Commit Graph

1327 Commits (main)

Author SHA1 Message Date
Alexandre Dulaunoy 3d736c427c
new: [crowdsec-ip-context] new initial object for crowdsec expansion 2023-05-11 16:52:24 +02:00
Alexandre Dulaunoy fd12a1bcd7
fix: [ai-chat-prompt] improved ai-chat-prompt template 2023-04-16 10:50:30 +02:00
Alexandre Dulaunoy 302697e045
chg: [ai-chat-prompt] ui-priority fixed 2023-04-15 16:38:13 +02:00
Alexandre Dulaunoy b81698ae10
new: [ai-chat-prompt] new object template for AI chat prompt such as ChatGPT
Following a discussion with @aaronkaplan in Vienna, this object is a
first version to describe an AI chat prompt. The template can describe
the model used, the actual quality of results and also what's the actor
context.

Reference #388
2023-04-15 16:31:22 +02:00
Alexandre Dulaunoy e1327d02bb
new: [risk-assessment-report] New object template Risk assessment report
To be used to share risk assessment report from risk assessment platform
such as [MONARC](https://github.com/monarc-project/).

This extension is done in the scope of the [NISDUC project](https://www.nisduc.eu/).

TODO: Maybe add a field for machine-readable version of the report
2023-04-13 10:41:39 +02:00
Christian Studer 9e4afdfb7a
add: [network-socket] Added MAC address attributes
- Even though they are not exactly part of the
  socket fields, it could be interesting to have
  them to have the information about them like
  they are described within the packets that are
  sent using the socket
2023-03-31 11:30:33 +02:00
Alexandre Dulaunoy b49c6824ba
chg: [greynoise-intelligence] JSON fixed 2023-03-10 15:34:32 +01:00
Brad Chiappetta 9b74873fe5 add greynoise-ip object 2023-03-10 09:16:49 -05:00
Christian Studer 1da4760dcc
fix: [network-connection, network-socket] Bytes count if also better with an S 2023-03-07 23:26:51 +01:00
Christian Studer 437808339e
fix: [network-connection, network-socket] Packets count is better with an S 2023-03-07 23:19:08 +01:00
Christian Studer 1cab455a56
fix: [network-socket] Typo 2023-03-07 16:54:30 +01:00
Christian Studer d71cdf367d
add: [network-socket] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:49:06 +01:00
Christian Studer 1651281d0b
add: [network-socket] Added the first & last packet seen object relation and made the protocol attribute multiple 2023-03-07 16:48:00 +01:00
Christian Studer 57beac3bc7
add: [network-connection] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:45:51 +01:00
Christian Studer 0e9ae98b49
add: [network-connection] Added a `last-packet-seen` attribute 2023-03-06 12:02:24 +01:00
Christian Studer 9c51feb43b
add: [network-connection] Added MAC address attributes 2023-03-03 14:55:09 +01:00
Christian Studer 4b5faf196b
add: [registry-key-value] New template to describe registry key values
- The `registry-key` object template includes
  already the `data`, `data-type` & `name` fields
  of a registry key value, but there is a
  limitation in the case of multiple registry key
  values
- In order to describe multiple registry key
  values, instead of adding a simple `multiple`
  field to the related and above mentioned fields,
  it is better to use the `registry-key-value`
  template so we know which data, data type and
  name values are related to a given registry key
  value
- It is then possible to have a reference between
  the registry key object and the related values
2023-03-01 20:50:30 +01:00
Raphaël Vinot f579209884 fix: forgot to jq all the things. 2023-03-01 15:13:39 +01:00
Raphaël Vinot 38cfc975b5 fix: [ais] invalid ref name in requirements 2023-02-28 13:14:13 +01:00
Raphaël Vinot ba80167846 chg: rename AIS -> ais to match the directory name. 2023-02-28 13:10:31 +01:00
Christian Studer 79bf12de68
add: [directory] New object template for directories 2023-02-27 10:56:31 +01:00
Christophe Vandeplas 0c7eb831d8 chg: [AIS] Addition of AIS maritime ship identification and tracking 2023-02-25 18:48:11 +08:00
Christian Studer 892b7ee70f
add: [file] Added creation, modification & access time attributes 2023-02-20 19:31:59 +01:00
Alexandre Dulaunoy d60112ee66
new: [ransomware-group-post] First draft object for ransomlook.io 2023-02-17 10:33:59 +01:00
Alexandre Dulaunoy 13f173a3ce
fix: [victim] format fixed 2023-02-02 10:58:30 +01:00
Alexandre Dulaunoy 89010c466c
Merge pull request #383 from nyx0/main
[victim] add information and cultural industries sector
2023-02-02 10:57:08 +01:00
Alexandre Dulaunoy cd27802aab
fix: [objects description] ref #384 - Grammar fixes included in the JSON files. 2023-02-02 10:51:32 +01:00
Thomas Dupuy 9b56d1f427 fix: [victim] replace tab with spaces 2023-02-01 16:56:32 +00:00
Thomas Dupuy 92ed5d48ad new: [victim] add information and cultural industries sector 2023-02-01 16:48:01 +00:00
Thomas Dupuy bd168c639a chg: [victim] sort sectors 2023-02-01 16:40:24 +00:00
Alexandre Dulaunoy fa39a64dc4
chg: [transport-ticket] update to add the type of ticket (e.g. boarding pass versus ticket) 2023-01-27 15:55:08 +01:00
