Commit Graph

656 Commits (1634e6388f521e5dfe43ee356a8a91a73760a2ab)

Author SHA1 Message Date
Alexandre Dulaunoy e90b1ce457
chg: [ja3] categories removed (default attributes categories will be used)
Fix MISP/MISP/issues/3593
2018-08-28 14:30:29 +02:00
Alexandre Dulaunoy ab58f01666
chg: [geolocation] disable correlation on specific attributes 2018-08-15 18:34:35 +02:00
Alexandre Dulaunoy 487ff53afe
fix: [geolocation] to include accuracy-radius as described by maxmind geoip2 API 2018-08-15 18:26:10 +02:00
Alexandre Dulaunoy 0b164141af
chg: [vehicle] Vehicle object template to describe a vehicle information and registration 2018-08-04 15:39:38 +02:00
Deborah Servili 60010ce556
fix file object version 2018-07-27 15:19:15 +02:00
Deborah Servili 4e23159cb0
fix RequiredOneOf list in fle object 2018-07-27 15:15:47 +02:00
Deborah Servili c1f5e7342b
url is not a field of email object, then not one of the requiredOneOf 2018-07-26 15:49:44 +02:00
Alexandre Dulaunoy 3aa3247b09
chg: [paste object] add a link attribute when the paste reference is not malicious 2018-07-26 14:06:39 +02:00
Alexandre Dulaunoy 51d8e83b1f
Merge branch 'master' of github.com:MISP/misp-objects 2018-07-20 10:18:33 +02:00
Alexandre Dulaunoy 9a72b53923
chg: allow multiple domains too fix #108 2018-07-20 10:12:09 +02:00
Andras Iklody 5af0d31c49
Allow multiple "pattern-in-file" in file object, fixes #109 2018-07-20 07:03:22 +02:00
kx1499 bf64122d32 Merge remote-tracking branch 'upstream/master' 2018-07-18 15:57:56 -04:00
Alexandre Dulaunoy 6bfa279701
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added 2018-07-18 09:52:31 +02:00
Raphaël Vinot 0244bce6ef new: threatgrid-report object template 2018-07-16 13:48:56 +02:00
Alexandre Dulaunoy 9918cc393d
chg: [coin-address] ETN symbol added 2018-07-13 17:07:35 +02:00
Alexandre Dulaunoy 88819d6fa3
chg: [exploit-poc] a same context can contains multiple PoC samples 2018-07-10 09:32:12 +02:00
Alexandre Dulaunoy 021b06bacd
new: exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. 2018-07-10 07:41:09 +02:00
Alexandre Dulaunoy 856cec8d09
chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00
Alexandre Dulaunoy 9eb578d747
chg: [vulnerability] updated following NATO and CIRCL feedback
- CVSS score added
- CVSS string added
- credit attribute added
- text -> description
- vulnerability attribute can now be any format (not only the CVE
format)
2018-07-10 07:21:36 +02:00
Alexandre Dulaunoy 2b5592cfa6
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format
Fix #106
2018-07-09 21:50:44 +02:00
Alexandre Dulaunoy 6c36a1df69
chg: [coin-address] XMR type address added in addition to the default Bitcoin address format 2018-07-04 11:10:50 +02:00
Alexandre Dulaunoy 3b21125acd
add: missing timesketch-timeline object template 2018-06-22 07:44:20 +02:00
Alexandre Dulaunoy d9a616095a
Chg: jq all the things 2018-06-19 21:11:24 +02:00
AH 7d1e3747d0 STIX AIS Information source 2018-06-18 19:24:31 -04:00
Thirion Aurélien d2c9ae007a
modify ail-leak object for the tagging system 2018-06-12 11:47:44 +02:00
Alexandre Dulaunoy b6f12a9f46
chg: new script template object
Object describing a computer program written to be run in a special run-time environment. The script or shell
script can be used for malicious activities but also as support tools for threat analysts.

Fix #101
2018-06-09 11:36:58 +02:00
Alexandre Dulaunoy 1ca25a39ad
fix: missing ui-priority 2018-06-09 10:59:01 +02:00
Alexandre Dulaunoy 07f41b0444
chg: EPSG and spacial-reference add fix #102
Following feedback during the last ENISA Cyber Europe 2018, we updated
the geolocation object to the following:

 - Fixing ui-priority to ensure lat,long in order
 - Adding the ability to specify an EPSG value instead of coordinates
 (handy if you want to quickly express a known location/area)
 - Set a default spacial-reference to avoid confusion between reported
 value from GPS versus values projected into a specific spacial
 projection. default is WGS-84.
