mirror of https://github.com/MISP/misp-objects
Merge remote-tracking branch 'upstream/master'
commit
e61344c981
|
@ -62,7 +62,7 @@ allowing advanced users to show all the attributes depending of their configurat
|
|||
shall be set to true if multiple elements of the same key can be used in the object. An optional **values_list**
|
||||
where this list of value can be selected as a value for an attribute. An optional **sane_default** where this list of value recommend
|
||||
potential a sane default for an attribute. An optional **disable_correlation** boolean field to suggest the disabling of correlation
|
||||
for a specific attribute.
|
||||
for a specific attribute. An optional **to_ids** boolean field to disable the IDS flag of an attribute.
|
||||
|
||||
## Existing MISP objects
|
||||
|
||||
|
@ -96,6 +96,7 @@ for a specific attribute.
|
|||
* [objects/geolocation](objects/geolocation/definition.json) - A geolocation object to describe a location.
|
||||
* [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network.
|
||||
* [objects/http-request](objects/http-request/definition.json) - A single HTTP request header object.
|
||||
* [objects/interpol-notice](objects/interpol-notice/definition.json) - Object used to represent an Interpol notice
|
||||
* [objects/ip-api-address](objects/ip-api-address/definition.json) - Object describing IP Address information, as defined in [ip-api.com](http://ip-api.com).
|
||||
* [objects/ip-port](objects/ip-port/definition.json) - An IP address and a port seen as a tuple (or as a triple) in a specific time frame.
|
||||
* [objects/ja3](objects/ja3/definition.json) - A ja3 object which describes an SSL client fingerprint in an easy to produce and shareable way.
|
||||
|
|
|
@ -1,5 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Seeds sponge, from moreutils
|
||||
|
||||
#Validate all Jsons first
|
||||
for dir in `find . -name "*.json"`
|
||||
do
|
||||
echo validating ${dir}
|
||||
# python3 -c "import json; f_in = open('${dir}'); data = json.load(f_in); f_in.close(); f_out = open('${dir}', 'w'); json.dump(data, f_out, indent=2, sort_keys=True, ensure_ascii=False); f_out.close();"
|
||||
cat ${dir} | jq . >/dev/null
|
||||
rc=$?
|
||||
if [[ $rc != 0 ]]; then exit $rc; fi
|
||||
done
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
|
|
|
@ -0,0 +1,198 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"description",
|
||||
"method",
|
||||
"key",
|
||||
"keyed-hash-function",
|
||||
"encryption-function",
|
||||
"regexp",
|
||||
"iv"
|
||||
],
|
||||
"attributes": {
|
||||
"method": {
|
||||
"description": "Anonymisation (or pseudo-anonymisation) method(s) used",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
|
||||
"hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
|
||||
"permutation - Maps each original value to a unique new value.",
|
||||
"prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
|
||||
"shift - Adds a fixed offset to each value/attribute.",
|
||||
"enumeration - Map each original value to a new value such that their ordering is preserved.",
|
||||
"partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
|
||||
"updated - Checksums are recalculated to reflect changes made to other fields.",
|
||||
"truncation - Field is shortened, losing data at the end.",
|
||||
"encryption - Attribute is encrypted."