Alexandre Dulaunoy 5a45977e23
fix: [transport-ticket] JSON orders 2023-01-27 15:33:22 +01:00
Alexandre Dulaunoy 81214acbbe
new: [transport-ticket] new object template to describe a transport ticket
Credits for the idea: Maxime Benoit
2023-01-27 15:30:32 +01:00
David Cruciani 350c9b07cf chg: [typosquatting] jq_all_the_things 2023-01-16 08:45:20 +01:00
David Cruciani 7518752dff add: [object] typosquatting-finder 2023-01-16 07:48:03 +01:00
Alexandre Dulaunoy 5cb7e98e20
fix: [victim] jq run 2023-01-06 15:08:28 +01:00
Thomas Dupuy 9e9540524d new: Add legal sector. 2023-01-04 17:10:18 +00:00
Alexandre Dulaunoy 322cbaa21e
fix: [vehicle] jq all the things 2022-12-30 07:37:54 +01:00
Andras Iklody 3e8730cc1f
fix: [language] Turning french fries into freedom fries 2022-12-23 08:59:16 +01:00
Alexandre Dulaunoy a3263d72d6
fix: [jq] all 2022-12-22 13:15:10 +01:00
Alexandre Dulaunoy c52481cac1
fix: [thaicert-group-cards] name is singular has a single value which
can be multiple
2022-12-22 13:12:05 +01:00
Alexandre Dulaunoy 2b65dedb4d
fix: [objects] jq all the things 2022-12-22 13:10:03 +01:00
Alexandre Dulaunoy 83930e211f
chg: [groups->thaicert-group-cards] to make it more logical 2022-12-22 13:08:34 +01:00
Alexandre Dulaunoy b9c512a71b
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00
th3r3d 56c6b9148c
Create definition
Faked persnona template inspired by MITRE
2022-12-12 19:03:29 +01:00
th3r3d 5ff1dff7b0
Create definition in groups
Inspired by threat actor group cards
2022-12-12 19:02:23 +01:00
th3r3d 262e2bee90
Created definition for ADS
For ADS framework - create
2022-12-12 19:01:23 +01:00
Alexandre Dulaunoy 858e485263
fix: [mactim-timeline-analysis] invalid UUID fixed 2022-12-11 13:03:18 +01:00
Alexandre Dulaunoy d491cde4b1
fix: [fail2ban] incorrect UUID fixed 2022-12-11 12:54:24 +01:00
Alexandre Dulaunoy 2787dc45d7
fix: [person] add a missing passport-creation date field. 2022-11-19 12:21:16 +01:00
Christian Studer b877eb0815
add: [exploit] Added `description` and `title` attributes 2022-10-23 23:11:48 +02:00
Delta-Sierra e7b9a8e7cf add username field in telegram-bot object 2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy 82c699cc5f
new: [telegram-bot] new object to describe Telegram bots 2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy 06df368890
new: [intrusion-set] based on the STIX 2.1 definition
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00
Alexandre Dulaunoy 35df5bad01
new: [exploit] Exploit object template to describe code or program used
to exploit specific vulnerabilities. The objet can be linked to
`vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00
Alexandre Dulaunoy 3cf9307b24
Merge branch 'main' of github.com:MISP/misp-objects into main 2022-09-09 07:26:37 +02:00
Alexandre Dulaunoy fa26cdf15e
fix: [facebook-group] add an optional ID reference to the facebook id 2022-09-09 07:24:05 +02:00
Alexandre Dulaunoy fc51889b42
new: [facebook-reaction] new object to link reaction with facebook posts or alike 2022-09-09 07:21:59 +02:00
Alexandre Dulaunoy 3abfb19982
Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2
spearphishing-objects-v2
2022-08-26 08:53:49 +02:00
goodlandsecurity b258786935 jq_all_the_things 2022-08-25 16:03:59 -05:00
goodlandsecurity 26c2767228 allow multiple of certain types. bump version 2022-08-25 15:56:36 -05:00
Alexandre Dulaunoy ec351176f9
chg: [security-playbook] JSON fixed 2022-08-25 10:17:48 +02:00
Vasileios Mavroeidis 2771e2681f
Update definition.json
Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)
2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy 9b9c838961
fix: [yara] add a reference link to the YARA object template 2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy 734d85337d
new: [sigma] a sigma attribute exists in MISP but the object was
missing to add some additional meta information.
2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy 50f61a03be
chg: [scheduled-task] disable_correlation + clarification 2022-07-08 15:03:27 +02:00
Delta-Sierra 73c2462448 Windows Scheduled Task Object - First draft 2022-07-07 15:17:34 +02:00
matthijsvp 8e024f4863 chg: Fixed typo in disable_correlation 2022-07-01 16:59:03 +02:00
matthijsvp 896fb72735 Merge from master 2022-07-01 16:47:23 +02:00
Matthijs van P 29d7467de9
Merge branch 'MISP:main' into main 2022-07-01 16:43:49 +02:00
matthijsvp 593d80abd1 initial commit 2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy db5033f385
fix: [ftm-*] Fixing missing description - #363 2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy 85dd164dbb
fix: [ftm] missing description fix #363 2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy 9b0a9cd9eb
chg: [ftm-Call] fixed missing description 2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy 91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy 07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
MISP object template designed following requests and especially this twitter thread:

