Alexandre Dulaunoy
e90b1ce457
chg: [ja3] categories removed (default attributes categories will be used)
...
Fix MISP/MISP/issues/3593
2018-08-28 14:30:29 +02:00
Alexandre Dulaunoy
ab58f01666
chg: [geolocation] disable correlation on specific attributes
2018-08-15 18:34:35 +02:00
Alexandre Dulaunoy
487ff53afe
fix: [geolocation] to include accuracy-radius as described by maxmind geoip2 API
2018-08-15 18:26:10 +02:00
Alexandre Dulaunoy
0b164141af
chg: [vehicle] Vehicle object template to describe a vehicle information and registration
2018-08-04 15:39:38 +02:00
Deborah Servili
60010ce556
fix file object version
2018-07-27 15:19:15 +02:00
Deborah Servili
4e23159cb0
fix RequiredOneOf list in fle object
2018-07-27 15:15:47 +02:00
Deborah Servili
c1f5e7342b
url is not a field of email object, then not one of the requiredOneOf
2018-07-26 15:49:44 +02:00
Alexandre Dulaunoy
3aa3247b09
chg: [paste object] add a link attribute when the paste reference is not malicious
2018-07-26 14:06:39 +02:00
Alexandre Dulaunoy
51d8e83b1f
Merge branch 'master' of github.com:MISP/misp-objects
2018-07-20 10:18:33 +02:00
Alexandre Dulaunoy
9a72b53923
chg: allow multiple domains too fix #108
2018-07-20 10:12:09 +02:00
Andras Iklody
5af0d31c49
Allow multiple "pattern-in-file" in file object, fixes #109
2018-07-20 07:03:22 +02:00
kx1499
bf64122d32
Merge remote-tracking branch 'upstream/master'
2018-07-18 15:57:56 -04:00
Alexandre Dulaunoy
6bfa279701
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added
2018-07-18 09:52:31 +02:00
Raphaël Vinot
0244bce6ef
new: threatgrid-report object template
2018-07-16 13:48:56 +02:00
Alexandre Dulaunoy
9918cc393d
chg: [coin-address] ETN symbol added
2018-07-13 17:07:35 +02:00
Alexandre Dulaunoy
88819d6fa3
chg: [exploit-poc] a same context can contains multiple PoC samples
2018-07-10 09:32:12 +02:00
Alexandre Dulaunoy
021b06bacd
new: exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.
2018-07-10 07:41:09 +02:00
Alexandre Dulaunoy
856cec8d09
chg: [vulnerability] is now in its own vulnerability meta-category
2018-07-10 07:38:28 +02:00
Alexandre Dulaunoy
9eb578d747
chg: [vulnerability] updated following NATO and CIRCL feedback
...
- CVSS score added
- CVSS string added
- credit attribute added
- text -> description
- vulnerability attribute can now be any format (not only the CVE
format)
2018-07-10 07:21:36 +02:00
Alexandre Dulaunoy
2b5592cfa6
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format
...
Fix #106
2018-07-09 21:50:44 +02:00
Alexandre Dulaunoy
6c36a1df69
chg: [coin-address] XMR type address added in addition to the default Bitcoin address format
2018-07-04 11:10:50 +02:00
Alexandre Dulaunoy
3b21125acd
add: missing timesketch-timeline object template
2018-06-22 07:44:20 +02:00
Alexandre Dulaunoy
d9a616095a
Chg: jq all the things
2018-06-19 21:11:24 +02:00
AH
7d1e3747d0
STIX AIS Information source
2018-06-18 19:24:31 -04:00
Thirion Aurélien
d2c9ae007a
modify ail-leak object for the tagging system
2018-06-12 11:47:44 +02:00
Alexandre Dulaunoy
b6f12a9f46
chg: new script template object
...
Object describing a computer program written to be run in a special run-time environment. The script or shell
script can be used for malicious activities but also as support tools for threat analysts.
Fix #101
2018-06-09 11:36:58 +02:00
Alexandre Dulaunoy
1ca25a39ad
fix: missing ui-priority
2018-06-09 10:59:01 +02:00
Alexandre Dulaunoy
07f41b0444
chg: EPSG and spacial-reference add fix #102
...
Following feedback during the last ENISA Cyber Europe 2018, we updated
the geolocation object to the following:
- Fixing ui-priority to ensure lat,long in order
- Adding the ability to specify an EPSG value instead of coordinates
(handy if you want to quickly express a known location/area)
- Set a default spacial-reference to avoid confusion between reported
value from GPS versus values projected into a specific spacial
projection. default is WGS-84.
2018-06-09 10:46:12 +02:00
Corsin Camichel
85901f995a
renamed url attributed, versioning date based
2018-06-05 14:39:12 +02:00
Corsin Camichel
69ed89cef0
updated definition, removed some attributes
2018-06-05 14:35:42 +02:00
Corsin Camichel
19f7c90d1a
Shortened link and its redirect target
2018-06-05 11:04:15 +02:00
Alexandre Dulaunoy
d17d11df1a
chg: username of the author added + disable correlation for origin
2018-06-04 19:46:58 +02:00
Alexandre Dulaunoy
fe3a91b8d9
chg: change version of the SS7 template object
2018-05-29 16:07:50 +02:00
chrisr3d
00bf1999fc
Merge branch 'master' of github.com:MISP/misp-objects
2018-05-25 09:13:44 +02:00
chrisr3d
e754719c00
Attribute typo
2018-05-25 09:13:14 +02:00
Alexandre Dulaunoy
52e1316717
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
2018-05-21 10:19:54 +02:00
kx499
b5da300852
Merge remote-tracking branch 'upstream/master'
2018-05-08 14:42:00 -04:00
chrisr3d
b5f352e8c2
add: Added protocol attribute in the network socket object
2018-05-08 09:26:24 +02:00
chrisr3d
536f647135
add: Added hostname (src & dst) attributes
2018-05-08 09:03:57 +02:00
Alexandre Dulaunoy
4d47c41f5e
Network socket connection template object added
2018-05-08 07:53:58 +02:00
Alexandre De Oliveira
13ec601820
Update definition.json
...
