MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

disable correlation for last-seen/first-seen/text

pull/58/head
c-goes 2017-12-05 11:05:56 +01:00
parent 2caceee940
commit fbccdfef24
7 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,10 +31,12 @@ Feel free to propose your own MISP objects to be included in MISP. The system is
},
"first-seen": {
"misp-attribute": "datetime",
"disable_correlation": true,
"ui-priority": 0
},
"last-seen": {
"misp-attribute": "datetime",
"disable_correlation": true,
"ui-priority": 0
}

4
objects/asn/definition.json
View File

@ -26,11 +26,13 @@
},
"first-seen": {
"description": "First time the ASN was seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"last-seen": {
"description": "Last time the ASN was seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
@ -59,7 +61,7 @@
"multiple": true
}
},
"version": 3,
"version": 4,
"description": "Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.",
"meta-category": "network",
"uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6587",

5
objects/ddos/definition.json
View File

@ -3,7 +3,7 @@
"uuid": "e2f124d6-f57c-4f93-99e6-8450545fa05d",
"meta-category": "network",
"description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy",
"version": 5,
"version": 6,
"attributes": {
"total-bps": {
"description": "Bits per second",
@ -12,6 +12,7 @@
},
"text": {
"description": "Description of the DDoS",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
@ -62,6 +63,7 @@
},
"first-seen": {
"description": "Beginning of the attack",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
@ -83,6 +85,7 @@
},
"last-seen": {
"description": "End of the attack",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
}

5
objects/domain-ip/definition.json
View File

@ -6,17 +6,20 @@
"attributes": {
"text": {
"description": "A description of the tuple",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text",
"recommended": false
},
"last-seen": {
"description": "Last time the tuple has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"first-seen": {
"description": "First time the tuple has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
@ -40,7 +43,7 @@
"multiple": true
}
},
"version": 4,
"version": 5,
"description": "A domain and IP address seen as a tuple in a specific time frame.",
"meta-category": "network",
"uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",

5
objects/ip-port/definition.json
View File

@ -9,16 +9,19 @@
"attributes": {
"text": {
"description": "Description of the tuple",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "text"
},
"last-seen": {
"description": "Last time the tuple has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"first-seen": {
"description": "First time the tuple has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
@ -50,7 +53,7 @@
"misp-attribute": "ip-dst"
}
},
"version": 4,
"version": 5,
"description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",

4
objects/ja3/definition.json
View File

@ -2,7 +2,7 @@
"name": "ja3",
"meta-category": "network",
"description": "JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3",
"version": 1,
"version": 2,
"uuid": "09b45449-5d6e-492c-a68a-cb2e188cbfac",
"attributes": {
"ja3-fingerprint-md5": {
@ -43,11 +43,13 @@
},
"first-seen": {
"misp-attribute": "datetime",
"disable_correlation": true,
"ui-priority": 0,
"description": "First seen of the SSL/TLS handshake"
},
"last-seen": {
"misp-attribute": "datetime",
"disable_correlation": true,
"description": "Last seen of the SSL/TLS handshake",
"ui-priority": 0
}

4
objects/url/definition.json
View File

@ -35,6 +35,7 @@
},
"first-seen": {
"description": "First time this URL has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
@ -81,6 +82,7 @@
},
"last-seen": {
"description": "Last time this URL has been seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
@ -90,7 +92,7 @@
"misp-attribute": "hostname"
}
},
"version": 4,
"version": 5,
"description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
"meta-category": "network",
"uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",