https://twitter.com/castello_johnny/status/1540610057263628289

I added a list of sane default based on the ones I have seen being used:

      "sane_default": [
        "event query language (eql)",
        "keyword query language (kql)",
        "Query DSL",
        "Query (Elastic Search)",
        "Sigma",
        "Lucene query",
        "Google search query",
        "Ariel Query Language (qradar)",
        "Grep",
        "Devo LINQ"
      ],

Thanks to Gianni Castaldi and others for ideas.

The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy 8fd41924dd
chg: [stock] newline fixed 2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy 7ea63899df
chg: [stock] UUID fixed 2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy 421f5f9ccc
new: [stock] a first version of a stock market object to describe stock in MISP 2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy 8215066c96
chg: [report] add Zotero item types in addition to the default type 2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy b56d3a980b
Merge branch 'main' of github.com:MISP/misp-objects into main 2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy cbfff75588
chg: [network-connection] add a counter following discussion with @chrisr3d 2022-06-17 10:05:09 +02:00
iglocska b99a0e939d
chg: [domain-ip] added the multiple flag back to ports
- as discussed with @righel, if we allow multiple IPs we should also allow multiple ports
- we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses
2022-05-30 18:07:25 +02:00
Good Land Security df5f9921df
Merge branch 'MISP:main' into spearphishing-objects 2022-05-20 20:20:10 -05:00
goodlandsecurity 2b19a8099e formatting after jq_all_the_things 2022-05-20 14:24:40 -05:00
goodlandsecurity 1c3aff42c5 added date for tracking when e-mail was sent 2022-05-20 14:20:37 -05:00
goodlandsecurity c62a113fec add new objects for spearphishing-link and spearphishing-attachment intel 2022-05-20 11:49:15 -05:00
matthijsvp f04caaa2c1 Added fields 2022-05-20 15:53:29 +02:00
matthijsvp bffed035df Merge branch 'main' of github.com:matthijsvp/misp-objects 2022-05-20 15:50:37 +02:00
matthijsvp dac6d57e79 Added some field from feedback 2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy ccd239bf64
chg: [security-playbook] jq all the things 2022-05-18 22:00:41 +02:00
Vasileios Mavroeidis 0c54a39d37
Update definition.json
The PR updates the security playbook object with improved semantics based on feedback we have received. 