|
||||
],
|
||||
"misp-attribute": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"key": {
|
||||
"description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"iv": {
|
||||
"description": "Initialisation vector for the encryption function used to anonymise the attribute",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"keyed-hash-function": {
|
||||
"description": "Keyed-hash function used to anonymise the attribute",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"hmac-sha1",
|
||||
"hmac-md5",
|
||||
"hmac-sha256",
|
||||
"hmac-sha384",
|
||||
"hmac-sha512"
|
||||
],
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"encryption-function": {
|
||||
"description": "Encryption function or algorithm used to anonymise the attribute",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"aes128",
|
||||
"aes-128-cbc",
|
||||
"aes-128-cfb",
|
||||
"aes-128-cfb1",
|
||||
"aes-128-cfb8",
|
||||
"aes-128-ctr",
|
||||
"aes-128-ecb",
|
||||
"aes-128-ofb",
|
||||
"aes192",
|
||||
"aes-192-cbc",
|
||||
"aes-192-cfb",
|
||||
"aes-192-cfb1",
|
||||
"aes-192-cfb8",
|
||||
"aes-192-ctr",
|
||||
"aes-192-ecb",
|
||||
"aes-192-ofb",
|
||||
"aes-256-cfb",
|
||||
"aes-256-cfb1",
|
||||
"aes-256-cfb8",
|
||||
"aes-256-ctr",
|
||||
"aes-256-ecb",
|
||||
"aes-256-ofb",
|
||||
"bf",
|
||||
"bf-cbc",
|
||||
"bf-cfb",
|
||||
"bf-ecb",
|
||||
"bf-ofb",
|
||||
"blowfish",
|
||||
"camellia128",
|
||||
"camellia-128-cbc",
|
||||
"camellia-128-cfb",
|
||||
"camellia-128-cfb1",
|
||||
"camellia-128-cfb8",
|
||||
"camellia-128-ctr",
|
||||
"camellia-128-ecb",
|
||||
"camellia-128-ofb",
|
||||
"camellia192",
|
||||
"camellia-192-cbc",
|
||||
"camellia-192-cfb",
|
||||
"camellia-192-cfb1",
|
||||
"camellia-192-cfb8",
|
||||
"camellia-192-ctr",
|
||||
"camellia-192-ecb",
|
||||
"camellia-192-ofb",
|
||||
"camellia256",
|
||||
"camellia-256-cbc",
|
||||
"camellia-256-cfb",
|
||||
"camellia-256-cfb1",
|
||||
"camellia-256-cfb8",
|
||||
"camellia-256-ctr",
|
||||
"camellia-256-ecb",
|
||||
"camellia-256-ofb",
|
||||
"cast",
|
||||
"cast5-cbc",
|
||||
"cast5-cfb",
|
||||
"cast5-ecb",
|
||||
"cast5-ofb",
|
||||
"cast-cbc",
|
||||
"des",
|
||||
"des3",
|
||||
"des-cbc",
|
||||
"des-cfb",
|
||||
"des-ecb",
|
||||
"des-ede",
|
||||
"des-ede3",
|
||||
"des-ede3-cbc",
|
||||
"des-ede3-cfb",
|
||||
"des-ede3-ofb",
|
||||
"des-ede-cbc",
|
||||
"des-ede-cfb",
|
||||
"des-ede-ofb",
|
||||
"des-ofb",
|
||||
"desx",
|
||||
"gost89",
|
||||
"gost89-cnt",
|
||||
"idea",
|
||||
"idea-cbc",
|
||||
"idea-cfb",
|
||||
"idea-ecb",
|
||||
"idea-ofb",
|
||||
"rc2",
|
||||
"rc2-40-cbc",
|
||||
"rc2-64-cbc",
|
||||
"rc2-cbc",
|
||||
"rc2-cfb",
|
||||
"rc2-ecb",
|
||||
"rc2-ofb",
|
||||
"rc4",
|
||||
"rc4-40",
|
||||
"rc4-64",
|
||||
"rc5",
|
||||
"rc5-cbc",
|
||||
"rc5-cfb",
|
||||
"rc5-ecb",
|
||||
"rc5-ofb",
|
||||
"seed",
|
||||
"seed-cbc",
|
||||
"seed-cfb",
|
||||
"seed-ecb",
|
||||
"seed-ofb",
|
||||
"sm4",
|
||||
"sm4-cbc",
|
||||
"sm4-cfb",
|
||||
"sm4-ctr",
|
||||
"sm4-ecb",
|
||||
"sm4-ofb"
|
||||
],
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"regexp": {
|
||||
"description": "Regular expression to perfom the anonymisation (reversible or not)",
|
||||
"ui-priority": 10,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"description": {
|
||||
"description": "Description of the anonymisation technique or tool used",
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"level-of-knowledge": {
|
||||
"description": "Level of knowledge of the organisation who created this object",
|
||||
"ui-priority": 10,
|
||||
"values_list": [
|
||||
"Only the anonymised data is known",
|
||||
"Deanonymised data is known"
|
||||
],
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
}
|
||||
},
|
||||
"version": 2,
|
||||
"description": "Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
|
||||
"meta-category": "misc",
|
||||
"uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
|
||||
"name": "anonymisation"
|
||||
}
|
|
@ -22,7 +22,8 @@
