MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
572 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

389 Commits (0db808ab6a09a420ac4523d986ad154d91ba00ec)

Author SHA1 Message Date
Andras Iklody 5af0d31c49
Allow multiple "pattern-in-file" in file object, fixes #109 2018-07-20 07:03:22 +02:00
Alexandre Dulaunoy 6bfa279701
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added 2018-07-18 09:52:31 +02:00
Raphaël Vinot 0244bce6ef new: threatgrid-report object template 2018-07-16 13:48:56 +02:00
Alexandre Dulaunoy 9918cc393d
chg: [coin-address] ETN symbol added 2018-07-13 17:07:35 +02:00
Alexandre Dulaunoy 88819d6fa3
chg: [exploit-poc] a same context can contains multiple PoC samples 2018-07-10 09:32:12 +02:00
Alexandre Dulaunoy 021b06bacd
new: exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. 2018-07-10 07:41:09 +02:00
Alexandre Dulaunoy 856cec8d09
chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00
Alexandre Dulaunoy 9eb578d747
chg: [vulnerability] updated following NATO and CIRCL feedback 
- CVSS score added
- CVSS string added
- credit attribute added
- text -> description
- vulnerability attribute can now be any format (not only the CVE
format)
 2018-07-10 07:21:36 +02:00
Alexandre Dulaunoy 2b5592cfa6
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format 
Fix #106
 2018-07-09 21:50:44 +02:00
Alexandre Dulaunoy 6c36a1df69
chg: [coin-address] XMR type address added in addition to the default Bitcoin address format 2018-07-04 11:10:50 +02:00
Alexandre Dulaunoy 3b21125acd
add: missing timesketch-timeline object template 2018-06-22 07:44:20 +02:00
Alexandre Dulaunoy d9a616095a
Chg: jq all the things 2018-06-19 21:11:24 +02:00
AH 7d1e3747d0 STIX AIS Information source 2018-06-18 19:24:31 -04:00
Thirion Aurélien d2c9ae007a
modify ail-leak object for the tagging system 2018-06-12 11:47:44 +02:00
Alexandre Dulaunoy b6f12a9f46
chg: new script template object 
Object describing a computer program written to be run in a special run-time environment. The script or shell
script can be used for malicious activities but also as support tools for threat analysts.

Fix #101
 2018-06-09 11:36:58 +02:00
Alexandre Dulaunoy 1ca25a39ad
fix: missing ui-priority 2018-06-09 10:59:01 +02:00
Alexandre Dulaunoy 07f41b0444
chg: EPSG and spacial-reference add fix #102 
Following feedback during the last ENISA Cyber Europe 2018, we updated
the geolocation object to the following:

 - Fixing ui-priority to ensure lat,long in order
 - Adding the ability to specify an EPSG value instead of coordinates
 (handy if you want to quickly express a known location/area)
 - Set a default spacial-reference to avoid confusion between reported
 value from GPS versus values projected into a specific spacial
 projection. default is WGS-84.
 2018-06-09 10:46:12 +02:00
Corsin Camichel 85901f995a
renamed url attributed, versioning date based 2018-06-05 14:39:12 +02:00
Corsin Camichel 69ed89cef0
updated definition, removed some attributes 2018-06-05 14:35:42 +02:00
Corsin Camichel 19f7c90d1a
Shortened link and its redirect target 2018-06-05 11:04:15 +02:00
Alexandre Dulaunoy d17d11df1a
chg: username of the author added + disable correlation for origin 2018-06-04 19:46:58 +02:00
Alexandre Dulaunoy fe3a91b8d9
chg: change version of the SS7 template object 2018-05-29 16:07:50 +02:00
chrisr3d 00bf1999fc Merge branch 'master' of github.com:MISP/misp-objects 2018-05-25 09:13:44 +02:00
chrisr3d e754719c00
Attribute typo 2018-05-25 09:13:14 +02:00
Alexandre Dulaunoy 52e1316717
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. 2018-05-21 10:19:54 +02:00
chrisr3d b5f352e8c2
add: Added protocol attribute in the network socket object 2018-05-08 09:26:24 +02:00
chrisr3d 536f647135
add: Added hostname (src & dst) attributes 2018-05-08 09:03:57 +02:00
Alexandre Dulaunoy 4d47c41f5e
Network socket connection template object added 2018-05-08 07:53:58 +02:00
Alexandre De Oliveira 13ec601820
Update definition.json 
To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack.
 2018-05-04 19:09:54 +02:00
chrisr3d 6faf42cbd2
First version of process object 
- Potentially more attributes to come
 2018-05-04 16:34:35 +02:00
Raphaël Vinot 956e649315 chg: Update email template 2018-05-03 20:49:48 +02:00
chrisr3d 4cdfd7b0a0
fix: RequiredOneOf field 
Sorry, ate too much ananas in my pizza
 2018-05-03 14:28:46 +02:00
chrisr3d 3a78d64644 Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:21:56 +02:00
chrisr3d 554cfe29fe
Added definition 2018-05-03 14:21:36 +02:00
Alexandre Dulaunoy 453fd31797
fix: jq all 2018-05-03 14:18:15 +02:00
chrisr3d d221a5e68e Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:11:39 +02:00
chrisr3d e07f2d5c62
Network connection object 2018-05-03 14:11:14 +02:00
Alexandre Dulaunoy e9e1bdd56c
add: Context where the YARA rule can be applied 2018-05-01 11:21:05 +02:00
Alexandre Dulaunoy 3382e18393
add: new timestamp object 2018-04-30 16:27:17 +02:00
Raphaël Vinot 2da5eabbd0 Merge branch 'master' of github.com:MISP/misp-objects 2018-04-27 14:21:23 +02:00
Raphaël Vinot 1fe1f12026 new: Add EML to the email template 2018-04-27 14:20:39 +02:00
StefanKelm f7b17ab62a
Update definition.json 2018-04-26 16:53:24 +02:00
StefanKelm ef1bcc7067
Allow multiple domains and/or IP addresses per object 2018-04-26 16:50:25 +02:00
Raphaël Vinot 196991c73f fix: Bump email template version 2018-04-26 15:07:12 +02:00
Raphaël Vinot 3d75d48051 chg: [email] add email-body in requiredOneOf 2018-04-26 15:05:19 +02:00
ater49 2991d58b0b Adding ui-priority fields 2018-04-23 11:22:39 +02:00
ater49 df38573a3e Correction for multiple parameter 2018-04-23 11:17:41 +02:00
ater49 24c4a68acd Modifying version number 2018-04-23 11:11:29 +02:00
ater49 da216650d7 dding comment fields in VT report objects 2018-04-23 11:09:43 +02:00
Deborah Servili a3f8b1a0ba regexp object - change version 2018-04-13 10:56:56 +02:00
Deborah Servili 55a5508a76 regexp object - disable correlation on type 2018-04-13 10:54:28 +02:00
chrisr3d 05873aefaf
Course of Action object 2018-04-11 16:48:05 +02:00
Dennis Rand 8744ff50a3 moved object into internal 2018-04-10 16:08:04 +00:00
Dennis Rand c8e7cea45b Added target-system as object 2018-04-10 16:03:05 +00:00
Alexandre Dulaunoy c8e9155a3e
fix: add hostname to ip-port template and make attributes multiple 2018-04-10 14:46:36 +02:00
Alexandre Dulaunoy bd89d1cd01
fix: file path added in file object 2018-04-09 15:56:39 +02:00
Alexandre Dulaunoy 1ff6cbf67a
fix: Feedback from @sheidan 2018-03-28 15:26:35 +02:00
Alexandre Dulaunoy 62e782b589
add: Suricata object added with context 2018-03-28 14:32:53 +02:00
Alexandre Dulaunoy 405d4e6bff
fix: name of the object template was incorrect 2018-03-28 14:31:32 +02:00
Raphaël Vinot 7c9e0420e1 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-27 10:26:21 +02:00
Raphaël Vinot 206da3b100 new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
Alexandre Dulaunoy d87336b5c9
version fixed for X509 object 2018-03-27 08:55:02 +02:00
Sheidan b3c348f4ab x509-add-required-one-of-serial-number 2018-03-26 18:16:29 +02:00
Raphaël Vinot 4708caffb5 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 17:28:03 +02:00
Raphaël Vinot 3d0540a671 chg: disable correlations in fail2ban 2018-03-26 17:27:55 +02:00
Alexandre Dulaunoy 0a0778bb86
add: new yara object added with a version number 2018-03-26 14:26:15 +02:00
Raphaël Vinot 7c2e07a50b fix: wrong attribute name 2018-03-26 12:05:17 +02:00
Raphaël Vinot d51c3712b9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 11:41:12 +02:00
Raphaël Vinot 1f8fd57d69 chg: Fix&update fail2ban def 2018-03-26 11:41:00 +02:00
Alexandre Dulaunoy b0755e3ca8
jq all 2018-03-26 11:37:38 +02:00
Alexandre Dulaunoy aa30a49796
fix: attribute type fixed 2018-03-26 11:28:32 +02:00
Raphaël Vinot 61fd6728d9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 10:54:52 +02:00
Raphaël Vinot 1f8a26fa3e new: Fail2ban object 2018-03-26 10:54:44 +02:00
Alexandre Dulaunoy c92ee2e461
fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
Alexandre Dulaunoy e7e3878042
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00
Alexandre Dulaunoy 982e2d8b75
fix: raw whois is also accepted as single attribute in whois object 
Required for importing STIX CybOX 1.1 object where just a raw whois
entry is added in remarks.
 2018-03-16 13:13:35 +01:00
Alexandre Dulaunoy f7f0a88838
fix: some parts of the URL can be repeated such as resource path, anchor... 
multiple flag added to the potential part to be repeated.