The updated template has "one-to-one" mapping with the available STIX 2.1 ad-hoc extension for the COA SDO available here: https://github.com/fovea-research/stix2.1-coa-playbook-extension

This research (updated version 3) was partially supported by the research projects CyberHunt (Grant No. 303585 - funded by the Research Council of Norway) and JCOP (Grant No. INEA/CEF/ICT/A2020/2373266 - funded by the European Health and Digital Executive Agency through the Connected Europe Facility program).
2022-05-18 13:56:59 +02:00
Alexandre Dulaunoy 7c7d1fbe98
chg: [paloalto-threat-event] Hungary access to the git repository has been sanctioned 2022-05-11 15:38:24 +02:00
Andras Iklody a5184c6746
chg: [paloalto-threat-event] version bump
For instances that ingested it before the disable_correlation changes, they didn't take and ended up pushing a lot of correlating noise. This should resolve it for the future.
2022-05-11 13:16:36 +02:00
matthijsvp b8456cf80b Ran validation 2022-05-07 08:00:38 +02:00
Matthijs van P 9e378c705f
Merge branch 'MISP:main' into main 2022-05-07 07:56:36 +02:00
Matthijs van P 109f78336b
Changed version to int. 2022-05-07 06:47:40 +02:00
Christian Studer f762d5b2a4
add: [passive-ssh] Added `port` attribute 2022-05-06 17:01:13 +02:00
matthijsvp 3f90f65508 Fixed spelling mistakes 2022-05-06 14:09:50 +02:00
matthijsvp bb686f24d4 Removed required field 2022-05-06 13:50:34 +02:00
matthijsvp d04d453f47 Added sane defaults to all booleans 2022-05-06 13:48:12 +02:00
matthijsvp dcf34a680f bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00
matthijsvp 7480c51533 Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00
Christian Studer de7792373c
add: [passive-ssh] Added `banner` & `hassh` attributes 2022-05-05 20:38:53 +02:00
matthijsvp 33458100e4 Fixed ui order, fixed screenshot type 2022-05-05 15:54:37 +02:00
matthijsvp 6ec02ff6d8 Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00
matthijsvp 1c2513caf2 Fixed email attribute type, fixed typo 2022-05-05 15:38:19 +02:00
matthijsvp 38d22a425f v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00
matthijsvp 25c318c3b3 Initial commit 2022-05-04 16:49:17 +02:00
3c7 314d72f948
Fixes wrong category and typo in value list 2022-04-26 15:05:05 +02:00
3c7 e57ab0f522
uploaded -> submitted; otherwise possible semantic collision with "uploads" relationship 2022-04-26 14:07:20 +02:00
3c7 dcb44bcc5a
Added VirusTotal Submission object and uploaded/uploaded-by relation 2022-04-26 14:02:43 +02:00
Alexandre Dulaunoy ea23d59185
chg: [organization] NL fixed 2022-04-04 14:49:44 +02:00
Alexandre Dulaunoy 783ae64fa0
chg: [organization] typo fixed 2022-04-04 14:46:22 +02:00
Alexandre Dulaunoy 6e98779d1a
Merge branch 'main' of github.com:MISP/misp-objects into main 2022-04-04 14:08:34 +02:00
Alexandre Dulaunoy 46a4b67c35
chg: [organization] add registry number and format for date of registration 2022-04-04 14:07:55 +02:00
chrisr3d 60d2fc447f add: [employee] Added a `full-name` object_relation for cases when we are not sure which name is the first and the last 2022-03-31 20:21:12 +02:00
Alexandre Dulaunoy f1086328a1
chg: [personification] fixed 2022-03-24 15:42:35 +01:00
Alexandre Dulaunoy 05195859b1
Merge pull request #351 from 0wlyW00d/main
Add new objects to better describe a natural person
2022-03-22 21:58:37 +01:00
Alexandre De Oliveira 2a7d2de508 modified by ./jq_all_the_things.sh 2022-03-21 15:04:26 +01:00
Alexandre De Oliveira a98ac163fb
Update object version to v5 2022-03-21 15:02:48 +01:00
0wlyW00d c44272a069 test 2022-03-21 10:08:36 +00:00
0wlyW00d 3dd5c938fe Objects add 2022-03-21 10:01:37 +00:00
0wlyW00d d82287d35f
Add news objects to MISP
Creation of new object to better describe a natural perso
Add CLoth Object