2018-06-09 10:46:12 +02:00
Corsin Camichel 85901f995a
renamed url attributed, versioning date based 2018-06-05 14:39:12 +02:00
Corsin Camichel 69ed89cef0
updated definition, removed some attributes 2018-06-05 14:35:42 +02:00
Corsin Camichel 19f7c90d1a
Shortened link and its redirect target 2018-06-05 11:04:15 +02:00
Alexandre Dulaunoy d17d11df1a
chg: username of the author added + disable correlation for origin 2018-06-04 19:46:58 +02:00
Alexandre Dulaunoy fe3a91b8d9
chg: change version of the SS7 template object 2018-05-29 16:07:50 +02:00
chrisr3d 00bf1999fc Merge branch 'master' of github.com:MISP/misp-objects 2018-05-25 09:13:44 +02:00
chrisr3d e754719c00
Attribute typo 2018-05-25 09:13:14 +02:00
Alexandre Dulaunoy 52e1316717
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. 2018-05-21 10:19:54 +02:00
kx499 b5da300852 Merge remote-tracking branch 'upstream/master' 2018-05-08 14:42:00 -04:00
chrisr3d b5f352e8c2
add: Added protocol attribute in the network socket object 2018-05-08 09:26:24 +02:00
chrisr3d 536f647135
add: Added hostname (src & dst) attributes 2018-05-08 09:03:57 +02:00
Alexandre Dulaunoy 4d47c41f5e
Network socket connection template object added 2018-05-08 07:53:58 +02:00
Alexandre De Oliveira 13ec601820
Update definition.json
To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack.
2018-05-04 19:09:54 +02:00
chrisr3d 6faf42cbd2
First version of process object
- Potentially more attributes to come
2018-05-04 16:34:35 +02:00
Raphaël Vinot 956e649315 chg: Update email template 2018-05-03 20:49:48 +02:00
chrisr3d 4cdfd7b0a0
fix: RequiredOneOf field
Sorry, ate too much ananas in my pizza
2018-05-03 14:28:46 +02:00
chrisr3d 3a78d64644 Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:21:56 +02:00
chrisr3d 554cfe29fe
Added definition 2018-05-03 14:21:36 +02:00
Alexandre Dulaunoy 453fd31797
fix: jq all 2018-05-03 14:18:15 +02:00
chrisr3d d221a5e68e Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:11:39 +02:00
chrisr3d e07f2d5c62
Network connection object 2018-05-03 14:11:14 +02:00
Alexandre Dulaunoy e9e1bdd56c
add: Context where the YARA rule can be applied 2018-05-01 11:21:05 +02:00
Alexandre Dulaunoy 3382e18393
add: new timestamp object 2018-04-30 16:27:17 +02:00
Raphaël Vinot 2da5eabbd0 Merge branch 'master' of github.com:MISP/misp-objects 2018-04-27 14:21:23 +02:00
Raphaël Vinot 1fe1f12026 new: Add EML to the email template 2018-04-27 14:20:39 +02:00
StefanKelm f7b17ab62a
Update definition.json 2018-04-26 16:53:24 +02:00
StefanKelm ef1bcc7067
Allow multiple domains and/or IP addresses per object 2018-04-26 16:50:25 +02:00
Raphaël Vinot 196991c73f fix: Bump email template version 2018-04-26 15:07:12 +02:00
Raphaël Vinot 3d75d48051 chg: [email] add email-body in requiredOneOf 2018-04-26 15:05:19 +02:00
ater49 2991d58b0b Adding ui-priority fields 2018-04-23 11:22:39 +02:00
ater49 df38573a3e Correction for multiple parameter 2018-04-23 11:17:41 +02:00
ater49 24c4a68acd Modifying version number 2018-04-23 11:11:29 +02:00
ater49 da216650d7 dding comment fields in VT report objects 2018-04-23 11:09:43 +02:00
Deborah Servili a3f8b1a0ba regexp object - change version 2018-04-13 10:56:56 +02:00
Deborah Servili 55a5508a76 regexp object - disable correlation on type 2018-04-13 10:54:28 +02:00
chrisr3d 05873aefaf
Course of Action object 2018-04-11 16:48:05 +02:00
Dennis Rand 8744ff50a3 moved object into internal 2018-04-10 16:08:04 +00:00
Dennis Rand c8e7cea45b Added target-system as object 2018-04-10 16:03:05 +00:00
Alexandre Dulaunoy c8e9155a3e
fix: add hostname to ip-port template and make attributes multiple 2018-04-10 14:46:36 +02:00
Alexandre Dulaunoy bd89d1cd01
fix: file path added in file object 2018-04-09 15:56:39 +02:00
Alexandre Dulaunoy 1ff6cbf67a
fix: Feedback from @sheidan 2018-03-28 15:26:35 +02:00
Alexandre Dulaunoy 62e782b589
add: Suricata object added with context 2018-03-28 14:32:53 +02:00
Alexandre Dulaunoy 405d4e6bff
fix: name of the object template was incorrect 2018-03-28 14:31:32 +02:00
Raphaël Vinot 7c9e0420e1 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-27 10:26:21 +02:00
Raphaël Vinot 206da3b100 new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
Alexandre Dulaunoy d87336b5c9
version fixed for X509 object 2018-03-27 08:55:02 +02:00
Sheidan b3c348f4ab x509-add-required-one-of-serial-number 2018-03-26 18:16:29 +02:00
Raphaël Vinot 4708caffb5 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 17:28:03 +02:00
Raphaël Vinot 3d0540a671 chg: disable correlations in fail2ban 2018-03-26 17:27:55 +02:00
Alexandre Dulaunoy 0a0778bb86
add: new yara object added with a version number 2018-03-26 14:26:15 +02:00
Raphaël Vinot 7c2e07a50b fix: wrong attribute name 2018-03-26 12:05:17 +02:00
Raphaël Vinot d51c3712b9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 11:41:12 +02:00
Raphaël Vinot 1f8fd57d69 chg: Fix&update fail2ban def 2018-03-26 11:41:00 +02:00
Alexandre Dulaunoy b0755e3ca8
jq all 2018-03-26 11:37:38 +02:00
Alexandre Dulaunoy aa30a49796
fix: attribute type fixed 2018-03-26 11:28:32 +02:00
Raphaël Vinot 61fd6728d9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 10:54:52 +02:00
Raphaël Vinot 1f8a26fa3e new: Fail2ban object 2018-03-26 10:54:44 +02:00
Alexandre Dulaunoy c92ee2e461
fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
Alexandre Dulaunoy e7e3878042
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00
Alexandre Dulaunoy 982e2d8b75
fix: raw whois is also accepted as single attribute in whois object
Required for importing STIX CybOX 1.1 object where just a raw whois
entry is added in remarks.