To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack.
2018-05-04 19:09:54 +02:00
chrisr3d
6faf42cbd2
First version of process object
...
- Potentially more attributes to come
2018-05-04 16:34:35 +02:00
Raphaël Vinot
956e649315
chg: Update email template
2018-05-03 20:49:48 +02:00
chrisr3d
4cdfd7b0a0
fix: RequiredOneOf field
...
Sorry, ate too much ananas in my pizza
2018-05-03 14:28:46 +02:00
chrisr3d
3a78d64644
Merge branch 'master' of github.com:MISP/misp-objects
2018-05-03 14:21:56 +02:00
chrisr3d
554cfe29fe
Added definition
2018-05-03 14:21:36 +02:00
Alexandre Dulaunoy
453fd31797
fix: jq all
2018-05-03 14:18:15 +02:00
chrisr3d
d221a5e68e
Merge branch 'master' of github.com:MISP/misp-objects
2018-05-03 14:11:39 +02:00
chrisr3d
e07f2d5c62
Network connection object
2018-05-03 14:11:14 +02:00
Alexandre Dulaunoy
e9e1bdd56c
add: Context where the YARA rule can be applied
2018-05-01 11:21:05 +02:00
Alexandre Dulaunoy
3382e18393
add: new timestamp object
2018-04-30 16:27:17 +02:00
Raphaël Vinot
2da5eabbd0
Merge branch 'master' of github.com:MISP/misp-objects
2018-04-27 14:21:23 +02:00
Raphaël Vinot
1fe1f12026
new: Add EML to the email template
2018-04-27 14:20:39 +02:00
StefanKelm
f7b17ab62a
Update definition.json
2018-04-26 16:53:24 +02:00
StefanKelm
ef1bcc7067
Allow multiple domains and/or IP addresses per object
2018-04-26 16:50:25 +02:00
Raphaël Vinot
196991c73f
fix: Bump email template version
2018-04-26 15:07:12 +02:00
Raphaël Vinot
3d75d48051
chg: [email] add email-body in requiredOneOf
2018-04-26 15:05:19 +02:00
ater49
2991d58b0b
Adding ui-priority fields
2018-04-23 11:22:39 +02:00
ater49
df38573a3e
Correction for multiple parameter
2018-04-23 11:17:41 +02:00
ater49
24c4a68acd
Modifying version number
2018-04-23 11:11:29 +02:00
ater49
da216650d7
dding comment fields in VT report objects
2018-04-23 11:09:43 +02:00
Deborah Servili
a3f8b1a0ba
regexp object - change version
2018-04-13 10:56:56 +02:00
Deborah Servili
55a5508a76
regexp object - disable correlation on type
2018-04-13 10:54:28 +02:00
chrisr3d
05873aefaf
Course of Action object
2018-04-11 16:48:05 +02:00
Dennis Rand
8744ff50a3
moved object into internal
2018-04-10 16:08:04 +00:00
Dennis Rand
c8e7cea45b
Added target-system as object
2018-04-10 16:03:05 +00:00
Alexandre Dulaunoy
c8e9155a3e
fix: add hostname to ip-port template and make attributes multiple
2018-04-10 14:46:36 +02:00
Alexandre Dulaunoy
bd89d1cd01
fix: file path added in file object
2018-04-09 15:56:39 +02:00
Alexandre Dulaunoy
1ff6cbf67a
fix: Feedback from @sheidan
2018-03-28 15:26:35 +02:00
Alexandre Dulaunoy
62e782b589
add: Suricata object added with context
2018-03-28 14:32:53 +02:00
Alexandre Dulaunoy
405d4e6bff
fix: name of the object template was incorrect
2018-03-28 14:31:32 +02:00
Raphaël Vinot
7c9e0420e1
Merge branch 'master' of github.com:MISP/misp-objects
2018-03-27 10:26:21 +02:00
Raphaël Vinot
206da3b100
new: Attach logfile to fail2ban
2018-03-27 10:25:54 +02:00
Alexandre Dulaunoy
d87336b5c9
version fixed for X509 object
2018-03-27 08:55:02 +02:00
Sheidan
b3c348f4ab
x509-add-required-one-of-serial-number
2018-03-26 18:16:29 +02:00
Raphaël Vinot
4708caffb5
Merge branch 'master' of github.com:MISP/misp-objects
2018-03-26 17:28:03 +02:00
Raphaël Vinot
3d0540a671
chg: disable correlations in fail2ban
2018-03-26 17:27:55 +02:00
Alexandre Dulaunoy
0a0778bb86
add: new yara object added with a version number
2018-03-26 14:26:15 +02:00
Raphaël Vinot
7c2e07a50b
fix: wrong attribute name
2018-03-26 12:05:17 +02:00
Raphaël Vinot
d51c3712b9
Merge branch 'master' of github.com:MISP/misp-objects
2018-03-26 11:41:12 +02:00
Raphaël Vinot
1f8fd57d69
chg: Fix&update fail2ban def
2018-03-26 11:41:00 +02:00
Alexandre Dulaunoy
b0755e3ca8
jq all
2018-03-26 11:37:38 +02:00
Alexandre Dulaunoy
aa30a49796
fix: attribute type fixed
2018-03-26 11:28:32 +02:00
Raphaël Vinot
61fd6728d9
Merge branch 'master' of github.com:MISP/misp-objects
2018-03-26 10:54:52 +02:00
Raphaël Vinot
1f8a26fa3e
new: Fail2ban object
2018-03-26 10:54:44 +02:00
Alexandre Dulaunoy
c92ee2e461
fix: version field added if stix2-pattern has multiple version in the future
2018-03-19 17:33:45 +01:00
Alexandre Dulaunoy
e7e3878042
fix: whois record object updated to cover both cases: domain or IP address
2018-03-16 13:29:39 +01:00
Alexandre Dulaunoy
982e2d8b75
fix: raw whois is also accepted as single attribute in whois object
...