Add Tattoo object
Add Personification Object
2022-03-20 17:13:31 +01:00
0wlyW00d b6c6de5632
Add tattoo object definition 2022-03-19 11:56:48 +01:00
Alexandre De Oliveira e54cfa0e4c modified by ./jq_all_the_things.sh 2022-03-18 12:17:41 +01:00
Alexandre De Oliveira e2da981c94
Update definition.json 2022-03-18 12:15:58 +01:00
Alexandre De Oliveira df2b900c75 Run the ./jq_all_the_things.sh 2022-03-18 12:12:04 +01:00
Alexandre De Oliveira da1d90ab8a
Add fields related to GT 2022-03-18 12:08:13 +01:00
Alexandre Dulaunoy 5bfe1f2d66
chg: [person] add new potential direct message chat application 2022-03-17 15:56:16 +01:00
Alexandre Dulaunoy cc2587d733
chg: [person] handle added as requested by @gallypette 2022-03-17 15:14:32 +01:00
Alexandre Dulaunoy 9515ae332e
chg: [instant-message] Jabber and Twitter added + updated required fields 2022-03-17 09:14:39 +01:00
enes-usta 3c7ee6214e added cheat types and minor changes 2022-03-15 03:37:26 +01:00
enes 5eea5eae14 Add game-cheat Object 2022-03-14 16:07:09 +01:00
Alexandre Dulaunoy a3bec8e748
fix: [ip-port] jq all the things 2022-03-11 10:21:09 +01:00
mhpcchaves d4cad4db46
Include protocol, AS, and country code
Include protocol, AS and country code to add more context to the tuple.
2022-03-10 09:34:52 -03:00
Alexandre Dulaunoy 6405b3f114
chg: [ddos] because newline 2022-03-09 11:06:19 +01:00
Alexandre Dulaunoy e0d30596f6
chg: [ddos] The minimum amount of backscatter received in 5 minutes /
day added in the object as backscatter-threshold.
2022-03-09 10:48:47 +01:00
Alexandre Dulaunoy ae2814bb99
new: [error-message] new template to create error-message from MISP processing scripts 2022-02-17 16:47:08 +01:00
Alexandre Dulaunoy b741142e2c
chg: [ddos] Updated DDoS object template to include more details and clarification
- Clarify that the field of pps/bps are peak values;
- New fields for total number of packets or bytes;
- Type of DDoS added in the object;
- How the capture of the DDoS evidences were collected;
2022-02-17 07:38:35 +01:00
Alexandre Dulaunoy 363f90f789
new: [language-content] New object template language-content based on
7.1 (STIX 2.1)
2022-02-15 07:21:58 +01:00
Alexandre Dulaunoy 7dffebe9b6
new: [infrastructure] infrastructure object added (STIX 2.1 - 4.8) 2022-02-14 11:30:09 +01:00
Alexandre Dulaunoy 2ca2606252
new: [software] software template object added based 6.14 (STIX 2.1) 2022-02-14 11:06:53 +01:00
Jeroen Pinoy 1ee36b4426
new: Add apivoid email verification API result object 2022-02-07 17:54:31 +01:00
Alexandre Dulaunoy a6d51a91b9
chg: [objects] jq all the things 2022-02-04 08:52:33 +01:00
Alexandre Dulaunoy dfc090f19e
chg: [person] typo fixed 2022-02-04 08:50:36 +01:00
Alexandre Dulaunoy b67cda2d51
chg: [instant-messaging] add new sane default 2022-02-04 08:49:32 +01:00
Alexandre Dulaunoy d6dbeaa574
chg: [person] add the ability to set the instant-messaging apps used by the person 2022-02-04 08:47:56 +01:00
Alexandre Dulaunoy 30c53a61eb
fix: [JSON] updated 2022-02-03 17:44:17 +01:00
Alexandre Dulaunoy 1d32596600
chg: [ss7/gtp/diameter] used description updated in the README 2022-02-03 17:43:28 +01:00
Alexandre De Oliveira 6859121d16 Modification after running ./jq_all_the_things.sh 2022-02-03 12:58:56 +01:00
Alexandre De Oliveira c5d084b930
Remove a duplicated gprsLocationUpdate 2022-02-03 12:54:09 +01:00
Alexandre De Oliveira df81204b24 Modification avec the jq_all_the_things.sh 2022-02-03 10:42:35 +01:00
Alexandre De Oliveira 98df3423cd
Merge branch 'MISP:main' into master 2022-02-03 10:03:36 +01:00
Alexandre De Oliveira f1fea67b58
Add FowardSM for "old" SMS 2022-02-01 17:26:22 +01:00
Alexandre Dulaunoy 8cd68cdfd6
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload.
ref: STIX 2.1 - 6.1