2018-03-16 13:13:35 +01:00
Alexandre Dulaunoy f7f0a88838
fix: some parts of the URL can be repeated such as resource path, anchor...
multiple flag added to the potential part to be repeated.

following a discussion in Gitter with @makflwana
2018-03-15 09:38:53 +01:00
Alexandre Dulaunoy 4ed961f5e6
fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
Alexandre Dulaunoy a93a285132
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00
Sami Mokaddem 73aa339ddd typo: passsword -> password 2018-03-01 16:20:58 +01:00
Alexandre Dulaunoy 1fe3e79a05
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00
Alexandre Dulaunoy bdaee9e1c7
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00
Alexandre Dulaunoy 73a2b41103
fix: jq all the things 2018-02-23 08:25:35 +01:00
zoomequipd 0d31f27efc
correct rbn --> rtn 2018-02-22 16:37:12 -06:00
zoomequipd 8b1aff8135
add aba-rtn to bank-account object 2018-02-22 16:36:19 -06:00
chrisr3d 271c789f97
fix: Fixed somme bank-account fields 2018-02-22 01:18:15 +01:00
chrisr3d 4cccea8828
Fixed the bank-account meta-category
... which is actually "financial"
2018-02-20 15:44:02 +01:00
chrisr3d 71fa0f66fa
Added default values of funds code 2018-02-14 14:11:42 +01:00
chrisr3d 0367068f92
Added attributes to describe some origin and target fields of a transaction 2018-02-14 11:33:37 +01:00
chrisr3d 594bf5dcc0
Added attributes for the teller and the authorizer of a transaction 2018-02-13 17:53:37 +01:00
Andras Iklody eef4aab989
Changed http request object template
require either uri or url, http method is no longer required.
2018-02-09 09:43:39 +01:00
Alexandre Dulaunoy 3d2091b33c
fix: use new attribute type mime-type instead of text 2018-02-09 07:34:58 +01:00
Alexandre Dulaunoy 1c8a5031f7
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 11:55:19 +01:00
Alexandre Dulaunoy b4d433a845
add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
Alexandre Dulaunoy 64f9c60ae6
Merge pull request #78 from chrisr3d/master
Transaction Object definition and readme file updated
2018-02-08 08:06:35 +01:00
Alexandre Dulaunoy 857065e0e8
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 08:05:53 +01:00
Alexandre Dulaunoy 49f78f067d
add: Common Alerting Protocol Version (CAP) info object 2018-02-08 07:45:41 +01:00
chrisr3d 9ad2b50895
Updated description and readme 2018-02-07 17:26:09 +01:00
chrisr3d 416c91fd5d Merge branch 'master' of github.com:MISP/misp-objects 2018-02-07 15:43:40 +01:00
chrisr3d ad8e01d4c5
Transaction object 2018-02-07 15:36:37 +01:00
Alexandre Dulaunoy 3161533692
fix: trailing dot removed 2018-02-07 14:54:15 +01:00
Alexandre Dulaunoy e1258cd2f7
Common Alerting Protocol Version (CAP) alert object 2018-02-07 14:46:09 +01:00
chrisr3d fd74fac62b
Fixed disable_correlation variable type 2018-02-06 15:36:57 +01:00
chrisr3d 7966c58db9
typo 2018-02-06 15:06:20 +01:00
chrisr3d d250e62546
Added additional attributes 2018-02-06 14:19:04 +01:00
chrisr3d 573873db3b
First version of the legal-entity object 2018-02-05 17:20:39 +01:00
chrisr3d b92d92764b
description typo 2018-02-05 16:10:23 +01:00
chrisr3d c11c4a28ab
chg: Added address and zip code attributes 2018-02-05 14:19:58 +01:00
chrisr3d f169fbee36
chg: updated name of the new attribute 2018-02-05 14:18:21 +01:00
chrisr3d b09f0453ab
chg: Added identity card number 2018-02-05 09:26:50 +01:00
Alexandre Dulaunoy 41b0d33ab3
fix: improve ip-port object to add domain instead of IP address 2018-01-31 15:05:55 +01:00
Alexandre Dulaunoy c57b9b867c
fix: increment version of the MISP email object 2018-01-30 08:59:41 +01:00
David Lord 8d7e3b34a7
Add email-body to the email object definition 2018-01-30 10:12:53 +10:00
Alexandre Dulaunoy f91929738b
add: an object describing bank account information based on account description from goAML 4.0.
A generic bank account partially based on the goAML 4.0 standard.
The bank account alone can convey information regarding the type
of transactions seen or suspected which allow to use the object alone
without the need to describe the full list of transactions.

Additional objects could be created like report, transactions and like
to fully support AML.