Required for importing STIX CybOX 1.1 object where just a raw whois
entry is added in remarks.
2018-03-16 13:13:35 +01:00
Alexandre Dulaunoy
f7f0a88838
fix: some parts of the URL can be repeated such as resource path, anchor...
...
multiple flag added to the potential part to be repeated.
following a discussion in Gitter with @makflwana
2018-03-15 09:38:53 +01:00
Alexandre Dulaunoy
4ed961f5e6
fix: disable correlation for compression algorithms
2018-03-01 21:09:04 +01:00
Alexandre Dulaunoy
a93a285132
fix: Cowrie object - SSH attributes added
2018-03-01 21:08:16 +01:00
Sami Mokaddem
73aa339ddd
typo: passsword -> password
2018-03-01 16:20:58 +01:00
Alexandre Dulaunoy
1fe3e79a05
fix: add missing destination and source port
2018-02-28 17:47:02 +01:00
Alexandre Dulaunoy
bdaee9e1c7
add: Cowrie honeypot object template
2018-02-28 17:41:29 +01:00
Alexandre Dulaunoy
73a2b41103
fix: jq all the things
2018-02-23 08:25:35 +01:00
zoomequipd
0d31f27efc
correct rbn --> rtn
2018-02-22 16:37:12 -06:00
zoomequipd
8b1aff8135
add aba-rtn to bank-account object
2018-02-22 16:36:19 -06:00
chrisr3d
271c789f97
fix: Fixed somme bank-account fields
2018-02-22 01:18:15 +01:00
chrisr3d
4cccea8828
Fixed the bank-account meta-category
...
... which is actually "financial"
2018-02-20 15:44:02 +01:00
chrisr3d
71fa0f66fa
Added default values of funds code
2018-02-14 14:11:42 +01:00
chrisr3d
0367068f92
Added attributes to describe some origin and target fields of a transaction
2018-02-14 11:33:37 +01:00
chrisr3d
594bf5dcc0
Added attributes for the teller and the authorizer of a transaction
2018-02-13 17:53:37 +01:00
Andras Iklody
eef4aab989
Changed http request object template
...
require either uri or url, http method is no longer required.
2018-02-09 09:43:39 +01:00
Alexandre Dulaunoy
3d2091b33c
fix: use new attribute type mime-type instead of text
2018-02-09 07:34:58 +01:00
Alexandre Dulaunoy
1c8a5031f7
Merge branch 'master' of github.com:MISP/misp-objects
2018-02-08 11:55:19 +01:00
Alexandre Dulaunoy
b4d433a845
add: Common Alerting Protocol Version (CAP) resource object
2018-02-08 11:53:05 +01:00
Alexandre Dulaunoy
64f9c60ae6
Merge pull request #78 from chrisr3d/master
...
Transaction Object definition and readme file updated
2018-02-08 08:06:35 +01:00
Alexandre Dulaunoy
857065e0e8
Merge branch 'master' of github.com:MISP/misp-objects
2018-02-08 08:05:53 +01:00
Alexandre Dulaunoy
49f78f067d
add: Common Alerting Protocol Version (CAP) info object
2018-02-08 07:45:41 +01:00
chrisr3d
9ad2b50895
Updated description and readme
2018-02-07 17:26:09 +01:00
chrisr3d
416c91fd5d
Merge branch 'master' of github.com:MISP/misp-objects
2018-02-07 15:43:40 +01:00
chrisr3d
ad8e01d4c5
Transaction object
2018-02-07 15:36:37 +01:00
Alexandre Dulaunoy
3161533692
fix: trailing dot removed
2018-02-07 14:54:15 +01:00
Alexandre Dulaunoy
e1258cd2f7
Common Alerting Protocol Version (CAP) alert object
2018-02-07 14:46:09 +01:00
chrisr3d
fd74fac62b
Fixed disable_correlation variable type
2018-02-06 15:36:57 +01:00
chrisr3d
7966c58db9
typo
2018-02-06 15:06:20 +01:00
chrisr3d
d250e62546
Added additional attributes
2018-02-06 14:19:04 +01:00
chrisr3d
573873db3b
First version of the legal-entity object
2018-02-05 17:20:39 +01:00
chrisr3d
b92d92764b
description typo
2018-02-05 16:10:23 +01:00
chrisr3d
c11c4a28ab
chg: Added address and zip code attributes
2018-02-05 14:19:58 +01:00
chrisr3d
f169fbee36
chg: updated name of the new attribute
2018-02-05 14:18:21 +01:00
chrisr3d
b09f0453ab
chg: Added identity card number
2018-02-05 09:26:50 +01:00
Alexandre Dulaunoy
41b0d33ab3
fix: improve ip-port object to add domain instead of IP address
2018-01-31 15:05:55 +01:00
Alexandre Dulaunoy
c57b9b867c
fix: increment version of the MISP email object
2018-01-30 08:59:41 +01:00
David Lord
8d7e3b34a7
Add email-body to the email object definition
2018-01-30 10:12:53 +10:00
Alexandre Dulaunoy
f91929738b
add: an object describing bank account information based on account description from goAML 4.0.