Open point: relationships for the related hashes
2022-02-01 16:25:24 +01:00
Alexandre Dulaunoy 430df1cf48
new: [identity] from STIX 2.1 - 4.5 - new object template
Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).

Ref: 4.5 Identity
2022-01-31 07:45:38 +01:00
Alexandre De Oliveira 41d52f67b9
Cleanup ApplicationContext List + Removed versions
Versions are managed via the MAP Version field
2022-01-19 18:05:40 +01:00
Alexandre De Oliveira 7c88589d6d
Merge branch 'MISP:main' into master 2022-01-19 17:57:48 +01:00
Alexandre Dulaunoy b2638ebae3
chg: [instan-message-*] add Tox as potential chat application
Ref: https://wiki.tox.chat
2022-01-16 16:39:06 +01:00
Alexandre Dulaunoy 398dd04dae
chg: [stix2-pattern] add STIX 2.1 2022-01-14 16:43:01 +01:00
Alexandre De Oliveira e7622d92b3
Add list of MAP Opcodes (text + number) 2022-01-11 09:49:30 +01:00
Alexandre De Oliveira aa00bd384c
Add MAP application context list, without version 2022-01-11 09:43:03 +01:00
Alexandre Dulaunoy 48a486b044
fix: [template] missing newlines 2022-01-06 16:52:43 +01:00
Alexandre Dulaunoy 87a40ae57d
chg: [ftm-Company/github] update template version 2022-01-06 16:50:29 +01:00
Alexandre Dulaunoy e9dfbc54c4
chg: [ftm-Company] new line 2022-01-06 16:49:16 +01:00
Alexandre Dulaunoy 74c6943bab
Merge branch 'patch-1' of https://github.com/dreyergustav/misp-objects into dreyergustav-patch-1 2022-01-06 16:48:09 +01:00
chrisr3d b32b7f84fc
add: [github-user] Added the `id` object relation for the GitHub user id 2022-01-06 14:11:57 +01:00
dreyergustav f90a06ce95
Add description to ftm-Company object template
The empty string value in the description key caused an error when new objects were added to events.
2022-01-06 13:01:18 +01:00
Alexandre Dulaunoy 0e5fa57d82
chg: [probabilistic-data-structure] updated followng JL feedback 2021-12-29 16:27:26 +01:00
Alexandre Dulaunoy 5a4f7efbc8
new: [probabilistic-data-structure] Probabilistic data structure object describe a space-efficient data structure such as Bloom filter or similar structure. 2021-12-29 15:09:38 +01:00
Alexandre Dulaunoy b75be5cb19
chg: [person] occupation added 2021-12-22 10:25:13 +01:00
Alexandre Dulaunoy 734bfee82f
fix: [temporal-event] newline issue 2021-12-21 08:15:06 +01:00
Alexandre Dulaunoy 6e5db86325
chg: [temporal-event] fix typo in template name 2021-12-21 08:12:21 +01:00
Lucas Magalhães 27fce9e7ec Add sane default for boolean objects 2021-12-20 20:02:29 +00:00
Jeroen Pinoy b63b645635
chg: add requiredOneOf for postal-address 2021-12-20 14:15:10 +01:00
Raphaël Vinot 1c3882581e fix: incorrect entry in CMTMF_ATCKID 2021-12-20 13:17:46 +01:00
Alexandre Dulaunoy 1d93c1ae63
fix: [concordia] new-lines 2021-12-20 11:36:44 +01:00
Alexandre Dulaunoy 3221dc0ed7
new: [concordia-mtmf-intrusion-set] New object intrusion-set for mobile attacks 2021-12-20 11:31:41 +01:00
Alexandre Dulaunoy b3b24473f2
chg: [person/organization] add new role values such as Source, Originator, Informant, Emitter
Fix #338

