Alexandre Dulaunoy
b915869ab2
being lax on origin to avoid rebuilding url path for unknown services
2017-11-22 17:08:56 +01:00
Alexandre Dulaunoy
51e873760e
AIL leak template updated to include duplicate of leaks
2017-11-22 16:38:25 +01:00
Alexandre Dulaunoy
dd4e2d1977
fix: MISP type are case-sensitive - fixing AS number type
2017-11-19 10:22:32 +01:00
Alexandre Dulaunoy
b046eb4ba7
fix: AIL leak object to include raw-data
2017-11-15 07:32:49 +01:00
kx499
59a78eef24
dns record and shodan report objects
2017-11-14 15:38:54 -05:00
Alexandre Dulaunoy
1fd5d4f6a7
fix: subnets announced is an ip-src type
2017-11-14 15:02:49 +01:00
Alexandre Dulaunoy
666c7a6916
added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o
...
r alike.
Fix #50
2017-11-13 20:36:16 +01:00
Raphaël Vinot
f9b2bdf22c
chg: Fix logic in URL
...
Fix #21
2017-11-10 15:05:22 -08:00
Raphaël Vinot
805ed85bbe
chg: Disable some correlations by default in URL
...
Fix #47
2017-11-10 15:02:37 -08:00
Raphaël Vinot
dade532c1f
Merge branch 'master' of github.com:MISP/misp-objects
2017-11-10 13:29:03 -08:00
Raphaël Vinot
b4b3e685ea
fix: requiredOneOf list of r2graphity was wrong
...
Fix #20
2017-11-10 13:28:05 -08:00
c-goes
8e47b33787
Added file attribute screenshot to email object
2017-11-09 16:07:54 +01:00
Andras Iklody
6b43b68651
Merge pull request #48 from Delta-Sierra/master
...
allow multiple ips in domain|ip object
2017-11-07 10:08:24 +01:00
Deborah Servili
51f79bceba
allow multiple ips in domain|ip object
2017-11-07 09:34:26 +01:00
Alexandre Dulaunoy
f46343b2e2
Merge pull request #46 from Delta-Sierra/master
...
update ail-leak object
2017-11-06 16:20:25 +01:00
Deborah Servili
d171c73660
update ail-leak object
2017-11-06 14:53:58 +01:00
Alexandre Dulaunoy
2a2b48a162
fix: origin of credential as sane_default
2017-11-02 21:37:53 +01:00
Alexandre Dulaunoy
dab3ad881a
add: credential object ( fix #44 )
2017-11-02 20:41:02 +01:00
Raphaël Vinot
28dfbb50f7
Remove the executable flag from the json files
2017-10-25 12:16:17 -04:00
truckydev
fe594f98ba
regex addon
...
Add field to specify which type correspond to this regex.
2017-10-25 10:39:39 +02:00
Raphaël Vinot
3569c70407
Add report object
2017-10-24 13:04:41 -04:00
Thomas Gardner
6e36c162a4
fixed av-signature merge conflicts with upstream
2017-10-24 10:26:24 -04:00
Thomas Gardner
1c4933c1ce
disabled AV software correlation and re-ran jq-all-the-things
2017-10-24 10:23:46 -04:00
Alexandre Dulaunoy
9410aa99a5
Fix the file object
2017-10-23 20:35:07 +02:00
Alexandre Dulaunoy
0f3261077b
State added to file like signed, harmless...
2017-10-23 20:28:30 +02:00
Raphaël Vinot
b801bc6603
jq all the things
2017-10-23 11:51:05 -04:00
Thomas Gardner
f9204db304
added av-signature and virustotal-report
2017-10-23 10:43:12 -04:00
Alexandre Dulaunoy
a5d2f71fef
Merge pull request #34 from MISP/fix-31-2
...
Fix object name
2017-10-16 15:41:33 +02:00
Raphaël Vinot
9078fa0e73
Fix object name
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:41:22 +02:00
Raphaël Vinot
60a375f85d
Fix object name.
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:40:20 +02:00
Alexandre Dulaunoy
0ab002e94c
Fix typo in the field
2017-10-13 15:08:25 +02:00
Alexandre Dulaunoy
9b55a361ec
Some updates including description of fields
2017-10-13 15:02:04 +02:00
Alexandre Dulaunoy
94b9bc9aee
First version of Netflow object based on proposal from @JanKoDFNCERT
...
Open questions:
- What is a minimal Netflow records? I relax a bit the required fields.
- How does this work with IPFIX (and variable templates)?