...
A generic bank account partially based on the goAML 4.0 standard.
The bank account alone can convey information regarding the type
of transactions seen or suspected which allow to use the object alone
without the need to describe the full list of transactions.
Additional objects could be created like report, transactions and like
to fully support AML.
The existing person in MISP objects was previously updated to include
the field missing from AML.
A potential evolution is based on the transaction status which can
be described as a simple relationship between MISP objects like:
Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other
2018-01-29 07:42:30 +01:00
Alexandre Dulaunoy
bd508a3455
fix: Passive DNS records especially on the disabled_correlation fields
2018-01-25 15:07:19 +01:00
kx499
9eaf4f15fe
updated employee object to disable correlation on specific fields
2018-01-24 14:16:28 -05:00
Raphaël Vinot
333f9a46e4
fix: Make the schema happy.
2018-01-23 10:46:15 +01:00
Raphaël Vinot
8c178fd837
fix: Make JQ happy.
2018-01-23 10:43:36 +01:00
garanews
0f3b8195f5
sandbox-signature
...
Added object sb-signature
2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy
90e72d5895
fix: person object updated to match AML client record + various fixes
2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy
cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program
2018-01-22 13:34:33 +01:00
kx499
1f061ce2ed
Merge remote-tracking branch 'upstream/master'
2018-01-18 10:49:57 -05:00
Alexandre Dulaunoy
c75015e1a6
fix: registry-key updated
2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy
c04d56d7cd
remove registry hive because registry-key is enough
2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy
94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and
...
value (and associated data if any)
2018-01-18 12:54:01 +01:00
Alexandre De Oliveira
1b42b02c99
Update definition.json
...
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
c-goes
f92eb6e1b7
added sandbox-report object
2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy
735ebf26bc
fix: annotation object
2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy
eafb54fd07
add: An annotation object allowing analysts to add annotations,
...
comments, executive summary to a MISP event, objects or attributes.
2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy
1008428476
fix: add missing attribute type for the state
2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy
71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished
...
security vulnerability
2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy
60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in
...
SS7 logging.
2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy
8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks.
2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy
17373f6130
fix: GTPInterface updated
2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy
93f8c7e9d3
fix: GTP attack - multiple on GTP interface
2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy
60d5767e8b
add: first version of a MISP object to describe GTP attack on
...
GSM/UTMS/3G network.
2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy
7ebda41b4a
fix: disable correlation on fields where is not needed
2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy
b4d30b1419
fix: disable correlation on microblog type (Twitter or alike)
2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy
5cd069acdd
fix: disable correlation on all filename-*
2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy
3aea2f2950
fix: Disable correlation on filename by default
2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy
1460d055a0
add: new stix2-pattern object to include STIX 2 patterning
2017-12-21 16:16:33 +01:00
Christophe Vandeplas
9de7423501
whois - adds nameserver attributes
...
adding nameserver attributes as a whois response contains those
2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy
871b86e35f
fix: Update registry-key to match correct MISP attributes
2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy
cf7aa00f98
chg: whois object now includes registrant-org matching new MISP
...
attributes type - whois-registrant-org
2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy
b85438fc45
Fix: x509 object now uses the new and proper fp type
2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy
de36d3b735
jq all the things!
2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy
75f9af5464
Merge pull request #41 from truckydev/patch-1
...
regex addon
2017-12-12 21:42:13 +01:00
Raphaël Vinot
4a7bb59354
chg: Allow malware-sample as only attribute in file.
2017-12-12 17:16:47 +01:00
c-goes
fbccdfef24
disable correlation for last-seen/first-seen/text
2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy
f5d1742bae
Merge pull request #57 from c-goes/coin-address
...
Coin address object
2017-12-04 16:00:22 +01:00
c-goes
bc01c0c4b8
added coin-address object(2)
2017-12-04 15:43:49 +01:00
c-goes
bb0788e267
added coin-address object
2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy
b4cae64392
Never trust standards using Google docs to store list of machine parsable information.
...
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy
c3f88d6901
State of the file is no more correlated - and default state value is Malicious.