|
|||
"RELOCATABLE"
|
||||
],
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"number-sections": {
|
||||
"description": "Number of sections",
|
||||
|
@ -250,7 +251,7 @@
|
|||
"recommended": false
|
||||
}
|
||||
},
|
||||
"version": 4,
|
||||
"version": 5,
|
||||
"description": "Object describing a Executable and Linkable Format",
|
||||
"meta-category": "file",
|
||||
"uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
|
||||
"meta-category": "network",
|
||||
"description": "Email object describing an email with meta-information",
|
||||
"version": 12,
|
||||
"version": 13,
|
||||
"attributes": {
|
||||
"reply-to": {
|
||||
"description": "Email address the reply will be sent to",
|
||||
|
@ -77,6 +77,18 @@
|
|||
],
|
||||
"multiple": true
|
||||
},
|
||||
"received-header-ip": {
|
||||
"description": "Extracted IP address from parsed headers",
|
||||
"misp-attribute": "ip-src",
|
||||
"ui-priority": 0,
|
||||
"multiple": true
|
||||
},
|
||||
"received-header-hostname": {
|
||||
"description": "Extracted hostname from parsed headers",
|
||||
"misp-attribute": "hostname",
|
||||
"ui-priority": 0,
|
||||
"multiple": true
|
||||
},
|
||||
"x-mailer": {
|
||||
"description": "X-Mailer generally tells the program that was used to draft and send the original email",
|
||||
"misp-attribute": "email-x-mailer",
|
||||
|
|
|
@ -168,9 +168,275 @@
|
|||
"Expired",
|
||||
"Trusted"
|
||||
]
|
||||
},
|
||||
"file-encoding": {
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0,
|
||||
"description": "Encoding format of the file",
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"Adobe-Standard-Encoding",
|
||||
"Adobe-Symbol-Encoding",
|
||||
"Amiga-1251",
|
||||
"ANSI_X3.110-1983",
|
||||
"ASMO_449",
|
||||
"Big5",
|
||||
"Big5-HKSCS",
|
||||
"BOCU-1",
|
||||
"BRF",
|
||||
"BS_4730",
|
||||
"BS_viewdata",
|
||||
"CESU-8",
|
||||
"CP50220",
|
||||
"CP51932",
|
||||
"CSA_Z243.4-1985-1",
|
||||
"CSA_Z243.4-1985-2",
|
||||
"CSA_Z243.4-1985-gr",
|
||||
"CSN_369103",
|
||||
"DEC-MCS",
|
||||
"DIN_66003",
|
||||
"dk-us",
|
||||
"DS_2089",
|
||||
"EBCDIC-AT-DE",
|
||||
"EBCDIC-AT-DE-A",
|
||||
"EBCDIC-CA-FR",
|
||||
"EBCDIC-DK-NO",
|
||||
"EBCDIC-DK-NO-A",
|
||||
"EBCDIC-ES",
|
||||
"EBCDIC-ES-A",
|
||||
"EBCDIC-ES-S",
|
||||
"EBCDIC-FI-SE",
|
||||
"EBCDIC-FI-SE-A",
|
||||
"EBCDIC-FR",
|
||||
"EBCDIC-IT",
|
||||
"EBCDIC-PT",
|
||||
"EBCDIC-UK",
|
||||
"EBCDIC-US",
|
||||
"ECMA-cyrillic",
|
||||
"ES",
|
||||
"ES2",
|
||||
"EUC-KR",
|
||||
"Extended_UNIX_Code_Fixed_Width_for_Japanese",
|
||||
"Extended_UNIX_Code_Packed_Format_for_Japanese",
|
||||
"GB18030",
|
||||
"GB_1988-80",
|
||||
"GB2312",
|
||||
"GB_2312-80",
|
||||
"GBK",
|
||||
"GOST_19768-74",
|
||||
"greek7",
|
||||
"greek7-old",
|
||||
"greek-ccitt",
|
||||
"HP-DeskTop",
|
||||
"HP-Legal",
|
||||
"HP-Math8",
|
||||
"HP-Pi-font",
|
||||
"hp-roman8",
|
||||
"HZ-GB-2312",
|
||||
"IBM00858",
|
||||
"IBM00924",
|
||||
"IBM01140",
|
||||
"IBM01141",
|
||||
"IBM01142",
|
||||
"IBM01143",
|
||||
"IBM01144",
|
||||
"IBM01145",
|
||||
"IBM01146",
|
||||
"IBM01147",
|
||||
"IBM01148",
|
||||
"IBM01149",
|
||||
"IBM037",
|
||||
"IBM038",
|
||||
"IBM1026",
|
||||
"IBM1047",
|
||||
"IBM273",
|
||||
"IBM274",
|
||||
"IBM275",
|
||||
"IBM277",
|
||||
"IBM278",
|
||||
"IBM280",
|
||||
"IBM281",
|
||||
"IBM284",
|
||||
"IBM285",
|
||||
"IBM290",
|
||||
"IBM297",
|
||||
"IBM420",
|
||||
"IBM423",
|
||||
"IBM424",
|
||||
"IBM437",
|
||||
"IBM500",
|
||||
"IBM775",
|
||||
"IBM850",
|
||||
"IBM851",
|
||||
"IBM852",
|
||||
"IBM855",
|
||||
"IBM857",
|
||||
"IBM860",
|
||||
"IBM861",
|
||||
"IBM862",
|
||||
"IBM863",
|
||||
"IBM864",
|
||||
"IBM865",
|
||||
"IBM866",
|
||||
"IBM868",
|
||||
"IBM869",
|
||||
"IBM870",
|
||||
"IBM871",
|
||||
"IBM880",
|
||||
"IBM891",
|
||||
"IBM903",
|
||||
"IBM904",
|
||||
"IBM905",
|
||||
"IBM918",
|
||||
"IBM-Symbols",
|
||||
"IBM-Thai",
|
||||
"IEC_P27-1",
|
||||
"INIS",
|
||||
"INIS-8",
|
||||
"INIS-cyrillic",
|
||||