The existing person in MISP objects was previously updated to include
the field missing from AML.

A potential evolution is based on the transaction status which can
be described as a simple relationship between MISP objects like:

Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other
2018-01-29 07:42:30 +01:00
Alexandre Dulaunoy bd508a3455
fix: Passive DNS records especially on the disabled_correlation fields 2018-01-25 15:07:19 +01:00
kx499 9eaf4f15fe updated employee object to disable correlation on specific fields 2018-01-24 14:16:28 -05:00
Raphaël Vinot 333f9a46e4 fix: Make the schema happy. 2018-01-23 10:46:15 +01:00
Raphaël Vinot 8c178fd837 fix: Make JQ happy. 2018-01-23 10:43:36 +01:00
garanews 0f3b8195f5 sandbox-signature
Added object sb-signature
2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy 90e72d5895
fix: person object updated to match AML client record + various fixes 2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program 2018-01-22 13:34:33 +01:00
kx499 1f061ce2ed Merge remote-tracking branch 'upstream/master' 2018-01-18 10:49:57 -05:00
Alexandre Dulaunoy c75015e1a6
fix: registry-key updated 2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy c04d56d7cd
remove registry hive because registry-key is enough 2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy 94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and
value (and associated data if any)
2018-01-18 12:54:01 +01:00
Alexandre De Oliveira 1b42b02c99
Update definition.json
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
c-goes f92eb6e1b7 added sandbox-report object 2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy 735ebf26bc
fix: annotation object 2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy eafb54fd07
add: An annotation object allowing analysts to add annotations,
comments, executive summary to a MISP event, objects or attributes.
2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy 1008428476
fix: add missing attribute type for the state 2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy 71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished
security vulnerability
2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy 60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in
SS7 logging.
2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy 8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks. 2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy 17373f6130
fix: GTPInterface updated 2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy 93f8c7e9d3
fix: GTP attack - multiple on GTP interface 2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy 60d5767e8b
add: first version of a MISP object to describe GTP attack on
GSM/UTMS/3G network.
2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy 7ebda41b4a
fix: disable correlation on fields where is not needed 2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy b4d30b1419
fix: disable correlation on microblog type (Twitter or alike) 2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy 5cd069acdd
fix: disable correlation on all filename-* 2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy 3aea2f2950
fix: Disable correlation on filename by default 2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy 1460d055a0
add: new stix2-pattern object to include STIX 2 patterning 2017-12-21 16:16:33 +01:00
Christophe Vandeplas 9de7423501 whois - adds nameserver attributes
adding nameserver attributes as a whois response contains those
2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy 871b86e35f
fix: Update registry-key to match correct MISP attributes 2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy cf7aa00f98
chg: whois object now includes registrant-org matching new MISP
attributes type - whois-registrant-org
2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy b85438fc45
Fix: x509 object now uses the new and proper fp type 2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy de36d3b735
jq all the things! 2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy 75f9af5464
Merge pull request #41 from truckydev/patch-1
regex addon
2017-12-12 21:42:13 +01:00
Raphaël Vinot 4a7bb59354 chg: Allow malware-sample as only attribute in file. 2017-12-12 17:16:47 +01:00
c-goes fbccdfef24 disable correlation for last-seen/first-seen/text 2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy f5d1742bae
Merge pull request #57 from c-goes/coin-address
Coin address object
2017-12-04 16:00:22 +01:00
c-goes bc01c0c4b8 added coin-address object(2) 2017-12-04 15:43:49 +01:00
c-goes bb0788e267 added coin-address object 2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy b4cae64392
Never trust standards using Google docs to store list of machine parsable information.
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy c3f88d6901
State of the file is no more correlated - and default state value is Malicious. 2017-12-04 11:01:56 +01:00
c-goes 3fc7ce2f7d victim object: changed attributes, added object relations(2) 2017-12-04 10:49:44 +01:00
c-goes 7fadc89ed8 victim object: changed attributes, added object relations 2017-12-04 10:48:01 +01:00
kx499 01df8c715e Added employee-type 2017-12-03 21:39:23 -05:00
Alexandre Dulaunoy 82f440931c
Disable correlation on classification on the victim object 2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy a258d79fef
Typo fixed 2017-12-03 11:42:56 +01:00
Alexandre Dulaunoy e11e95415a
add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE) 2017-12-03 11:36:22 +01:00
Alexandre Dulaunoy 04d38118d1
registar->registrar 2017-12-02 23:08:56 +01:00
kx499 8b8ffaea17 added employee object 2017-11-30 15:53:59 -05:00
Alexandre Dulaunoy 465251bf43
fix: update android permissions based on Google latest list 2017-11-28 15:59:01 +01:00
Alexandre Dulaunoy 2baad824b0
add: first version of an android permission(s) object 2017-11-28 15:24:47 +01:00
Deborah Servili 0051ad8167 ddos v5 - add destination domain attribute 2017-11-23 14:43:04 +01:00
c-goes 39319e1cd6 allow multiple filenames 2017-11-23 09:57:49 +01:00
Alexandre Dulaunoy 59edaa978f
raw data is now an attachment 2017-11-22 20:52:26 +01:00
Alexandre Dulaunoy b915869ab2
being lax on origin to avoid rebuilding url path for unknown services 2017-11-22 17:08:56 +01:00
Alexandre Dulaunoy 51e873760e
AIL leak template updated to include duplicate of leaks 2017-11-22 16:38:25 +01:00
Alexandre Dulaunoy dd4e2d1977
fix: MISP type are case-sensitive - fixing AS number type 2017-11-19 10:22:32 +01:00
Alexandre Dulaunoy b046eb4ba7
fix: AIL leak object to include raw-data 2017-11-15 07:32:49 +01:00
kx499 59a78eef24 dns record and shodan report objects 2017-11-14 15:38:54 -05:00
Alexandre Dulaunoy 1fd5d4f6a7
fix: subnets announced is an ip-src type 2017-11-14 15:02:49 +01:00
Alexandre Dulaunoy 666c7a6916
added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o
r alike.