2017-12-04 11:01:56 +01:00
c-goes
3fc7ce2f7d
victim object: changed attributes, added object relations(2)
2017-12-04 10:49:44 +01:00
c-goes
7fadc89ed8
victim object: changed attributes, added object relations
2017-12-04 10:48:01 +01:00
kx499
01df8c715e
Added employee-type
2017-12-03 21:39:23 -05:00
Alexandre Dulaunoy
82f440931c
Disable correlation on classification on the victim object
2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy
a258d79fef
Typo fixed
2017-12-03 11:42:56 +01:00
Alexandre Dulaunoy
e11e95415a
add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE)
2017-12-03 11:36:22 +01:00
Alexandre Dulaunoy
04d38118d1
registar->registrar
2017-12-02 23:08:56 +01:00
kx499
8b8ffaea17
added employee object
2017-11-30 15:53:59 -05:00
Alexandre Dulaunoy
465251bf43
fix: update android permissions based on Google latest list
2017-11-28 15:59:01 +01:00
Alexandre Dulaunoy
2baad824b0
add: first version of an android permission(s) object
2017-11-28 15:24:47 +01:00
Deborah Servili
0051ad8167
ddos v5 - add destination domain attribute
2017-11-23 14:43:04 +01:00
c-goes
39319e1cd6
allow multiple filenames
2017-11-23 09:57:49 +01:00
Alexandre Dulaunoy
59edaa978f
raw data is now an attachment
2017-11-22 20:52:26 +01:00
Alexandre Dulaunoy
b915869ab2
being lax on origin to avoid rebuilding url path for unknown services
2017-11-22 17:08:56 +01:00
Alexandre Dulaunoy
51e873760e
AIL leak template updated to include duplicate of leaks
2017-11-22 16:38:25 +01:00
Alexandre Dulaunoy
dd4e2d1977
fix: MISP type are case-sensitive - fixing AS number type
2017-11-19 10:22:32 +01:00
Alexandre Dulaunoy
b046eb4ba7
fix: AIL leak object to include raw-data
2017-11-15 07:32:49 +01:00
kx499
59a78eef24
dns record and shodan report objects
2017-11-14 15:38:54 -05:00
Alexandre Dulaunoy
1fd5d4f6a7
fix: subnets announced is an ip-src type
2017-11-14 15:02:49 +01:00
Alexandre Dulaunoy
666c7a6916
added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o
...
r alike.
Fix #50
2017-11-13 20:36:16 +01:00
Raphaël Vinot
f9b2bdf22c
chg: Fix logic in URL
...
Fix #21
2017-11-10 15:05:22 -08:00
Raphaël Vinot
805ed85bbe
chg: Disable some correlations by default in URL
...
Fix #47
2017-11-10 15:02:37 -08:00
Raphaël Vinot
dade532c1f
Merge branch 'master' of github.com:MISP/misp-objects
2017-11-10 13:29:03 -08:00
Raphaël Vinot
b4b3e685ea
fix: requiredOneOf list of r2graphity was wrong
...
Fix #20
2017-11-10 13:28:05 -08:00
c-goes
8e47b33787
Added file attribute screenshot to email object
2017-11-09 16:07:54 +01:00
Andras Iklody
6b43b68651
Merge pull request #48 from Delta-Sierra/master
...
allow multiple ips in domain|ip object
2017-11-07 10:08:24 +01:00
Deborah Servili
51f79bceba
allow multiple ips in domain|ip object
2017-11-07 09:34:26 +01:00
Alexandre Dulaunoy
f46343b2e2
Merge pull request #46 from Delta-Sierra/master
...
update ail-leak object
2017-11-06 16:20:25 +01:00
Deborah Servili
d171c73660
update ail-leak object
2017-11-06 14:53:58 +01:00
Alexandre Dulaunoy
2a2b48a162
fix: origin of credential as sane_default
2017-11-02 21:37:53 +01:00
Alexandre Dulaunoy
dab3ad881a
add: credential object ( fix #44 )
2017-11-02 20:41:02 +01:00
Raphaël Vinot
28dfbb50f7
Remove the executable flag from the json files
2017-10-25 12:16:17 -04:00
truckydev
fe594f98ba
regex addon
...
Add field to specify which type correspond to this regex.
2017-10-25 10:39:39 +02:00
Raphaël Vinot
3569c70407
Add report object
2017-10-24 13:04:41 -04:00
Thomas Gardner
6e36c162a4
fixed av-signature merge conflicts with upstream
2017-10-24 10:26:24 -04:00
Thomas Gardner
1c4933c1ce
disabled AV software correlation and re-ran jq-all-the-things
2017-10-24 10:23:46 -04:00
Alexandre Dulaunoy
9410aa99a5
Fix the file object
2017-10-23 20:35:07 +02:00
Alexandre Dulaunoy
0f3261077b
State added to file like signed, harmless...
2017-10-23 20:28:30 +02:00
Raphaël Vinot
b801bc6603
jq all the things
2017-10-23 11:51:05 -04:00
Thomas Gardner
f9204db304
added av-signature and virustotal-report
2017-10-23 10:43:12 -04:00
Alexandre Dulaunoy
a5d2f71fef
Merge pull request #34 from MISP/fix-31-2
...
Fix object name
2017-10-16 15:41:33 +02:00
Raphaël Vinot
9078fa0e73
Fix object name
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:41:22 +02:00
Raphaël Vinot
60a375f85d
Fix object name.
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:40:20 +02:00
Alexandre Dulaunoy
0ab002e94c
Fix typo in the field
2017-10-13 15:08:25 +02:00
Alexandre Dulaunoy
9b55a361ec
Some updates including description of fields
2017-10-13 15:02:04 +02:00
Alexandre Dulaunoy
94b9bc9aee
First version of Netflow object based on proposal from @JanKoDFNCERT
...
Open questions:
- What is a minimal Netflow records? I relax a bit the required fields.
- How does this work with IPFIX (and variable templates)?
- How should we express the TCP flags expressed? (S/SA/SAF)
2017-10-13 14:30:10 +02:00
Alexandre Dulaunoy
2b9ba3ac00
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform)
2017-10-12 22:08:09 +02:00
Alexandre Dulaunoy
deda8abfb1
use url attribute type for link inside a post
2017-10-06 08:22:41 +02:00
Alexandre Dulaunoy
c4bc232be2
Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4
2017-10-06 08:22:00 +02:00
ater49
a13726c138
Update definition.json
...
Link attribute added in case of url present into the post.
Multiple set to true for "username-quoted"
2017-10-04 13:31:25 +02:00
ater49
71860b21e9
New attributes: title
...