"INVARIANT",
|
||||
"ISO_10367-box",
|
||||
"ISO-10646-J-1",
|
||||
"ISO-10646-UCS-2",
|
||||
"ISO-10646-UCS-4",
|
||||
"ISO-10646-UCS-Basic",
|
||||
"ISO-10646-Unicode-Latin1",
|
||||
"ISO-10646-UTF-1",
|
||||
"ISO-11548-1",
|
||||
"ISO-2022-CN",
|
||||
"ISO-2022-CN-EXT",
|
||||
"ISO-2022-JP",
|
||||
"ISO-2022-JP-2",
|
||||
"ISO-2022-KR",
|
||||
"ISO_2033-1983",
|
||||
"ISO_5427",
|
||||
"ISO_5427:1981",
|
||||
"ISO_5428:1980",
|
||||
"ISO_646.basic:1983",
|
||||
"ISO_646.irv:1983",
|
||||
"ISO_6937-2-25",
|
||||
"ISO_6937-2-add",
|
||||
"ISO-8859-10",
|
||||
"ISO_8859-1:1987",
|
||||
"ISO-8859-13",
|
||||
"ISO-8859-14",
|
||||
"ISO-8859-15",
|
||||
"ISO-8859-16",
|
||||
"ISO-8859-1-Windows-3.0-Latin-1",
|
||||
"ISO-8859-1-Windows-3.1-Latin-1",
|
||||
"ISO_8859-2:1987",
|
||||
"ISO-8859-2-Windows-Latin-2",
|
||||
"ISO_8859-3:1988",
|
||||
"ISO_8859-4:1988",
|
||||
"ISO_8859-5:1988",
|
||||
"ISO_8859-6:1987",
|
||||
"ISO_8859-6-E",
|
||||
"ISO_8859-6-I",
|
||||
"ISO_8859-7:1987",
|
||||
"ISO_8859-8:1988",
|
||||
"ISO_8859-8-E",
|
||||
"ISO_8859-8-I",
|
||||
"ISO_8859-9:1989",
|
||||
"ISO-8859-9-Windows-Latin-5",
|
||||
"ISO_8859-supp",
|
||||
"iso-ir-90",
|
||||
"ISO-Unicode-IBM-1261",
|
||||
"ISO-Unicode-IBM-1264",
|
||||
"ISO-Unicode-IBM-1265",
|
||||
"ISO-Unicode-IBM-1268",
|
||||
"ISO-Unicode-IBM-1276",
|
||||
"IT",
|
||||
"JIS_C6220-1969-jp",
|
||||
"JIS_C6220-1969-ro",
|
||||
"JIS_C6226-1978",
|
||||
"JIS_C6226-1983",
|
||||
"JIS_C6229-1984-a",
|
||||
"JIS_C6229-1984-b",
|
||||
"JIS_C6229-1984-b-add",
|
||||
"JIS_C6229-1984-hand",
|
||||
"JIS_C6229-1984-hand-add",
|
||||
"JIS_C6229-1984-kana",
|
||||
"JIS_Encoding",
|
||||
"JIS_X0201",
|
||||
"JIS_X0212-1990",
|
||||
"JUS_I.B1.002",
|
||||
"JUS_I.B1.003-mac",
|
||||
"JUS_I.B1.003-serb",
|
||||
"KOI7-switched",
|
||||
"KOI8-R",
|
||||
"KOI8-U",
|
||||
"KS_C_5601-1987",
|
||||
"KSC5636",
|
||||
"KZ-1048",
|
||||
"latin-greek",
|
||||
"Latin-greek-1",
|
||||
"latin-lap",
|
||||
"macintosh",
|
||||
"Microsoft-Publishing",
|
||||
"MNEM",
|
||||
"MNEMONIC",
|
||||
"MSZ_7795.3",
|
||||
"Name",
|
||||
"NATS-DANO",
|
||||
"NATS-DANO-ADD",
|
||||
"NATS-SEFI",
|
||||
"NATS-SEFI-ADD",
|
||||
"NC_NC00-10:81",
|
||||
"NF_Z_62-010",
|
||||
"NF_Z_62-010_(1973)",
|
||||
"NS_4551-1",
|
||||
"NS_4551-2",
|
||||
"OSD_EBCDIC_DF03_IRV",
|
||||
"OSD_EBCDIC_DF04_1",
|
||||
"OSD_EBCDIC_DF04_15",
|
||||
"PC8-Danish-Norwegian",
|
||||
"PC8-Turkish",
|
||||
"PT",
|
||||
"PT2",
|
||||
"PTCP154",
|
||||
"SCSU",
|
||||
"SEN_850200_B",
|
||||
"SEN_850200_C",
|
||||
"Shift_JIS",
|
||||
"T.101-G2",
|
||||
"T.61-7bit",
|
||||
"T.61-8bit",
|
||||
"TIS-620",
|
||||
"TSCII",
|
||||
"UNICODE-1-1",
|
||||
"UNICODE-1-1-UTF-7",
|
||||
"UNKNOWN-8BIT",
|
||||
"US-ASCII",
|
||||
"us-dk",
|
||||
"UTF-16",
|
||||
"UTF-16BE",
|
||||
"UTF-16LE",
|
||||
"UTF-32",
|
||||
"UTF-32BE",
|
||||
"UTF-32LE",
|
||||
"UTF-7",
|
||||
"UTF-8",
|
||||
"Ventura-International",
|
||||
"Ventura-Math",
|
||||
"Ventura-US",
|
||||
"videotex-suppl",
|
||||
"VIQR",
|
||||
"VISCII",
|
||||
"windows-1250",
|
||||
"windows-1251",
|
||||
"windows-1252",
|
||||
"windows-1253",
|
||||
"windows-1254",
|
||||
"windows-1255",
|
||||
"windows-1256",
|
||||
"windows-1257",
|
||||
"windows-1258",
|
||||
"Windows-31J",
|
||||
"windows-874"
|
||||
]
|
||||
}
|
||||
},
|
||||
"version": 15,
|
||||
"version": 16,
|
||||
"description": "File object describing a file with meta-information",
|
||||
"meta-category": "file",
|
||||
"uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
"required": [
|
||||
"service"
|
||||
],
|
||||
"attributes": {
|
||||
"service": {
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0,
|
||||
"description": "Service impacte par l'incident",
|
||||
"disable_correlation": true,
|
||||
"multiple": true,
|
||||
"sane_default": [
|
||||
"Telephonie fixe",
|
||||
"Acces Internet fixe",
|
||||
"Telephonie mobile",
|
||||
"Acces Internet mobile"
|
||||
]
|
||||
},
|
||||
"nombre-utilisateurs-touches": {
|
||||
