MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,847 Commits
4 Branches
37 Tags
10 MiB
Commit Graph

16 Commits (main)

Author SHA1 Message Date
Alexandre Dulaunoy 7a476ec4ef
chg: [passive-dns] jq 2021-05-03 07:20:51 +02:00
aaronkaplan b728ed3e29
Re-Do the definition.json, according to the results of the discussion in 
https://github.com/MISP/misp-objects/pull/314

Removing *_ip and *_domain
Keeping bailiwick a domain type
 2021-05-03 00:57:14 +02:00
aaronkaplan bcd133527e
Merge branch 'main' of https://github.com/MISP/misp-objects 2021-05-02 16:03:35 +02:00
aaronkaplan 7b4c9cd6df
As discussed with @rafiot, we can't simply add rdata and rrname as 
text only into MISP objects. Why? Because otherwise we can't use MISP's
correlation engine to correlate attributes (rrname, rdata) inside these
MISP objects with other events. Because "text" would not correlate with
other "ip-src" or "domain" types in other objects/attributes.

Kind of sucks to duplicate the rrname and rdata entries, but that's the
only solution we came up with.

The COF2MISP module will populate both the rrname,rdata as well as the
rrname_{domain,ip} and rdata_{domain,ip} attributes.

Checked with jq_all_the_things.sh.
Thanks for your consideration.
 2021-05-02 15:57:54 +02:00
Alexandre Dulaunoy 4b88a52cf4
chg: [passive-dns] fix 2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy ab84bd837f
fix: [passive-dns] fix the JSON and the version 2021-04-27 18:13:05 +02:00
AaronK df8604a8ca
Update definition.json 
Added time_first_ms, time_last_ms. Clarified a few things in the descriptions.
 2021-04-27 15:37:51 +02:00
chrisr3d 0a3e94839c
add: [passive-dns] Added a raw_rdata object relation 2020-11-13 20:09:46 +01:00
Raphaël Vinot d9f1db590a chg: Sort all the entries in the templates by default 2020-04-26 02:13:18 +02:00
Alexandre Dulaunoy bd508a3455
fix: Passive DNS records especially on the disabled_correlation fields 2018-01-25 15:07:19 +01:00
Raphaël Vinot 0445ebd350 Add descriptions in all the objects 2017-08-29 18:36:46 +02:00
Alexandre Dulaunoy c59ed7394a ui-priority 2017-07-03 16:43:57 +02:00
Alexandre Dulaunoy dc2b6524c1 misp-usage-frequency updated 2017-07-03 12:15:50 +02:00
Raphaël Vinot 2c2c11c9ca Add and enforce UUID in the object definitions 2017-03-17 17:31:09 +01:00
Raphaël Vinot a68e678f50 JQ all the things 2017-02-13 11:18:42 +01:00
Alexandre Dulaunoy 7c30ab3977 Passive DNS object added 2016-02-13 18:19:27 +01:00