In case of paste or post has a title.
Ghostbin.com origin added
2017-10-04 13:24:29 +02:00
Alexandre Dulaunoy
bc7c84ca5a
add: Paste or similar post from a website allowing to share privately or publicly posts.
2017-09-29 14:59:39 +02:00
Alexandre Dulaunoy
f10f361df0
jq all and fix the space ;-)
2017-09-28 22:07:15 +02:00
ater49
4c69154ad3
Attributes username-quoted added
...
Added Attributes: "username-quoted"
Added types: LinkedIn, Reddit, Google+, Instagram
2017-09-28 21:36:27 +02:00
Alexandre Dulaunoy
5a80d5c4d2
add: Microblog post object like a Twitter tweet or a post on a Facebook wall.
2017-09-28 19:32:31 +02:00
Alexandre Dulaunoy
5b66865268
Carbon copy field added
2017-09-27 16:43:21 +02:00
Alexandre Dulaunoy
140b55254a
return-path added in email object
2017-09-25 20:37:02 +02:00
Alexandre Dulaunoy
9d14620739
Victim object added mainly based on the STIX 2.0 victim proposal
2017-09-24 21:21:33 +02:00
Alexandre Dulaunoy
3ecace4d12
First version of the ja3 object based on the proposal from @delbs
2017-09-24 20:10:59 +02:00
Alexandre Dulaunoy
a5c0c4e192
Fixing typo in the credit-card object
2017-09-21 15:35:05 +02:00
Alexandre Dulaunoy
d22ced3b82
whois template fixed
2017-09-18 09:01:57 +02:00
Alexandre Dulaunoy
3e00c3129c
Fix #22
2017-09-18 08:11:25 +02:00
iglocska
10b21c6aac
fix: Fixed typo
2017-09-17 12:46:51 +02:00
iglocska
8662818177
fix: Updated the required_value field with the new name: values_list
2017-09-17 12:43:09 +02:00
iglocska
8643f0dc47
fix: Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481
2017-09-17 12:31:50 +02:00
Alexandre Dulaunoy
777ef97aeb
An object describing a regular expression (regex or regexp).
...
The object can be linked via a relationship to other attributes
or objects to describe how it can be represented as a regular expression.
2017-09-15 21:02:11 +02:00
Alexandre Dulaunoy
d781a0eb05
add: first version of a person object (partially based on the PNR types)
2017-09-14 07:49:50 +02:00
Alexandre Dulaunoy
bc27dc6d42
add: first version of the credit-card object
2017-09-13 21:18:16 +02:00
Alexandre Dulaunoy
0e409294c0
fix: port is used instead of text type
2017-09-13 17:26:59 +02:00
Alexandre Dulaunoy
579e851f5e
port type instead of text
2017-09-13 16:42:15 +02:00
Raphaël Vinot
96db4ae070
Disable some correlations
2017-09-11 16:08:03 +02:00
Alexandre Dulaunoy
50fe0c2993
Updated following Andras feedback
2017-09-06 16:13:35 +02:00
Alexandre Dulaunoy
8814be9527
yabin updated following Andras feedback
2017-09-06 16:13:02 +02:00
Alexandre Dulaunoy
317fd559d6
first version of a yabin object
2017-09-06 16:04:37 +02:00
Alexandre Dulaunoy
60f6c15655
Typo fixed
2017-08-29 22:02:10 +02:00
Raphaël Vinot
0445ebd350
Add descriptions in all the objects
2017-08-29 18:36:46 +02:00
Raphaël Vinot
9a3974f383
Update definitions of binaries
2017-08-29 13:25:58 +02:00
Raphaël Vinot
d34dd5fb60
Allow multiple entries of type flag in the ELFSection object
2017-08-27 17:49:53 +02:00
Alexandre Dulaunoy
66e7397397
phone defintion fixed
2017-08-27 08:30:58 +02:00
Alexandre Dulaunoy
41f3792b49
first version of a mobile phone object
2017-08-27 08:16:58 +02:00
Raphaël Vinot
7c3aaa30c2
Update ELF definitions, add MachO.
2017-08-25 15:52:32 +02:00
Raphaël Vinot
49cd96aa2b
Add mimetype to file object template
2017-08-23 11:01:48 +02:00
Alexandre Dulaunoy
2fd589e151
version updated
2017-08-08 20:39:36 +02:00
truckydev
ea7bdb5bd7
add X509-fingerprint
...
https://github.com/MISP/MISP/pull/2357
2017-08-08 15:11:47 +02:00
Thomas Gardner
8558bef481
added http-request object
2017-08-03 16:11:33 -06:00
Alexandre Dulaunoy
10ca2819a1
Fix: tld type not existing in MISP
2017-08-03 18:27:34 +02:00
Alexandre Dulaunoy
113eb9e5a0
A cookie object has been added.
...
An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
2017-08-03 12:15:26 +02:00
Alexandre Dulaunoy
08e5ebe995
Typo fixed in key-size - Thanks to @StefanKelm
2017-08-03 12:00:00 +02:00
Raphaël Vinot
ca24684e2f
Update required entries for PE objects
2017-07-21 11:33:38 +02:00
Alexandre Dulaunoy
6e88746a67
Improved Tor node object to include support of the new Tor monitoring
2017-07-06 14:57:32 +02:00
Alexandre Dulaunoy
afaf0d0e19
add a comment field
2017-07-05 07:41:07 +02:00
Alexandre Dulaunoy
30976be591
Tor node object template which are part of the Tor network at a time.