Fix #50
2017-11-13 20:36:16 +01:00
Raphaël Vinot f9b2bdf22c chg: Fix logic in URL
Fix #21
2017-11-10 15:05:22 -08:00
Raphaël Vinot 805ed85bbe chg: Disable some correlations by default in URL
Fix #47
2017-11-10 15:02:37 -08:00
Raphaël Vinot dade532c1f Merge branch 'master' of github.com:MISP/misp-objects 2017-11-10 13:29:03 -08:00
Raphaël Vinot b4b3e685ea fix: requiredOneOf list of r2graphity was wrong
Fix #20
2017-11-10 13:28:05 -08:00
c-goes 8e47b33787 Added file attribute screenshot to email object 2017-11-09 16:07:54 +01:00
Andras Iklody 6b43b68651
Merge pull request #48 from Delta-Sierra/master
allow multiple ips in domain|ip object
2017-11-07 10:08:24 +01:00
Deborah Servili 51f79bceba allow multiple ips in domain|ip object 2017-11-07 09:34:26 +01:00
Alexandre Dulaunoy f46343b2e2
Merge pull request #46 from Delta-Sierra/master
update ail-leak object
2017-11-06 16:20:25 +01:00
Deborah Servili d171c73660 update ail-leak object 2017-11-06 14:53:58 +01:00
Alexandre Dulaunoy 2a2b48a162
fix: origin of credential as sane_default 2017-11-02 21:37:53 +01:00
Alexandre Dulaunoy dab3ad881a
add: credential object (fix #44) 2017-11-02 20:41:02 +01:00
Raphaël Vinot 28dfbb50f7 Remove the executable flag from the json files 2017-10-25 12:16:17 -04:00
truckydev fe594f98ba regex addon
Add field to specify which type correspond to this regex.
2017-10-25 10:39:39 +02:00
Raphaël Vinot 3569c70407 Add report object 2017-10-24 13:04:41 -04:00
Thomas Gardner 6e36c162a4 fixed av-signature merge conflicts with upstream 2017-10-24 10:26:24 -04:00
Thomas Gardner 1c4933c1ce disabled AV software correlation and re-ran jq-all-the-things 2017-10-24 10:23:46 -04:00
Alexandre Dulaunoy 9410aa99a5
Fix the file object 2017-10-23 20:35:07 +02:00
Alexandre Dulaunoy 0f3261077b
State added to file like signed, harmless... 2017-10-23 20:28:30 +02:00
Raphaël Vinot b801bc6603 jq all the things 2017-10-23 11:51:05 -04:00
Thomas Gardner f9204db304 added av-signature and virustotal-report 2017-10-23 10:43:12 -04:00
Alexandre Dulaunoy a5d2f71fef Merge pull request #34 from MISP/fix-31-2
Fix object name
2017-10-16 15:41:33 +02:00
Raphaël Vinot 9078fa0e73 Fix object name
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:41:22 +02:00
Raphaël Vinot 60a375f85d Fix object name.
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:40:20 +02:00
Alexandre Dulaunoy 0ab002e94c
Fix typo in the field 2017-10-13 15:08:25 +02:00
Alexandre Dulaunoy 9b55a361ec
Some updates including description of fields 2017-10-13 15:02:04 +02:00
Alexandre Dulaunoy 94b9bc9aee
First version of Netflow object based on proposal from @JanKoDFNCERT
Open questions:

  - What is a minimal Netflow records? I relax a bit the required fields.
  - How does this work with IPFIX (and variable templates)?
  - How should we express the TCP flags expressed? (S/SA/SAF)
2017-10-13 14:30:10 +02:00
Alexandre Dulaunoy 2b9ba3ac00
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform) 2017-10-12 22:08:09 +02:00
Alexandre Dulaunoy deda8abfb1
use url attribute type for link inside a post 2017-10-06 08:22:41 +02:00
Alexandre Dulaunoy c4bc232be2
Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4 2017-10-06 08:22:00 +02:00
ater49 a13726c138 Update definition.json
Link attribute added in case of url present into the post.

Multiple set to true for "username-quoted"
2017-10-04 13:31:25 +02:00
ater49 71860b21e9 New attributes: title
In case of paste or post has a title.