"description": "Nombre d’utilisateurs touches par l'incident",
|
||||
"ui-priority": 0,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"pourcentage-utilisateurs-touches": {
|
||||
"description": "Pourcentage d'utilisateurs du service touches par l'incident",
|
||||
"ui-priority": 0,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"duree": {
|
||||
"description": "Duree de l'incident en hh : mm",
|
||||
"ui-priority": 0,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text"
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "Institut Luxembourgeois de Regulation - Impact",
|
||||
"meta-category": "misc",
|
||||
"uuid": "b995af48-39b2-11e9-b2ab-b77adfee75d1",
|
||||
"name": "ilr-impact"
|
||||
}
|
|
@ -0,0 +1,139 @@
|
|||
{
|
||||
"attributes": {
|
||||
"Nom entreprise": {
|
||||
"description": "Nom de l’entreprise notifiee",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"date-incident": {
|
||||
"description": "Date/heure de la detection de l’incident:",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"date-pre-notification": {
|
||||
"description": "Date de la pre-notification",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"impact-servicesw-urgence": {
|
||||
"description": "Services d’urgences impactes ?",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"values_list": [
|
||||
"Oui",
|
||||
"Non"
|
||||
]
|
||||
},
|
||||
"description-probleme-services-urgence": {
|
||||
"description": "Description du probleme sur les services d’urgences impactes",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"delimitation-geographique": {
|
||||
"description": "Delimitation geographique",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"values_list": [
|
||||
"Nationale",
|
||||
"Regionale"
|
||||
]
|
||||
},
|
||||
"zone-impactee": {
|
||||
"description": "zones/communes/villes impactees ",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"multiple": true,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"details-service": {
|
||||
"description": "Details relatifs au service concerne et a l’impact de l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"cause-initiale-incident": {
|
||||
"description": "Cause initiale de l'incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"values_list": [
|
||||
"rreur humaine",
|
||||
"Defaut systeme 'hardware', 'software', 'procedures'",
|
||||
"Attaque malveillante",
|
||||
"Defaut d’une partie tierce ou externe",
|
||||
"Catastrophe naturelle"
|
||||
]
|
||||
},
|
||||
"autres-informations": {
|
||||
"description": "Autres informations concernant la nature de l’incident notamment la liste des actifs affectes et les causes subsequentes eventuelles, declenches par la cause initiale ",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"description-incident": {
|
||||
"description": "Description generale de l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"traitement-incident": {
|
||||
"description": "Traitement de l’incident et actions effectuees en ordre chronologique",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"actions-posterieur": {
|
||||
"description": "Actions posterieures de l’incident pour minimiser le risque ",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"interconnections-affectees": {
|
||||
"description": "Interconnections nationales et/ou internationales affectees",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"actions-corrective": {
|
||||
"description": "Actions correctives a long terme",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"remarques": {
|
||||
"description": "Remarque(s), notamment les experiences gagnees et les leçons tirees de l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"nom-contact-incident": {
|
||||
"description": "Nom de la personne de contact en rapport avec l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"telephone-contact-incident": {
|
||||
"description": "Telephone de la personne de contact en rapport avec l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"email-contact-incident": {