Emitter has been added for cases in SIGINT and MASINT where emitter
terminology can be used.
2021-12-14 17:24:00 +01:00
Alexandre Dulaunoy 9dc7e3578f
new: [temporal-event] temporal event added 2021-12-07 15:26:23 +01:00
Alexandre Dulaunoy 282048b18f
chg: [user-account] fixing the Hungarian leader GitHub edit perversion 2021-11-30 10:34:35 +01:00
Andras Iklody a153553df1
fix: [user-account] added description to avoid issues in MISP 2021-11-30 10:24:06 +01:00
Alexandre Dulaunoy 9ee8f2912d
chg: [person] optional function field added
Credits: feedback from student at University of Lorraine
2021-11-27 11:56:39 +01:00
Sami Tainio 56f09c4431 Ran jq_all_the_things_.sh 2021-11-26 15:37:32 +02:00
Sami Tainio 9178943a75
add: [email] Added display name attribute for reply-to 2021-11-26 15:26:40 +02:00
Alexandre Dulaunoy d2606f6688
chg: [ja3s] updated 2021-11-14 22:38:47 +01:00
Alexandre Dulaunoy b9ea4e1278
new: [ja3s] JA3 server object template added Fix #296 2021-11-14 22:33:58 +01:00
iglocska 3ed8f7ae6e
chg: [submarine] fixes and list of types added 2021-11-12 08:39:35 +01:00
iglocska 66c037177e
fix: [naval] meta category fixed 2021-11-12 08:36:00 +01:00
iglocska dba92cbd53
chg: jq all the things 2021-11-12 08:33:24 +01:00
iglocska 6a970c03a4
new: submarine object template added 2021-11-12 08:31:54 +01:00
iglocska 44c7a7fc56
Revert "new: added submarine"
This reverts commit d1401437cb.
2021-11-12 08:29:47 +01:00
iglocska d1401437cb
new: added submarine 2021-11-12 08:28:53 +01:00
Jeroen Pinoy e1a809ed2c
new: postal address object 2021-11-03 22:00:49 +01:00
Alexandre Dulaunoy ae6a527bcb
chg: [report] disable correlation on report type 2021-11-02 09:06:18 +01:00
Alexandre Dulaunoy 1cd5a3e9f0
chg: [passive-ssh] newlines disaster 2021-10-26 14:03:24 +02:00
Jean-Louis Huynen fa397128bf
chg: [passive-ssh] change fingerprint type 2021-10-26 11:50:23 +02:00
Alexandre Dulaunoy 95a23d219e
chg: [device] ui-priority added 2021-10-25 16:05:04 +02:00
Alexandre Dulaunoy 570a5c18b6
chg: [devices] fixed missing ui-priority 2021-10-25 15:56:50 +02:00
Alexandre Dulaunoy 3e491aa83b
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-10-25 15:53:12 +02:00
Alexandre Dulaunoy dcc9e4c8be
chg: [device] added hits, status and infection_type (from ShadowServer)
- request for VarIOT project
2021-10-25 15:52:34 +02:00
Alexandre Dulaunoy c380279dca
Merge pull request #332 from gallypette/master
add: [passive-ssh] new object
2021-10-25 15:36:58 +02:00
Alexandre Dulaunoy 960a03be22
chg: [geolocation] countrycode added as requested for the VarIOT. 2021-10-25 15:35:23 +02:00
misp dac24a50c9 add: [passive-ssh] new object 2021-10-25 12:29:52 +02:00
chrisr3d b0eb0779df
fix: [report] Removed parenthesis from the object relation `report-file` 2021-10-25 12:02:25 +02:00
chrisr3d eb0af71d60
add: [email] Added display name attribute for CC and BCC 2021-10-25 12:00:25 +02:00
Sami Tainio 48e6ff2567 Ran jq_all_the_things_.sh 2021-10-23 10:58:55 +03:00
Sami Tainio aa2aa0814a
chg: [email] add a `bcc` field, `reply-to` can be multiple
Fix #329
2021-10-22 23:29:35 +03:00
Quentin JEROME 2394885553 Ran jq_all_the_things.sh 2021-10-06 20:13:39 +02:00
qjerome ce1aea0e14
Update descriptions of edr-report 2021-10-06 19:42:34 +02:00
Quentin JEROME 38303b282f Added edr-report MISP Object definition 2021-10-06 19:42:45 +02:00
Alexandre Dulaunoy 6ad5f18831
chg: [security-playbook] updated 2021-10-05 15:28:26 +02:00
Vasileios Mavroeidis ef16c5fe9a
Update definition.json
Improved the descriptions of the properties to aid their usability and resolve numerous ambiguities.
2021-10-02 13:01:11 +02:00
Alexandre Dulaunoy 3d52773e9d
fix: [playbook] it's always a newline story ;-) 2021-09-29 17:08:40 +02:00
Vasileios Mavroeidis 1b3447ffba
Update definition.json
person-role is not included in the attributes
2021-09-29 17:03:10 +02:00
Alexandre Dulaunoy 02e00959c4
fix: [security-playbook] newline issue 2021-09-28 14:49:28 +02:00
Alexandre Dulaunoy 4fed830b87
fix: [security-playbook] Categories are case sensitive 2021-09-28 14:48:27 +02:00
Pavel Eis ee9b978c5e new: [security-playbook] security-playbook added 2021-09-28 10:31:45 +02:00
Alexandre Dulaunoy c8cd002a3b
chg: [hashlookup] add KnownMalicious field in hashlookup record 2021-09-24 15:33:53 +02:00
Alexandre Dulaunoy 0ba346f194
chg: [hashlookup] add source, TLSH, SSDEEP fields in the object template 2021-09-24 15:23:04 +02:00
Alexandre Dulaunoy ffa6ed7963
chg: [process] remove ambiguity between user-creator and current user running the process
Following CISA/DHS feedback

