MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
902 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

629 Commits (0b5c9bde2964299b5f50cb53fc2e937b7d0c9907)

Author SHA1 Message Date
Deborah Servili 2721d103e5
add translation object 2019-09-19 16:14:48 +02:00
Deborah Servili a210cb0490
add hashtag attribute in microblog object 2019-09-19 13:33:45 +02:00
Deborah Servili 85f9aee365 Merge https://github.com/MISP/misp-objects 2019-09-17 15:00:51 +02:00
Deborah Servili ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post 2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy a7157678af
Merge pull request #204 from saadkadhi/patch-1 
Better wording
 2019-09-12 11:12:36 +02:00
Saad Kadhi 0f76563ffc
Better wording 2019-09-11 22:02:48 +02:00
Saad Kadhi a98631d533
Better wording 2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy 0910f0b15f
chg: [credential] adding disable correlation when required 2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy 951abf10fe
chg: [new object templates] various updates 2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master 2019-09-11 08:52:20 +02:00
Deborah Servili b9d16a38ad
draft command object 2019-09-10 16:15:40 +02:00
Deborah Servili 0d40f64815
add impersonation object 2019-09-09 16:36:16 +02:00
Christophe Vandeplas a347aa78fe fix: [virustotal] corrected typo in category 2019-08-08 14:01:09 +02:00
Christophe Vandeplas 7c3ee740fa fix: [timesketch] fix incorrect attribute type 2019-08-08 12:11:13 +02:00
Pierre-Jean Grenier 006e792829
fix: [process] change undefined attributes 
misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly
 2019-08-06 10:39:43 +02:00
Pierre-Jean Grenier fc182be371
Change undefined category to "External analysis" 2019-08-02 14:37:08 +02:00
chrisr3d 29febb2de0
fix: JQed all the things 2019-08-01 15:50:29 +02:00
chrisr3d ad83a3a56f
new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE 
- The attack-pattern object is using a new
  attribute type called weakness to describe CWE
  id, which will link to its own information as
  described in https://cve.circl.lu
 2019-08-01 14:34:30 +02:00
Raphaël Vinot e5cd4c761a chg: Rename category environment -> climate 2019-07-24 09:31:15 +02:00
Raphaël Vinot 5650664665 new: Objects for Scripps CO2 2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object 
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
 2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy fbeb34ccb7
Merge pull request #193 from kx499/master 
Adds employee object, dns-record object, and shodan object
 2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy 17f1b75973
chg: [network-connection] community-id added 2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy d504979f10
chg: [netflow] attribute community-id added in netflow object template 
Ref: https://github.com/corelight/community-id-spec

Ref: 020e67c154
 2019-07-13 10:02:15 +02:00
Alexandre Dulaunoy 919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects 2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field 
As requested in https://github.com/MISP/MISP/issues/4858
 2019-07-11 22:59:05 +02:00
Sascha Rommelfangen fd15381cc2
disable correlation on the text field 2019-07-11 16:01:06 +02:00
Sascha Rommelfangen e26a2b6d81
transaction number must be multiple (and text) 2019-07-11 15:51:07 +02:00
Sascha Rommelfangen 1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5 
fixed issue with requirements
 2019-07-11 15:24:50 +02:00
Sascha Rommelfangen 07987dc1dd
bumped version 2019-07-11 15:19:37 +02:00
Sascha Rommelfangen aab46e38ea
bumped version 2019-07-11 15:18:55 +02:00
Sascha Rommelfangen 139c190c6a
fixed issue with requirements 2019-07-11 14:56:38 +02:00
Sascha Rommelfangen 78e6b95465
missing parts for balance corrected 2019-07-11 14:34:44 +02:00
Sascha Rommelfangen 873b5cc5a1
removed unneeded characters 2019-07-10 16:35:07 +02:00
Sascha Rommelfangen 2ad020bf15 Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540' 2019-07-10 15:34:35 +02:00
Sascha Rommelfangen ad1300767f add: btc wallet and transaction object templates 2019-07-10 15:15:16 +02:00
kx1499 c8f6c97da0 Merge remote-tracking branch 'upstream/master' 2019-07-09 22:13:31 -04:00
chrisr3d 0caf4a9edc
chg: Added user-id attribute as one of the required ones 2019-07-09 17:05:48 +02:00
chrisr3d ddff56f52c
fix: TYPO 2019-07-08 11:38:11 +02:00
chrisr3d b96e7ed8be
new: New object describing user accounts 2019-07-08 11:18:21 +02:00
chrisr3d d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes 2019-07-05 16:11:31 +02:00
chrisr3d bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee 
- Users can then choose between "ip" when they do
  not know whever it is a source or destination IP
  address, or "ip-src" & "ip-dst" to have more
  clarity about the IP address
 2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools 
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
 2019-07-02 10:19:54 +02:00
ater49 e2f12cebd6 Adding IIN and bank_name 2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy 41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns 
Thanks to CERT.br for the contribution
 2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy e7bb12af7d
chg: [shell-commands] fix typo in object name 2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy 48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands. 2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy a1b2db8fd1
chg: [script] requiredOneOf for script or filename 
Malicious scripts can be received without having a filename.
 2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized 
keys (and do correlation for fun-and-profit(tm))
 2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy d922d3eaa5
chg: [person] Gender unknown added 
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.