|
||||
"description": "Email de la personne de contact en rapport avec l’incident",
|
||||
"disable_correlation": true,
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "Institut Luxembourgeois de Regulation - Notification d'incident",
|
||||
"meta-category": "misc",
|
||||
"uuid": "b8ade604-39b2-11e9-b753-1fd28d3b612c",
|
||||
"name": "ilr-notification-incident"
|
||||
}
|
|
@ -0,0 +1,143 @@
|
|||
{
|
||||
"required": [
|
||||
"notice-color"
|
||||
],
|
||||
"attributes": {
|
||||
"notice-color": {
|
||||
"description": "The color/type of the notice",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 1,
|
||||
"sane_default": [
|
||||
"Red",
|
||||
"Yellow",
|
||||
"Blue",
|
||||
"Black",
|
||||
"Green",
|
||||
"Orange",
|
||||
"Purple"
|
||||
]
|
||||
},
|
||||
"present-family-name": {
|
||||
"description": "Last name of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "last-name"
|
||||
},
|
||||
"forename": {
|
||||
"description": "First name of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "first-name",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"alias": {
|
||||
"description": "Alias name or known as.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"father-s-family-name-&-forename": {
|
||||
"description": "Father's family name & forename.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"mother-s-family-name-&-forename": {
|
||||
"description": "Mother's family name & forename.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"date-of-birth": {
|
||||
"description": "Date of birth of a natural person (in YYYY-MM-DD format).",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "date-of-birth"
|
||||
},
|
||||
"place-of-birth": {
|
||||
"description": "Place of birth of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "place-of-birth",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"sex": {
|
||||
"description": "The gender of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "gender",
|
||||
"values_list": [
|
||||
"Male",
|
||||
"Female",
|
||||
"Other",
|
||||
"Prefer not to say"
|
||||
],
|
||||
"disable_correlation": true
|
||||
},
|
||||
"nationality": {
|
||||
"description": "The nationality of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "nationality",
|
||||
"multiple": true,
|
||||
"disable_correlation": true
|
||||
},
|
||||
"language-spoken": {
|
||||
"description": "Languages spoken by a person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"disable_correlation": true
|
||||
},
|
||||
"charges": {
|
||||
"description": "Charges published as provided by requesting entity",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"disable_correlation": true
|
||||
},
|
||||
"date-of-disappearance": {
|
||||
"description": "Date of disappearance of a missing person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"place-of-disappearance": {
|
||||
"description": "Place of birth of a natural person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"height": {
|
||||
"description": "Height of a person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"weight": {
|
||||
"description": "weight of a person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"colour-of-hair": {
|
||||
"description": "Description of a person's colour of hair.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"colour-of-eyes": {
|
||||
"description": "Description of a person's colour of eyes.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"distinguishing-marks-and-characteristics": {
|
||||
"description": "Distinguishing marks and characteristics of a person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"portrait": {
|
||||
"description": "Portrait of the person.",
|
||||
"ui-priority": 10,
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "An object which describes a Interpol notice.",
|
||||
"meta-category": "misc",
|
||||
"uuid": "24927972-1e4a-11e9-857e-3b2306b99911",
|
||||