- How should we express the TCP flags expressed? (S/SA/SAF)
2017-10-13 14:30:10 +02:00
Alexandre Dulaunoy
2b9ba3ac00
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform)
2017-10-12 22:08:09 +02:00
Alexandre Dulaunoy
deda8abfb1
use url attribute type for link inside a post
2017-10-06 08:22:41 +02:00
Alexandre Dulaunoy
c4bc232be2
Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4
2017-10-06 08:22:00 +02:00
ater49
a13726c138
Update definition.json
...
Link attribute added in case of url present into the post.
Multiple set to true for "username-quoted"
2017-10-04 13:31:25 +02:00
ater49
71860b21e9
New attributes: title
...
In case of paste or post has a title.
Ghostbin.com origin added
2017-10-04 13:24:29 +02:00
Alexandre Dulaunoy
bc7c84ca5a
add: Paste or similar post from a website allowing to share privately or publicly posts.
2017-09-29 14:59:39 +02:00
Alexandre Dulaunoy
f10f361df0
jq all and fix the space ;-)
2017-09-28 22:07:15 +02:00
ater49
4c69154ad3
Attributes username-quoted added
...
Added Attributes: "username-quoted"
Added types: LinkedIn, Reddit, Google+, Instagram
2017-09-28 21:36:27 +02:00
Alexandre Dulaunoy
5a80d5c4d2
add: Microblog post object like a Twitter tweet or a post on a Facebook wall.
2017-09-28 19:32:31 +02:00
Alexandre Dulaunoy
5b66865268
Carbon copy field added
2017-09-27 16:43:21 +02:00
Alexandre Dulaunoy
140b55254a
return-path added in email object
2017-09-25 20:37:02 +02:00
Alexandre Dulaunoy
9d14620739
Victim object added mainly based on the STIX 2.0 victim proposal
2017-09-24 21:21:33 +02:00
Alexandre Dulaunoy
3ecace4d12
First version of the ja3 object based on the proposal from @delbs
2017-09-24 20:10:59 +02:00
Alexandre Dulaunoy
a5c0c4e192
Fixing typo in the credit-card object
2017-09-21 15:35:05 +02:00
Alexandre Dulaunoy
d22ced3b82
whois template fixed
2017-09-18 09:01:57 +02:00
Alexandre Dulaunoy
3e00c3129c
Fix #22
2017-09-18 08:11:25 +02:00
iglocska
10b21c6aac
fix: Fixed typo
2017-09-17 12:46:51 +02:00
iglocska
8662818177
fix: Updated the required_value field with the new name: values_list
2017-09-17 12:43:09 +02:00
iglocska
8643f0dc47
fix: Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481
2017-09-17 12:31:50 +02:00
Alexandre Dulaunoy
777ef97aeb
An object describing a regular expression (regex or regexp).
...
The object can be linked via a relationship to other attributes
or objects to describe how it can be represented as a regular expression.
2017-09-15 21:02:11 +02:00
Alexandre Dulaunoy
d781a0eb05
add: first version of a person object (partially based on the PNR types)
2017-09-14 07:49:50 +02:00
Alexandre Dulaunoy
bc27dc6d42
add: first version of the credit-card object
2017-09-13 21:18:16 +02:00
Alexandre Dulaunoy
0e409294c0
fix: port is used instead of text type
2017-09-13 17:26:59 +02:00
Alexandre Dulaunoy
579e851f5e
port type instead of text
2017-09-13 16:42:15 +02:00
Raphaël Vinot
96db4ae070
Disable some correlations
2017-09-11 16:08:03 +02:00
Alexandre Dulaunoy
50fe0c2993
Updated following Andras feedback
2017-09-06 16:13:35 +02:00
Alexandre Dulaunoy
8814be9527
yabin updated following Andras feedback
2017-09-06 16:13:02 +02:00
Alexandre Dulaunoy
317fd559d6
first version of a yabin object
2017-09-06 16:04:37 +02:00
Alexandre Dulaunoy
60f6c15655
Typo fixed
2017-08-29 22:02:10 +02:00
Raphaël Vinot
0445ebd350
Add descriptions in all the objects
2017-08-29 18:36:46 +02:00
Raphaël Vinot
9a3974f383
Update definitions of binaries
2017-08-29 13:25:58 +02:00
Raphaël Vinot
d34dd5fb60
Allow multiple entries of type flag in the ELFSection object
2017-08-27 17:49:53 +02:00
Alexandre Dulaunoy
66e7397397
phone defintion fixed
2017-08-27 08:30:58 +02:00
Alexandre Dulaunoy
41f3792b49
first version of a mobile phone object
2017-08-27 08:16:58 +02:00
Raphaël Vinot
7c3aaa30c2
Update ELF definitions, add MachO.