Ghostbin.com origin added
2017-10-04 13:24:29 +02:00
Alexandre Dulaunoy bc7c84ca5a
add: Paste or similar post from a website allowing to share privately or publicly posts. 2017-09-29 14:59:39 +02:00
Alexandre Dulaunoy f10f361df0
jq all and fix the space ;-) 2017-09-28 22:07:15 +02:00
ater49 4c69154ad3 Attributes username-quoted added
Added Attributes: "username-quoted"
Added types: LinkedIn, Reddit, Google+, Instagram
2017-09-28 21:36:27 +02:00
Alexandre Dulaunoy 5a80d5c4d2
add: Microblog post object like a Twitter tweet or a post on a Facebook wall. 2017-09-28 19:32:31 +02:00
Alexandre Dulaunoy 5b66865268
Carbon copy field added 2017-09-27 16:43:21 +02:00
Alexandre Dulaunoy 140b55254a
return-path added in email object 2017-09-25 20:37:02 +02:00
Alexandre Dulaunoy 9d14620739
Victim object added mainly based on the STIX 2.0 victim proposal 2017-09-24 21:21:33 +02:00
Alexandre Dulaunoy 3ecace4d12
First version of the ja3 object based on the proposal from @delbs 2017-09-24 20:10:59 +02:00
Alexandre Dulaunoy a5c0c4e192
Fixing typo in the credit-card object 2017-09-21 15:35:05 +02:00
Alexandre Dulaunoy d22ced3b82
whois template fixed 2017-09-18 09:01:57 +02:00
Alexandre Dulaunoy 3e00c3129c
Fix #22 2017-09-18 08:11:25 +02:00
iglocska 10b21c6aac fix: Fixed typo 2017-09-17 12:46:51 +02:00
iglocska 8662818177 fix: Updated the required_value field with the new name: values_list 2017-09-17 12:43:09 +02:00
iglocska 8643f0dc47 fix: Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481 2017-09-17 12:31:50 +02:00
Alexandre Dulaunoy 777ef97aeb
An object describing a regular expression (regex or regexp).
The object can be linked via a relationship to other attributes
or objects to describe how it can be represented as a regular expression.
2017-09-15 21:02:11 +02:00
Alexandre Dulaunoy d781a0eb05
add: first version of a person object (partially based on the PNR types) 2017-09-14 07:49:50 +02:00
Alexandre Dulaunoy bc27dc6d42
add: first version of the credit-card object 2017-09-13 21:18:16 +02:00
Alexandre Dulaunoy 0e409294c0
fix: port is used instead of text type 2017-09-13 17:26:59 +02:00
Alexandre Dulaunoy 579e851f5e
port type instead of text 2017-09-13 16:42:15 +02:00
Raphaël Vinot 96db4ae070 Disable some correlations 2017-09-11 16:08:03 +02:00
Alexandre Dulaunoy 50fe0c2993 Updated following Andras feedback 2017-09-06 16:13:35 +02:00
Alexandre Dulaunoy 8814be9527 yabin updated following Andras feedback 2017-09-06 16:13:02 +02:00
Alexandre Dulaunoy 317fd559d6 first version of a yabin object 2017-09-06 16:04:37 +02:00
Alexandre Dulaunoy 60f6c15655
Typo fixed 2017-08-29 22:02:10 +02:00
Raphaël Vinot 0445ebd350 Add descriptions in all the objects 2017-08-29 18:36:46 +02:00
Raphaël Vinot 9a3974f383 Update definitions of binaries 2017-08-29 13:25:58 +02:00
Raphaël Vinot d34dd5fb60 Allow multiple entries of type flag in the ELFSection object 2017-08-27 17:49:53 +02:00
Alexandre Dulaunoy 66e7397397
phone defintion fixed 2017-08-27 08:30:58 +02:00
Alexandre Dulaunoy 41f3792b49
first version of a mobile phone object 2017-08-27 08:16:58 +02:00
Raphaël Vinot 7c3aaa30c2 Update ELF definitions, add MachO. 2017-08-25 15:52:32 +02:00
Raphaël Vinot 49cd96aa2b Add mimetype to file object template 2017-08-23 11:01:48 +02:00
Alexandre Dulaunoy 2fd589e151
version updated 2017-08-08 20:39:36 +02:00
truckydev ea7bdb5bd7 add X509-fingerprint
https://github.com/MISP/MISP/pull/2357
2017-08-08 15:11:47 +02:00
Thomas Gardner 8558bef481 added http-request object 2017-08-03 16:11:33 -06:00
Alexandre Dulaunoy 10ca2819a1
Fix: tld type not existing in MISP 2017-08-03 18:27:34 +02:00
Alexandre Dulaunoy 113eb9e5a0
A cookie object has been added.
An HTTP cookie (web cookie, browser cookie) is a small piece of data
that a server sends to the user's web browser. The object includes
type which can help to describe the malicious use-case of the cookie.