"name": "interpol-notice"
|
||||
}
|
|
@ -151,9 +151,25 @@
|
|||
"ui-priority": 10,
|
||||
"misp-attribute": "attachment",
|
||||
"multiple": true
|
||||
},
|
||||
"role": {
|
||||
"description": "The role of a person.",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"values_list": [
|
||||
"Suspect",
|
||||
"Victim",
|
||||
"Defendent",
|
||||
"Accused",
|
||||
"Culprit",
|
||||
"Accomplice",
|
||||
"Witness"
|
||||
],
|
||||
"disable_correlation": true
|
||||
}
|
||||
},
|
||||
"version": 7,
|
||||
"version": 8,
|
||||
"description": "An object which describes a person or an identity.",
|
||||
"meta-category": "misc",
|
||||
"uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248",
|
||||
|
|
|
@ -1,69 +1,117 @@
|
|||
{
|
||||
"requiredOneOf": [
|
||||
"url"
|
||||
],
|
||||
"name": "phishing",
|
||||
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
|
||||
"meta-category": "network",
|
||||
"description": "Phishing template to describe a phishing website and its analysis.",
|
||||
"version": 5,
|
||||
"attributes": {
|
||||
"url": {
|
||||
"description": "Original url of the phishing website",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "url"
|
||||
},
|
||||
"phishtank-id": {
|
||||
"description": "Phishtank ID of the reported phishing",
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "text"
|
||||
},
|
||||
"phishtank-detail-url": {
|
||||
"description": "Phishtank detail URL to the reported phishing",
|
||||
"misp-attribute": "link",
|
||||
"ui-priority": 1
|
||||
},
|
||||
"submission-time": {
|
||||
"description": "When the phishing was submitted and/or reported",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "datetime"
|
||||
},
|
||||
"verified": {
|
||||
"description": "The phishing has been verified by the team handling the phishing",
|
||||
"ui-priority": 0,
|
||||
"values_list": [
|
||||
"No",
|
||||
"Yes"
|
||||
"internal reference": {
|
||||
"categories": [
|
||||
"Internal reference"
|
||||
],
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
"ui-priority": 1,
|
||||
"description": "Internal reference such as ticket ID"
|
||||
},
|
||||
"verification-time": {
|
||||
"description": "When the phishing was verified",
|
||||
"screenshot": {
|
||||
"multiple": true,
|
||||
"categories": [
|
||||
"External analysis"
|
||||
],
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "attachment",
|
||||
"description": "Screenshot of phishing site"
|
||||
},
|
||||
"target": {
|
||||
"multiple": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0,
|
||||
"description": "Targeted organisation by the phishing"
|
||||
},
|
||||
"takedown-request-to": {
|
||||
"to_ids": false,
|
||||
"multiple": true,
|
||||
"categories": [
|
||||
"Other"
|
||||
],
|
||||
"ui-priority": 1,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"description": "Destination email address for take-down request"
|
||||
},
|
||||
"takedown-request": {
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "datetime",
|
||||
"disable_correlation": true
|
||||
"ui-priority": 0,
|
||||
"description": "When the phishing was requested to be taken down"
|
||||
},
|
||||
"takedown-time": {
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "datetime",
|
||||
"ui-priority": 0,
|
||||
"description": "When the phishing was taken down"
|
||||
},
|
||||
"online": {
|
||||
"description": "If the phishing is online and operational, by default is yes",
|
||||
"ui-priority": 0,
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"values_list": [
|
||||
"Yes",
|
||||
"No"
|
||||
],
|
||||
"ui-priority": 0,
|
||||
"description": "If the phishing is online and operational, by default is yes"
|
||||
},
|
||||
"url": {
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1,
|
||||
"description": "Original URL of the phishing website"
|
||||
},
|
||||
"url-redirect": {
|
||||
"multiple": true,
|
||||
"misp-attribute": "url",
|
||||
"ui-priority": 1,
|
||||
"description": "Redirect URL of the phishing website"
|
||||
