From 878d0a30ca17607d93cc25cb582076ca717ba0cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= <sebastien.larinier@sekoia.fr>
Date: Mon, 13 Mar 2017 15:55:29 +0100
Subject: [PATCH 1/4] add characteristics and ssdeep to pe-sections

---
 objects/pe-section/definition.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/objects/pe-section/definition.json b/objects/pe-section/definition.json
index 2bd1ec6..fa4d9d8 100644
--- a/objects/pe-section/definition.json
+++ b/objects/pe-section/definition.json
@@ -16,6 +16,15 @@
       ],
       "disable_correlation": true
     },
+    "characteristics":{
+      "misp-attributes": "text",
+      "sane_default":[
+        "read",
+        "write",
+        "executable"
+      ]
+    }
+    ,
     "text": {
       "misp-attribute": "text",
       "misp-usage-frequency": 1,
@@ -46,6 +55,10 @@
     "sha512": {
       "misp-attribute": "sha512",
       "misp-usage-frequency": 0
+    },
+    "ssdeep": {
+      "misp-attribute": "ssdeep",
+      "misp-usage-frequency": 0
     }
   },
   "requiredOneOf": [

From 2838d5aed4be84bf15224c69b80a065a053de6ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= <sebastien.larinier@sekoia.fr>
Date: Mon, 13 Mar 2017 16:08:27 +0100
Subject: [PATCH 2/4] correct bug

---
 objects/pe-section/definition.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/objects/pe-section/definition.json b/objects/pe-section/definition.json
index fa4d9d8..daa3d8e 100644
--- a/objects/pe-section/definition.json
+++ b/objects/pe-section/definition.json
@@ -18,6 +18,7 @@
     },
     "characteristics":{
       "misp-attributes": "text",
+      "misp-usage-frequency": 0,
       "sane_default":[
         "read",
         "write",

From 6c1020b98aa5f253096c44f625c97f7b953e8ae2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= <sebastien.larinier@sekoia.fr>
Date: Mon, 13 Mar 2017 16:33:50 +0100
Subject: [PATCH 3/4] correct bug

---
 objects/pe-section/definition.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/objects/pe-section/definition.json b/objects/pe-section/definition.json
index daa3d8e..f2337e8 100644
--- a/objects/pe-section/definition.json
+++ b/objects/pe-section/definition.json
@@ -16,16 +16,15 @@
       ],
       "disable_correlation": true
     },
-    "characteristics":{
+    "characteristics": {
       "misp-attributes": "text",
       "misp-usage-frequency": 0,
-      "sane_default":[
+      "sane_default": [
         "read",
         "write",
         "executable"
       ]
-    }
-    ,
+    },
     "text": {
       "misp-attribute": "text",
       "misp-usage-frequency": 1,

From 47725c57424a6257f8e561ff8c3c85dcc4cfb559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= <sebastien.larinier@sekoia.fr>
Date: Mon, 13 Mar 2017 16:37:20 +0100
Subject: [PATCH 4/4] correct bug on characteristics

---
 objects/pe-section/definition.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/objects/pe-section/definition.json b/objects/pe-section/definition.json
index f2337e8..ac06635 100644
--- a/objects/pe-section/definition.json
+++ b/objects/pe-section/definition.json
@@ -17,7 +17,7 @@
       "disable_correlation": true
     },
     "characteristics": {
-      "misp-attributes": "text",
+      "misp-attribute": "text",
       "misp-usage-frequency": 0,
       "sane_default": [
         "read",