Fix #322
2021-09-14 08:35:02 +02:00
Alexandre Dulaunoy 3f6a653b0d
fix: [user-account] replace the unclear text in description
Feedback from CISA/DHS - fix #323
2021-09-14 08:31:01 +02:00
Alexandre Dulaunoy 8c86f26e78
chg: [domain-ip] newline fix 2021-09-11 07:53:21 +02:00
Andras Iklody 12612abdcb
remove multiple from ip field 2021-09-10 15:24:50 +02:00
Alexandre Dulaunoy b42a9d8fe0
chg: [ss7-attack] order and newline 2021-09-04 10:19:25 +02:00
Alexandre De Oliveira 9f2f46faa7
Added few fields for GT Leasing - v3 2021-09-02 13:57:40 +02:00
chrisr3d d2b93f5aa6
chg: [hashlookup] Using the `filename` type for the FileName attribute instead of `text` 2021-08-26 15:13:14 +02:00
Alexandre Dulaunoy 633a84df03
chg: [hashlookup] newline because you know 2021-08-25 12:02:17 +02:00
Alexandre Dulaunoy 7e849963f1
chg: [hashlookup] filename changed 2021-08-25 12:00:11 +02:00
Alexandre Dulaunoy 1e4f39f728
new: [hashlookup] new hashlookup.circl.lu object 2021-08-25 11:55:57 +02:00
Alexandre Dulaunoy 8ecdd68eb8
chg: [tsk-web-search-query] jq all the things 2021-07-25 09:11:42 +02:00
Alexandre Dulaunoy 7d7cea0459
Fix incorrect type for domain 2021-07-25 09:09:53 +02:00
Alexandre Dulaunoy d37c575ee0
chg: [email] add a from-domain field to add domain when full email is not known or a wild card
Fix #318

Feedback from Eurocontrol training
2021-06-22 15:23:41 +02:00
Alexandre Dulaunoy b6366988f4
chg: [paloalto-threat-event] fix newline 2021-05-28 23:07:49 +02:00
phmazzoni df58f2b29f
Disabling some field correlations
Disabling some field correlations to avoid excessive number of events
2021-05-27 17:24:58 -03:00
Alexandre Dulaunoy 212e410258
chg: [ddos] fix newline 2021-05-27 16:25:52 +02:00
Alexandre Dulaunoy a31f7d0f26
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
2021-05-27 16:19:12 +02:00
Alexandre Dulaunoy 195f0fe46a
fix: [passive-dns-dnsdbflex] newline 2021-05-26 14:12:10 +02:00
aaronkaplan 094d61a51a
dnsdbflex object 2021-05-26 12:34:34 +02:00
Alexandre Dulaunoy 93b99230e3
chg: [jq] all the things 2021-05-25 23:15:59 +02:00
Alexandre Dulaunoy 265f8d3fc7
chg: [geolocation] fix UUID to be valid UUIDv4 2021-05-25 23:11:01 +02:00
Alexandre Dulaunoy d89296b542
new: [open-data-security] new object template based on open data
security definition

To be used in VARIoT project. https://www.variot.eu/
2021-05-17 15:55:23 +02:00
Alexandre Dulaunoy 5d986dc25e
chg: [phishing] newline 2021-05-11 15:44:35 +02:00
Alexandre Dulaunoy 8bb8a1d22c
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-05-11 15:01:53 +02:00
Alexandre Dulaunoy d8340c3f67
chg: [phishing] version bump 2021-05-11 15:01:31 +02:00
chrisr3d 3a2e44c442
fix: [network-socket] Typo 2021-05-06 15:42:03 +02:00
chrisr3d 5028d5d99f
add: [network-socket] Added Socket type attribute 2021-05-06 15:17:52 +02:00
Alexandre Dulaunoy 7a476ec4ef
chg: [passive-dns] jq 2021-05-03 07:20:51 +02:00