},
|
||||
"hostname": {
|
||||
"multiple": true,
|
||||
"misp-attribute": "hostname",
|
||||
"ui-priority": 1,
|
||||
"description": "host of the phishing website"
|
||||
},
|
||||
"phishtank-id": {
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
"ui-priority": 1,
|
||||
"description": "Phishtank ID of the reported phishing"
|
||||
},
|
||||
"takedown-time": {
|
||||
"description": "When the phishing was taken down",
|
||||
"ui-priority": 0,
|
||||
"phishtank-detail-url": {
|
||||
"ui-priority": 1,
|
||||
"misp-attribute": "link",
|
||||
"description": "Phishtank detail URL to the reported phishing"
|
||||
},
|
||||
"submission-time": {
|
||||
"misp-attribute": "datetime",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"target": {
|
||||
"description": "Targeted organisation by the phishing",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text"
|
||||
"description": "When the phishing was submitted and/or reported"
|
||||
},
|
||||
"verified": {
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"values_list": [
|
||||
"No",
|
||||
"Yes"
|
||||
],
|
||||
"ui-priority": 0,
|
||||
"description": "The phishing has been verified by the team handling the phishing"
|
||||
},
|
||||
"verification-time": {
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "datetime",
|
||||
"ui-priority": 0,
|
||||
"description": "When the phishing was verified"
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"description": "Phishing template to describe a phishing website and its analysis.",
|
||||
"meta-category": "network",
|
||||
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
|
||||
"name": "phishing"
|
||||
"requiredOneOf": [
|
||||
"url"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -30,7 +30,8 @@
|
|||
"Perl",
|
||||
"Ruby",
|
||||
"Winbatch",
|
||||
"AutoIt"
|
||||
"AutoIt",
|
||||
"PHP"
|
||||
]
|
||||
},
|
||||
"filename": {
|
||||
|
@ -54,7 +55,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"description": "Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.",
|
||||
"meta-category": "misc",
|
||||
"uuid": "6bce7d01-dbec-4054-b3c2-3655a19382e2",
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
{
|
||||
"version": 1,
|
||||
"description": "Splunk / Splunk ES object",
|
||||
"meta-category": "misc",
|
||||
"uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8",
|
||||
"name": "splunk",
|
||||
"required": [
|
||||
"search"
|
||||
],
|
||||
"attributes": {
|
||||
"search": {
|
||||
"description": "Search / Correlation search",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"drill-down": {
|
||||
"description": "Drilldown",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true,
|
||||
"multiple": true
|
||||
},
|
||||
"response-action": {
|
||||
"description": "Response action",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"disable_correlation": true,
|
||||
"sane_default": [
|
||||
"notable",
|
||||
"risk"
|
||||
]
|
||||
},
|
||||
"schedule": {
|
||||
"description": "Schedule",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "other",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"earliest": {
|
||||
"description": "Earliest time",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"latest": {
|
||||
"description": "Latest time",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "text",
|
||||
"disable_correlation": true
|
||||
},
|
||||
"description": {
|
||||
"description": "Description",
|
||||
"ui-priority": 0,
|
||||
"misp-attribute": "comment",
|
||||
"disable_correlation": true
|
||||
}
|
||||
}
|
||||
}
|
|
@ -222,6 +222,13 @@
|
|||
"stix-2.0"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "retrieved-from",
|
||||
"description": "This relationship describes an object retrieved from the target object.",
|
||||
"format": [
|
||||
"misp"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "authored-by",
|
||||
"description": "This relationship describes the author of a specific object.",
|
||||
|
|
Loading…
Reference in New Issue