2017-07-05 07:33:35 +02:00
Alexandre Dulaunoy
9a1c5511f4
ui-priority
2017-07-03 16:55:14 +02:00
Alexandre Dulaunoy
e8c74fbccc
ui-priority
2017-07-03 16:50:13 +02:00
Alexandre Dulaunoy
ea8885f317
ui-priority
2017-07-03 16:50:00 +02:00
Alexandre Dulaunoy
17e57b4a59
ui-priority
2017-07-03 16:49:43 +02:00
Alexandre Dulaunoy
cb4af3ffce
ui-priority
2017-07-03 16:45:54 +02:00
Alexandre Dulaunoy
d2568c922e
ui-priority
2017-07-03 16:45:41 +02:00
Alexandre Dulaunoy
611c0b8f55
ui-priority
2017-07-03 16:45:25 +02:00
Alexandre Dulaunoy
60ebdfc3e7
ui-priority
2017-07-03 16:44:39 +02:00
Alexandre Dulaunoy
a0a922ee61
ui-priority
2017-07-03 16:44:11 +02:00
Alexandre Dulaunoy
c59ed7394a
ui-priority
2017-07-03 16:43:57 +02:00
Alexandre Dulaunoy
eab13ff63c
ui-priority
2017-07-03 16:43:25 +02:00
Alexandre Dulaunoy
65ec7b18a7
ui-priority
2017-07-03 16:43:12 +02:00
Alexandre Dulaunoy
89858f8f72
ui-priority
2017-07-03 16:42:40 +02:00
Alexandre Dulaunoy
13c7d100d0
ui-priority
2017-07-03 16:42:26 +02:00
Alexandre Dulaunoy
5615f18767
ui-priority
2017-07-03 16:42:07 +02:00
Alexandre Dulaunoy
48b17a11ed
ui-priority
2017-07-03 16:41:53 +02:00
Alexandre Dulaunoy
c0a78b1b25
ui-priority
2017-07-03 16:41:16 +02:00
Alexandre Dulaunoy
7e2214f9e9
ui-priority
2017-07-03 16:40:42 +02:00
Alexandre Dulaunoy
e9859c4746
ui-frequency updated
2017-07-03 12:27:16 +02:00
Alexandre Dulaunoy
4915d6688d
ui-frequency is the one!
2017-07-03 12:26:40 +02:00
Alexandre Dulaunoy
17d4fab43e
ui-priority is now the King!
2017-07-03 12:25:06 +02:00
Alexandre Dulaunoy
fb18a4ec29
ui-priority is now the new frequency
2017-07-03 12:24:21 +02:00
Alexandre Dulaunoy
ce9f50013c
misp-usage-frequency updated
2017-07-03 12:19:04 +02:00
Alexandre Dulaunoy
1f0d512b7d
misp-usage-frequency updated
2017-07-03 12:18:47 +02:00
Alexandre Dulaunoy
86f8ad974a
misp-usage-frequency updated
2017-07-03 12:18:25 +02:00
Alexandre Dulaunoy
405a5451cc
misp-usage-frequency updated
2017-07-03 12:17:46 +02:00
Alexandre Dulaunoy
dc2b6524c1
misp-usage-frequency updated
2017-07-03 12:15:50 +02:00
Alexandre Dulaunoy
edcf0d1a90
misp-usage-frequency updated
2017-07-03 12:14:48 +02:00
Alexandre Dulaunoy
eff1b8ba39
misp-usage-frequency updated
2017-07-03 12:14:13 +02:00
Alexandre Dulaunoy
82bdbbbd4f
misp-usage-frequency updated
2017-07-03 12:13:38 +02:00
Alexandre Dulaunoy
5f0755859e
misp-usage-frequency updated
2017-07-03 12:11:54 +02:00
Alexandre Dulaunoy
a8b1a0a512
misp-usage-frequency updated
2017-07-03 12:09:46 +02:00
Alexandre Dulaunoy
0949bd47ca
misp-usage-frequency updated
2017-07-03 12:08:42 +02:00
Alexandre Dulaunoy
a04174c1c1
misp-usage-frequency updated
2017-07-03 12:06:11 +02:00
Alexandre Dulaunoy
b18eed04ae
misp-usage-frequency
2017-07-03 12:04:56 +02:00
Alexandre Dulaunoy
aed89b835d
misp-usage-frequency -> ui-priority
2017-07-03 12:03:18 +02:00
Alexandre Dulaunoy
45230db220
Fix #14
2017-07-03 11:59:25 +02:00
Andras Iklody
ef05cd5f06
Changed DDOS port attributes to port type
2017-07-03 06:33:53 +02:00
Raphaël Vinot
9186771eb7
Update versions
2017-06-28 11:57:36 +02:00
Raphaël Vinot
16af934386
Enforce meta-category
2017-06-28 11:21:24 +02:00
Alexandre Dulaunoy
c3186cbcb2
Now meta category for ail to misc
2017-06-28 11:11:44 +02:00
Alexandre Dulaunoy
3e19326efa
jq of geolocation object
2017-03-22 07:32:07 +01:00
Alexandre Dulaunoy
ff8e9c0a36
geolocation - an object to describe a geographic location.
2017-03-22 07:30:42 +01:00
Alexandre Dulaunoy
d413434463
jq of ail-leak
2017-03-22 06:55:15 +01:00
Alexandre Dulaunoy
e6fbcf9d53
information leak object as defined by the AIL Analysis Information Leak framework.