2017-08-25 15:52:32 +02:00
Raphaël Vinot
49cd96aa2b
Add mimetype to file object template
2017-08-23 11:01:48 +02:00
Alexandre Dulaunoy
2fd589e151
version updated
2017-08-08 20:39:36 +02:00
truckydev
ea7bdb5bd7
add X509-fingerprint
...
https://github.com/MISP/MISP/pull/2357
2017-08-08 15:11:47 +02:00
Thomas Gardner
8558bef481
added http-request object
2017-08-03 16:11:33 -06:00
Alexandre Dulaunoy
10ca2819a1
Fix: tld type not existing in MISP
2017-08-03 18:27:34 +02:00
Alexandre Dulaunoy
113eb9e5a0
A cookie object has been added.
...
An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
2017-08-03 12:15:26 +02:00
Alexandre Dulaunoy
08e5ebe995
Typo fixed in key-size - Thanks to @StefanKelm
2017-08-03 12:00:00 +02:00
Raphaël Vinot
ca24684e2f
Update required entries for PE objects
2017-07-21 11:33:38 +02:00
Alexandre Dulaunoy
6e88746a67
Improved Tor node object to include support of the new Tor monitoring
2017-07-06 14:57:32 +02:00
Alexandre Dulaunoy
afaf0d0e19
add a comment field
2017-07-05 07:41:07 +02:00
Alexandre Dulaunoy
30976be591
Tor node object template which are part of the Tor network at a time.
2017-07-05 07:33:35 +02:00
Alexandre Dulaunoy
9a1c5511f4
ui-priority
2017-07-03 16:55:14 +02:00
Alexandre Dulaunoy
e8c74fbccc
ui-priority
2017-07-03 16:50:13 +02:00
Alexandre Dulaunoy
ea8885f317
ui-priority
2017-07-03 16:50:00 +02:00
Alexandre Dulaunoy
17e57b4a59
ui-priority
2017-07-03 16:49:43 +02:00
Alexandre Dulaunoy
cb4af3ffce
ui-priority
2017-07-03 16:45:54 +02:00
Alexandre Dulaunoy
d2568c922e
ui-priority
2017-07-03 16:45:41 +02:00
Alexandre Dulaunoy
611c0b8f55
ui-priority
2017-07-03 16:45:25 +02:00
Alexandre Dulaunoy
60ebdfc3e7
ui-priority
2017-07-03 16:44:39 +02:00
Alexandre Dulaunoy
a0a922ee61
ui-priority
2017-07-03 16:44:11 +02:00
Alexandre Dulaunoy
c59ed7394a
ui-priority
2017-07-03 16:43:57 +02:00
Alexandre Dulaunoy
eab13ff63c
ui-priority
2017-07-03 16:43:25 +02:00
Alexandre Dulaunoy
65ec7b18a7
ui-priority
2017-07-03 16:43:12 +02:00
Alexandre Dulaunoy
89858f8f72
ui-priority
2017-07-03 16:42:40 +02:00
Alexandre Dulaunoy
13c7d100d0
ui-priority
2017-07-03 16:42:26 +02:00
Alexandre Dulaunoy
5615f18767
ui-priority
2017-07-03 16:42:07 +02:00
Alexandre Dulaunoy
48b17a11ed
ui-priority
2017-07-03 16:41:53 +02:00
Alexandre Dulaunoy
c0a78b1b25
ui-priority
2017-07-03 16:41:16 +02:00
Alexandre Dulaunoy
7e2214f9e9
ui-priority
2017-07-03 16:40:42 +02:00
Alexandre Dulaunoy
e9859c4746
ui-frequency updated
2017-07-03 12:27:16 +02:00
Alexandre Dulaunoy
4915d6688d
ui-frequency is the one!
2017-07-03 12:26:40 +02:00
Alexandre Dulaunoy
17d4fab43e
ui-priority is now the King!
