index 0000000..9185646
--- /dev/null
+++ b/objects/timesketch_message/definition.json
@@ -0,0 +1,26 @@
+{
+  "required": [
+    "datetime",
+    "message"
+  ],
+  "attributes": {
+    "datetime": {
+      "description": "datetime of the message",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "misp-attribute": "datetime",
+      "recommended": true
+    },
+    "message": {
+      "description": "message",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    }
+  },
+  "version": 1,
+  "description": "A timesketch message entry.",
+  "meta-category": "misc",
+  "uuid": "ef27fb19-7e71-43e0-b6f6-6f03ab67666f",
+  "name": "timesketch_message"
+}