topic:enforce
 2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious 
or just OSINT.
 2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy 230122493c
chg: [authenticode-signerinfo] first version 2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy 8f951e8450
chg: [jq] jq all the things(tm) 2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy cce77727d6
chg: [x509] improve X.509 certificate description to match required ones 
from LIEF (as discussed in #180).
 2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy 79ab435903
Merge pull request #181 from ater49/master 
Adding registration-date in domain-ip
 2019-05-04 09:35:11 +02:00
ater49 a2bec8571b Correcting "_" to "-" in fields name 2019-05-03 22:12:08 +02:00
ater49 424900b02d Adding registration-date to domain-ip 2019-05-03 22:08:44 +02:00
Raphaël Vinot f2e8195d50 new: Add offset, virtual_address and virtual_size to the pe section object 
Related to https://github.com/MISP/PyMISP/issues/388
 2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy e76e492894
chg: [regripper] version updated 2019-05-01 21:32:14 +02:00
mday 71b4e71ab1 update the misp-attribute to specify a valid value instead of an empty string 2019-05-01 14:11:30 -05:00
mday baae683771 update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy 0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s) 2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy 1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels 2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy b656cc532d
chg: [device] name of an object must be lowercase 2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy 3dcb1725ae
chg: [phishing-kit] small typo fixed in the description 2019-04-21 15:52:57 +02:00
Raphaël Vinot a6ed6df86a Merge branch 'master' of github.com:MISP/misp-objects 2019-04-18 11:15:56 +02:00
Raphaël Vinot 371ffe77fb chg: Allow to create a file object with a non-malicious file. 
Fix #175 #176
 2019-04-18 11:14:22 +02:00
Andras Iklody 92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device 
Haxpak/update device
 2019-04-16 07:43:01 +02:00
Andras Iklody ed271a3b7d
Merge pull request #173 from haxpak/master 
added option "Further Analysis Required" to attribute stage of object course-of-action
 2019-04-16 07:42:32 +02:00
haxpak 4066da31e4 changed device type drop down from category to sane_default 2019-04-16 08:31:43 +05:30
haxpak 89b8e10fbe added option "Further Analysis Required" to attribute stage 2019-04-15 17:41:39 +05:30
Andras Iklody a8e89e3eaa
Merge branch 'master' into haxpak/#24 2019-04-15 10:52:48 +02:00
haxpak 9f4e7737a1 added attribute DNS name to device object 
changed MAC address misp attribute to mac-address
 2019-04-15 10:33:08 +05:30
haxpak 3cef676f34 added OS, version, dns-name attribute to device 
changed misp-attribute of mac-address from text to mac-address
 2019-04-15 10:29:09 +05:30
haxpak 836bd04a75 meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category 2019-04-14 11:32:55 +05:30
haxpak 2053c17fa4 corrected typo 2019-04-14 11:27:29 +05:30
haxpak 4f1745a095 added meta category organization 2019-04-14 11:26:12 +05:30
haxpak b24336499a modified: objects/device/definition.json 
modified:   objects/phishing-kit/definition.json
 2019-04-14 11:04:57 +05:30
haxpak bb9ff86b2f added MAC address to device 
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
 2019-04-14 10:53:57 +05:30
haxpak 9f3fb14ed5 changed organization meta category to misc 2019-04-13 14:57:55 +05:30
haxpak 6917beee5f reverted device to misc category 2019-04-13 14:02:26 +05:30
haxpak 63fff149f0 added requiredOneOf to device definition 2019-04-13 13:49:16 +05:30
haxpak df91c999e6 fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
haxpak 23ab735119 - added : attachment attribute to annotation 
- added : new object type device
 2019-04-13 13:32:56 +05:30
haxpak 161f72678a modified : person object "changed UI priority of the attributes" 
modified : report object "added attachment to report"
 2019-04-13 12:05:51 +05:30
haxpak 71419a999a new-object : Organization "Defines an organization" 2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy c5532621b6
chg: [ip-port] ip-src added to fix #149 2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy 006aa1d1a2
chg: [script] filename added to fix #149 2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy 4793bf33ae
chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1 
Username is often utilised alongside a credential
 2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy 302182e594
Merge pull request #159 from geekscrapy/patch-1 
Added current-directory to required field
 2019-04-02 19:55:03 +02:00
molley a50986361f
Username is often utilised alongside a credential 
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
 2019-04-02 18:26:00 +01:00
molley 490d760a4b
Added current-directory to required field 
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
 2019-04-02 17:41:07 +01:00
molley a85178255c
Added issuer as one of the required fields 
This is often a field used on it's own to identify a malicious cert
 2019-04-02 17:28:49 +01:00
Raphaël Vinot 0c6b7b4302 chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy 047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI) 2019-03-15 14:36:12 +01:00
kx1499 e61344c981 Merge remote-tracking branch 'upstream/master' 2019-03-14 21:42:12 -04:00
Deborah Servili 55f5716b5d
remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00