2017-07-03 12:25:06 +02:00
Alexandre Dulaunoy
fb18a4ec29
ui-priority is now the new frequency
2017-07-03 12:24:21 +02:00
Alexandre Dulaunoy
ce9f50013c
misp-usage-frequency updated
2017-07-03 12:19:04 +02:00
Alexandre Dulaunoy
1f0d512b7d
misp-usage-frequency updated
2017-07-03 12:18:47 +02:00
Alexandre Dulaunoy
86f8ad974a
misp-usage-frequency updated
2017-07-03 12:18:25 +02:00
Alexandre Dulaunoy
405a5451cc
misp-usage-frequency updated
2017-07-03 12:17:46 +02:00
Alexandre Dulaunoy
dc2b6524c1
misp-usage-frequency updated
2017-07-03 12:15:50 +02:00
Alexandre Dulaunoy
edcf0d1a90
misp-usage-frequency updated
2017-07-03 12:14:48 +02:00
Alexandre Dulaunoy
eff1b8ba39
misp-usage-frequency updated
2017-07-03 12:14:13 +02:00
Alexandre Dulaunoy
82bdbbbd4f
misp-usage-frequency updated
2017-07-03 12:13:38 +02:00
Alexandre Dulaunoy
5f0755859e
misp-usage-frequency updated
2017-07-03 12:11:54 +02:00
Alexandre Dulaunoy
a8b1a0a512
misp-usage-frequency updated
2017-07-03 12:09:46 +02:00
Alexandre Dulaunoy
0949bd47ca
misp-usage-frequency updated
2017-07-03 12:08:42 +02:00
Alexandre Dulaunoy
a04174c1c1
misp-usage-frequency updated
2017-07-03 12:06:11 +02:00
Alexandre Dulaunoy
b18eed04ae
misp-usage-frequency
2017-07-03 12:04:56 +02:00
Alexandre Dulaunoy
aed89b835d
misp-usage-frequency -> ui-priority
2017-07-03 12:03:18 +02:00
Alexandre Dulaunoy
45230db220
Fix #14
2017-07-03 11:59:25 +02:00
Andras Iklody
ef05cd5f06
Changed DDOS port attributes to port type
2017-07-03 06:33:53 +02:00
Raphaël Vinot
9186771eb7
Update versions
2017-06-28 11:57:36 +02:00
Raphaël Vinot
16af934386
Enforce meta-category
2017-06-28 11:21:24 +02:00
Alexandre Dulaunoy
c3186cbcb2
Now meta category for ail to misc
2017-06-28 11:11:44 +02:00
Alexandre Dulaunoy
3e19326efa
jq of geolocation object
2017-03-22 07:32:07 +01:00
Alexandre Dulaunoy
ff8e9c0a36
geolocation - an object to describe a geographic location.
2017-03-22 07:30:42 +01:00
Alexandre Dulaunoy
d413434463
jq of ail-leak
2017-03-22 06:55:15 +01:00
Alexandre Dulaunoy
e6fbcf9d53
information leak object as defined by the AIL Analysis Information Leak framework.
2017-03-22 06:54:11 +01:00
Raphaël Vinot
d7a1f85100
Update attributes os r2graphity object
2017-03-21 16:46:41 +01:00
Raphaël Vinot
2f74b709d4
Updade r2graphity definition
2017-03-20 14:30:45 +01:00
Raphaël Vinot
29a66cd4d6
Add initial version of the r2graphity object
2017-03-17 18:42:10 +01:00
Raphaël Vinot
c0d95f58b5
Remove duplicate entries in file object
2017-03-17 18:00:37 +01:00
Raphaël Vinot
2c5208aab2
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-17 17:32:21 +01:00
Raphaël Vinot
2c2c11c9ca
Add and enforce UUID in the object definitions
2017-03-17 17:31:09 +01:00
Alexandre Dulaunoy
6fb4acb9da
jq all
2017-03-16 23:06:36 +01:00
Alexandre Dulaunoy
0da065163a
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-16 23:05:11 +01:00
Raphaël Vinot
c0bd545347
Add malware-sample to file object
2017-03-16 18:18:51 +01:00
Sébastien Larinier
140fcbf251
correct travis
2017-03-15 11:30:54 +01:00
Sébastien Larinier
22f2bb8825
add impfuzzy
2017-03-15 11:19:08 +01:00
Alexandre Dulaunoy
37c1722d3e
disable_correlation added
2017-03-15 07:42:14 +01:00
Raphaël Vinot
15488f0633
Update PE object
2017-03-14 15:57:05 +01:00
Sébastien Larinier
16f41b2b4a
correct travis failed
2017-03-14 10:05:48 +01:00
Sébastien Larinier
fb5ec25000
add type of sections
2017-03-13 18:04:21 +01:00
Sébastien Larinier
681d18f4eb
add attributes
2017-03-13 17:58:56 +01:00
Sébastien Larinier
684d4d0631
delete attribute
2017-03-13 17:32:51 +01:00
Sébastien Larinier
3ec78c72e4
add elf,elf-section and number of sections in a pe, and move pehash in pe
2017-03-13 17:23:42 +01:00
Sébastien Larinier
47725c5742
correct bug on characteristics
2017-03-13 16:37:20 +01:00
Sébastien Larinier
6c1020b98a
correct bug
2017-03-13 16:33:50 +01:00
Sébastien Larinier
2838d5aed4
correct bug
2017-03-13 16:08:27 +01:00
Sébastien Larinier
878d0a30ca
add characteristics and ssdeep to pe-sections
2017-03-13 15:55:29 +01:00
Raphaël Vinot
16c7164816
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-13 14:50:08 +01:00
Raphaël Vinot
b90fd9ddc1
Update file/PE objects
...