following a discussion in Gitter with @makflwana
 2018-03-15 09:38:53 +01:00
Alexandre Dulaunoy 4ed961f5e6
fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
Alexandre Dulaunoy a93a285132
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00
Sami Mokaddem 73aa339ddd typo: passsword -> password 2018-03-01 16:20:58 +01:00
Alexandre Dulaunoy 1fe3e79a05
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00
Alexandre Dulaunoy bdaee9e1c7
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00
Alexandre Dulaunoy 73a2b41103
fix: jq all the things 2018-02-23 08:25:35 +01:00
zoomequipd 0d31f27efc
correct rbn --> rtn 2018-02-22 16:37:12 -06:00
zoomequipd 8b1aff8135
add aba-rtn to bank-account object 2018-02-22 16:36:19 -06:00
chrisr3d 271c789f97
fix: Fixed somme bank-account fields 2018-02-22 01:18:15 +01:00
chrisr3d 4cccea8828
Fixed the bank-account meta-category 
... which is actually "financial"
 2018-02-20 15:44:02 +01:00
chrisr3d 71fa0f66fa
Added default values of funds code 2018-02-14 14:11:42 +01:00
chrisr3d 0367068f92
Added attributes to describe some origin and target fields of a transaction 2018-02-14 11:33:37 +01:00
chrisr3d 594bf5dcc0
Added attributes for the teller and the authorizer of a transaction 2018-02-13 17:53:37 +01:00
Andras Iklody eef4aab989
Changed http request object template 
require either uri or url, http method is no longer required.
 2018-02-09 09:43:39 +01:00
Alexandre Dulaunoy 3d2091b33c
fix: use new attribute type mime-type instead of text 2018-02-09 07:34:58 +01:00
Alexandre Dulaunoy 1c8a5031f7
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 11:55:19 +01:00
Alexandre Dulaunoy b4d433a845
add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
Alexandre Dulaunoy 64f9c60ae6
Merge pull request #78 from chrisr3d/master 
Transaction Object definition and readme file updated
 2018-02-08 08:06:35 +01:00
Alexandre Dulaunoy 857065e0e8
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 08:05:53 +01:00
Alexandre Dulaunoy 49f78f067d
add: Common Alerting Protocol Version (CAP) info object 2018-02-08 07:45:41 +01:00
chrisr3d 9ad2b50895
Updated description and readme 2018-02-07 17:26:09 +01:00
chrisr3d 416c91fd5d Merge branch 'master' of github.com:MISP/misp-objects 2018-02-07 15:43:40 +01:00
chrisr3d ad8e01d4c5
Transaction object 2018-02-07 15:36:37 +01:00