2017-03-22 06:54:11 +01:00
Raphaël Vinot
d7a1f85100
Update attributes os r2graphity object
2017-03-21 16:46:41 +01:00
Raphaël Vinot
2f74b709d4
Updade r2graphity definition
2017-03-20 14:30:45 +01:00
Raphaël Vinot
29a66cd4d6
Add initial version of the r2graphity object
2017-03-17 18:42:10 +01:00
Raphaël Vinot
c0d95f58b5
Remove duplicate entries in file object
2017-03-17 18:00:37 +01:00
Raphaël Vinot
2c5208aab2
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-17 17:32:21 +01:00
Raphaël Vinot
2c2c11c9ca
Add and enforce UUID in the object definitions
2017-03-17 17:31:09 +01:00
Alexandre Dulaunoy
6fb4acb9da
jq all
2017-03-16 23:06:36 +01:00
Alexandre Dulaunoy
0da065163a
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-16 23:05:11 +01:00
Raphaël Vinot
c0bd545347
Add malware-sample to file object
2017-03-16 18:18:51 +01:00
Sébastien Larinier
140fcbf251
correct travis
2017-03-15 11:30:54 +01:00
Sébastien Larinier
22f2bb8825
add impfuzzy
2017-03-15 11:19:08 +01:00
Alexandre Dulaunoy
37c1722d3e
disable_correlation added
2017-03-15 07:42:14 +01:00
Raphaël Vinot
15488f0633
Update PE object
2017-03-14 15:57:05 +01:00
Sébastien Larinier
16f41b2b4a
correct travis failed
2017-03-14 10:05:48 +01:00
Sébastien Larinier
fb5ec25000
add type of sections
2017-03-13 18:04:21 +01:00
Sébastien Larinier
681d18f4eb
add attributes
2017-03-13 17:58:56 +01:00
Sébastien Larinier
684d4d0631
delete attribute
2017-03-13 17:32:51 +01:00
Sébastien Larinier
3ec78c72e4
add elf,elf-section and number of sections in a pe, and move pehash in pe
2017-03-13 17:23:42 +01:00
Sébastien Larinier
47725c5742
correct bug on characteristics
2017-03-13 16:37:20 +01:00
Sébastien Larinier
6c1020b98a
correct bug
2017-03-13 16:33:50 +01:00
Sébastien Larinier
2838d5aed4
correct bug
2017-03-13 16:08:27 +01:00
Sébastien Larinier
878d0a30ca
add characteristics and ssdeep to pe-sections
2017-03-13 15:55:29 +01:00
Raphaël Vinot
16c7164816
Merge branch 'master' of github.com:MISP/misp-objects
2017-03-13 14:50:08 +01:00
Raphaël Vinot
b90fd9ddc1
Update file/PE objects
...
* Add sane defaults
* Disable correlation when it doesn't make sense
2017-03-13 14:49:25 +01:00
Alexandre Dulaunoy
6185e68498
JQifized
2017-03-13 08:19:27 +01:00
Alexandre Dulaunoy
8685efd136
url object JQified
2017-03-13 07:45:38 +01:00
Alexandre Dulaunoy
1da88ddb99
url object describes an url along with its normalized field (e.g. using
...
faup parsing library) and its metadata.
2017-03-13 07:45:06 +01:00
Raphaël Vinot
a755d50e92
Update file and pe, add pe-section
2017-03-12 23:06:39 +01:00
Raphaël Vinot
e931bbbd1c
Add PE object
2017-03-09 14:14:36 +01:00
Alexandre Dulaunoy
7e00825715
jq all the things
2017-03-05 16:51:02 +01:00
Alexandre Dulaunoy
18e84ca2c8
required_value for protocol added
2017-03-05 16:41:52 +01:00
Alexandre Dulaunoy
1ec1761307
First proposal of a DDoS object in MISP
2017-03-05 13:01:02 +01:00
Raphaël Vinot
a68e678f50
JQ all the things
2017-02-13 11:18:42 +01:00
Alexandre Dulaunoy
284c4e4084
Merge pull request #1 from mike1703/master
...
email object added
2016-12-12 20:54:03 +01:00
Raphaël Vinot
72ca71a1cc
Update definition.json
2016-12-12 20:10:31 +01:00
Michael Kerscher
30512f69af
registry key object added
2016-12-07 16:39:31 +01:00
Michael Kerscher
1d97cbbd2d
email object added
2016-12-07 16:06:52 +01:00
Alexandre Dulaunoy
497b7b7b7e
First version of the vulnerability object (basic CVE support)
2016-05-27 22:36:18 +02:00
Raphaël Vinot
a493cc59a3
Fix json files (file and whois)
2016-04-11 13:00:04 +02:00
Alexandre Dulaunoy
7bcc98177c
x509 object added
2016-02-16 07:43:17 +01:00
Alexandre Dulaunoy
f3afabc91b
ip-port added.
...
An IP address and a port seen as a tuple (or as a triple) in a specific
time frame.
2016-02-16 07:25:54 +01:00
Alexandre Dulaunoy
7c30ab3977
Passive DNS object added
2016-02-13 18:19:27 +01:00
Alexandre Dulaunoy
2fe9742251
Typo fixed
2016-02-13 18:17:22 +01:00
Alexandre Dulaunoy
10431c3c42
optional text attributes added
2016-02-09 21:46:45 +01:00
Alexandre Dulaunoy
415adea9a7
pattern-in-file added
2016-02-09 21:23:48 +01:00
Alexandre Dulaunoy
8587b1a71b
First version of the file object
2016-02-09 21:04:39 +01:00
Alexandre Dulaunoy
fc5ecd7c69
Whois object added
2016-02-09 16:08:15 +01:00