* Add sane defaults
* Disable correlation when it doesn't make sense
2017-03-13 14:49:25 +01:00
Alexandre Dulaunoy
6185e68498
JQifized
2017-03-13 08:19:27 +01:00
Alexandre Dulaunoy
8685efd136
url object JQified
2017-03-13 07:45:38 +01:00
Alexandre Dulaunoy
1da88ddb99
url object describes an url along with its normalized field (e.g. using
...
faup parsing library) and its metadata.
2017-03-13 07:45:06 +01:00
Raphaël Vinot
a755d50e92
Update file and pe, add pe-section
2017-03-12 23:06:39 +01:00
Raphaël Vinot
e931bbbd1c
Add PE object
2017-03-09 14:14:36 +01:00
Alexandre Dulaunoy
7e00825715
jq all the things
2017-03-05 16:51:02 +01:00
Alexandre Dulaunoy
18e84ca2c8
required_value for protocol added
2017-03-05 16:41:52 +01:00
Alexandre Dulaunoy
1ec1761307
First proposal of a DDoS object in MISP
2017-03-05 13:01:02 +01:00
Raphaël Vinot
a68e678f50
JQ all the things
2017-02-13 11:18:42 +01:00
Alexandre Dulaunoy
284c4e4084
Merge pull request #1 from mike1703/master
...
email object added
2016-12-12 20:54:03 +01:00
Raphaël Vinot
72ca71a1cc
Update definition.json
2016-12-12 20:10:31 +01:00
Michael Kerscher
30512f69af
registry key object added
2016-12-07 16:39:31 +01:00
Michael Kerscher
1d97cbbd2d
email object added
2016-12-07 16:06:52 +01:00
Alexandre Dulaunoy
497b7b7b7e
First version of the vulnerability object (basic CVE support)
2016-05-27 22:36:18 +02:00
Raphaël Vinot
a493cc59a3
Fix json files (file and whois)
2016-04-11 13:00:04 +02:00
Alexandre Dulaunoy
7bcc98177c
x509 object added
2016-02-16 07:43:17 +01:00
Alexandre Dulaunoy
f3afabc91b
ip-port added.
...
An IP address and a port seen as a tuple (or as a triple) in a specific
time frame.
2016-02-16 07:25:54 +01:00
Alexandre Dulaunoy
7c30ab3977
Passive DNS object added
2016-02-13 18:19:27 +01:00
Alexandre Dulaunoy
2fe9742251
Typo fixed
2016-02-13 18:17:22 +01:00
Alexandre Dulaunoy
10431c3c42
optional text attributes added
2016-02-09 21:46:45 +01:00
Alexandre Dulaunoy
415adea9a7
pattern-in-file added
2016-02-09 21:23:48 +01:00
Alexandre Dulaunoy
8587b1a71b
First version of the file object
2016-02-09 21:04:39 +01:00
Alexandre Dulaunoy
fc5ecd7c69
Whois object added
2016-02-09 16:08:15 +01:00
Alexandre Dulaunoy
433d7c5669
misp-attribute is more logical
2016-02-08 17:52:30 +01:00
Alexandre Dulaunoy
88f20e3b24
Everything is meta...
2016-02-08 16:56:11 +01:00
Alexandre Dulaunoy
474c9d8b98
Adding a category field to classify the object (e.g. quick filter)
2016-02-08 16:55:24 +01:00
Alexandre Dulaunoy
095a75d282
Updated version based on feedback from Andras
2016-02-08 16:51:38 +01:00
Alexandre Dulaunoy
f8f67f77c9
Proposal updated based on feedback from Andras
2016-02-08 15:26:49 +01:00
Alexandre Dulaunoy
39c570824a
A first experimental description of a MISP combined object
2016-02-08 15:09:46 +01:00