2017-08-03 12:15:26 +02:00
Alexandre Dulaunoy 08e5ebe995
Typo fixed in key-size - Thanks to @StefanKelm 2017-08-03 12:00:00 +02:00
Raphaël Vinot ca24684e2f Update required entries for PE objects 2017-07-21 11:33:38 +02:00
Alexandre Dulaunoy 6e88746a67 Improved Tor node object to include support of the new Tor monitoring 2017-07-06 14:57:32 +02:00
Alexandre Dulaunoy afaf0d0e19 add a comment field 2017-07-05 07:41:07 +02:00
Alexandre Dulaunoy 30976be591 Tor node object template which are part of the Tor network at a time. 2017-07-05 07:33:35 +02:00
Alexandre Dulaunoy 9a1c5511f4 ui-priority 2017-07-03 16:55:14 +02:00
Alexandre Dulaunoy e8c74fbccc ui-priority 2017-07-03 16:50:13 +02:00
Alexandre Dulaunoy ea8885f317 ui-priority 2017-07-03 16:50:00 +02:00
Alexandre Dulaunoy 17e57b4a59 ui-priority 2017-07-03 16:49:43 +02:00
Alexandre Dulaunoy cb4af3ffce ui-priority 2017-07-03 16:45:54 +02:00
Alexandre Dulaunoy d2568c922e ui-priority 2017-07-03 16:45:41 +02:00
Alexandre Dulaunoy 611c0b8f55 ui-priority 2017-07-03 16:45:25 +02:00
Alexandre Dulaunoy 60ebdfc3e7 ui-priority 2017-07-03 16:44:39 +02:00
Alexandre Dulaunoy a0a922ee61 ui-priority 2017-07-03 16:44:11 +02:00
Alexandre Dulaunoy c59ed7394a ui-priority 2017-07-03 16:43:57 +02:00
Alexandre Dulaunoy eab13ff63c ui-priority 2017-07-03 16:43:25 +02:00
Alexandre Dulaunoy 65ec7b18a7 ui-priority 2017-07-03 16:43:12 +02:00
Alexandre Dulaunoy 89858f8f72 ui-priority 2017-07-03 16:42:40 +02:00
Alexandre Dulaunoy 13c7d100d0 ui-priority 2017-07-03 16:42:26 +02:00
Alexandre Dulaunoy 5615f18767 ui-priority 2017-07-03 16:42:07 +02:00
Alexandre Dulaunoy 48b17a11ed ui-priority 2017-07-03 16:41:53 +02:00
Alexandre Dulaunoy c0a78b1b25 ui-priority 2017-07-03 16:41:16 +02:00
Alexandre Dulaunoy 7e2214f9e9 ui-priority 2017-07-03 16:40:42 +02:00
Alexandre Dulaunoy e9859c4746 ui-frequency updated 2017-07-03 12:27:16 +02:00
Alexandre Dulaunoy 4915d6688d ui-frequency is the one! 2017-07-03 12:26:40 +02:00
Alexandre Dulaunoy 17d4fab43e ui-priority is now the King! 2017-07-03 12:25:06 +02:00
Alexandre Dulaunoy fb18a4ec29 ui-priority is now the new frequency 2017-07-03 12:24:21 +02:00
Alexandre Dulaunoy ce9f50013c misp-usage-frequency updated 2017-07-03 12:19:04 +02:00
Alexandre Dulaunoy 1f0d512b7d misp-usage-frequency updated 2017-07-03 12:18:47 +02:00
Alexandre Dulaunoy 86f8ad974a misp-usage-frequency updated 2017-07-03 12:18:25 +02:00
Alexandre Dulaunoy 405a5451cc misp-usage-frequency updated 2017-07-03 12:17:46 +02:00
Alexandre Dulaunoy dc2b6524c1 misp-usage-frequency updated 2017-07-03 12:15:50 +02:00
Alexandre Dulaunoy edcf0d1a90 misp-usage-frequency updated 2017-07-03 12:14:48 +02:00
Alexandre Dulaunoy eff1b8ba39 misp-usage-frequency updated 2017-07-03 12:14:13 +02:00
Alexandre Dulaunoy 82bdbbbd4f misp-usage-frequency updated 2017-07-03 12:13:38 +02:00
Alexandre Dulaunoy 5f0755859e misp-usage-frequency updated 2017-07-03 12:11:54 +02:00
Alexandre Dulaunoy a8b1a0a512 misp-usage-frequency updated 2017-07-03 12:09:46 +02:00
Alexandre Dulaunoy 0949bd47ca misp-usage-frequency updated 2017-07-03 12:08:42 +02:00
Alexandre Dulaunoy a04174c1c1 misp-usage-frequency updated 2017-07-03 12:06:11 +02:00
Alexandre Dulaunoy b18eed04ae misp-usage-frequency 2017-07-03 12:04:56 +02:00
Alexandre Dulaunoy aed89b835d misp-usage-frequency -> ui-priority 2017-07-03 12:03:18 +02:00
Alexandre Dulaunoy 45230db220 Fix #14 2017-07-03 11:59:25 +02:00
Andras Iklody ef05cd5f06 Changed DDOS port attributes to port type 2017-07-03 06:33:53 +02:00
Raphaël Vinot 9186771eb7 Update versions 2017-06-28 11:57:36 +02:00
Raphaël Vinot 16af934386 Enforce meta-category 2017-06-28 11:21:24 +02:00
Alexandre Dulaunoy c3186cbcb2 Now meta category for ail to misc 2017-06-28 11:11:44 +02:00
Alexandre Dulaunoy 3e19326efa jq of geolocation object 2017-03-22 07:32:07 +01:00
Alexandre Dulaunoy ff8e9c0a36 geolocation - an object to describe a geographic location. 2017-03-22 07:30:42 +01:00
Alexandre Dulaunoy d413434463 jq of ail-leak 2017-03-22 06:55:15 +01:00
Alexandre Dulaunoy e6fbcf9d53 information leak object as defined by the AIL Analysis Information Leak framework. 2017-03-22 06:54:11 +01:00
Raphaël Vinot d7a1f85100 Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00
Raphaël Vinot 2f74b709d4 Updade r2graphity definition 2017-03-20 14:30:45 +01:00
Raphaël Vinot 29a66cd4d6 Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00
Raphaël Vinot c0d95f58b5 Remove duplicate entries in file object 2017-03-17 18:00:37 +01:00
Raphaël Vinot 2c5208aab2 Merge branch 'master' of github.com:MISP/misp-objects 2017-03-17 17:32:21 +01:00
Raphaël Vinot 2c2c11c9ca Add and enforce UUID in the object definitions 2017-03-17 17:31:09 +01:00
Alexandre Dulaunoy 6fb4acb9da jq all 2017-03-16 23:06:36 +01:00
Alexandre Dulaunoy 0da065163a Merge branch 'master' of github.com:MISP/misp-objects 2017-03-16 23:05:11 +01:00
Raphaël Vinot c0bd545347 Add malware-sample to file object 2017-03-16 18:18:51 +01:00
Sébastien Larinier 140fcbf251 correct travis 2017-03-15 11:30:54 +01:00
Sébastien Larinier 22f2bb8825 add impfuzzy 2017-03-15 11:19:08 +01:00
Alexandre Dulaunoy 37c1722d3e disable_correlation added 2017-03-15 07:42:14 +01:00
Raphaël Vinot 15488f0633 Update PE object 2017-03-14 15:57:05 +01:00
Sébastien Larinier 16f41b2b4a correct travis failed 2017-03-14 10:05:48 +01:00
Sébastien Larinier fb5ec25000 add type of sections 2017-03-13 18:04:21 +01:00
Sébastien Larinier 681d18f4eb add attributes 2017-03-13 17:58:56 +01:00
Sébastien Larinier 684d4d0631 delete attribute 2017-03-13 17:32:51 +01:00
Sébastien Larinier 3ec78c72e4 add elf,elf-section and number of sections in a pe, and move pehash in pe 2017-03-13 17:23:42 +01:00
Sébastien Larinier 47725c5742 correct bug on characteristics 2017-03-13 16:37:20 +01:00
Sébastien Larinier 6c1020b98a correct bug 2017-03-13 16:33:50 +01:00
Sébastien Larinier 2838d5aed4 correct bug 2017-03-13 16:08:27 +01:00
Sébastien Larinier 878d0a30ca add characteristics and ssdeep to pe-sections 2017-03-13 15:55:29 +01:00
Raphaël Vinot 16c7164816 Merge branch 'master' of github.com:MISP/misp-objects 2017-03-13 14:50:08 +01:00
Raphaël Vinot b90fd9ddc1 Update file/PE objects
* Add sane defaults
* Disable correlation when it doesn't make sense
2017-03-13 14:49:25 +01:00
Alexandre Dulaunoy 6185e68498 JQifized 2017-03-13 08:19:27 +01:00
Alexandre Dulaunoy 8685efd136 url object JQified 2017-03-13 07:45:38 +01:00
Alexandre Dulaunoy 1da88ddb99 url object describes an url along with its normalized field (e.g. using
faup parsing library) and its metadata.
2017-03-13 07:45:06 +01:00
Raphaël Vinot a755d50e92 Update file and pe, add pe-section 2017-03-12 23:06:39 +01:00
Raphaël Vinot e931bbbd1c Add PE object 2017-03-09 14:14:36 +01:00
Alexandre Dulaunoy 7e00825715 jq all the things 2017-03-05 16:51:02 +01:00
Alexandre Dulaunoy 18e84ca2c8 required_value for protocol added 2017-03-05 16:41:52 +01:00
Alexandre Dulaunoy 1ec1761307 First proposal of a DDoS object in MISP 2017-03-05 13:01:02 +01:00
Raphaël Vinot a68e678f50 JQ all the things 2017-02-13 11:18:42 +01:00
Alexandre Dulaunoy 284c4e4084 Merge pull request #1 from mike1703/master
email object added
2016-12-12 20:54:03 +01:00
Raphaël Vinot 72ca71a1cc Update definition.json 2016-12-12 20:10:31 +01:00
Michael Kerscher 30512f69af registry key object added 2016-12-07 16:39:31 +01:00
Michael Kerscher 1d97cbbd2d email object added 2016-12-07 16:06:52 +01:00
Alexandre Dulaunoy 497b7b7b7e First version of the vulnerability object (basic CVE support) 2016-05-27 22:36:18 +02:00
Raphaël Vinot a493cc59a3 Fix json files (file and whois) 2016-04-11 13:00:04 +02:00
Alexandre Dulaunoy 7bcc98177c x509 object added 2016-02-16 07:43:17 +01:00
Alexandre Dulaunoy f3afabc91b ip-port added.
An IP address and a port seen as a tuple (or as a triple) in a specific
time frame.
2016-02-16 07:25:54 +01:00
Alexandre Dulaunoy 7c30ab3977 Passive DNS object added 2016-02-13 18:19:27 +01:00
Alexandre Dulaunoy 2fe9742251 Typo fixed 2016-02-13 18:17:22 +01:00
Alexandre Dulaunoy 10431c3c42 optional text attributes added 2016-02-09 21:46:45 +01:00
Alexandre Dulaunoy 415adea9a7 pattern-in-file added 2016-02-09 21:23:48 +01:00
Alexandre Dulaunoy 8587b1a71b First version of the file object 2016-02-09 21:04:39 +01:00
Alexandre Dulaunoy fc5ecd7c69 Whois object added 2016-02-09 16:08:15 +01:00