MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,764 Commits
4 Branches
39 Tags
10 MiB
Commit Graph

3 Commits (173af552aa2d18f47c02cfdb873fbff9daa3cb0c)

Author SHA1 Message Date
Alexandre Dulaunoy 91e1c8bdcd
chg: [query] add Kusto Query Language (KQL) 
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
 2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format 
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
 2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy 07b6883c93
new: [query] query object to describe search queries on SIEM and other tools 
MISP object template designed following requests and especially this twitter thread:

https://twitter.com/castello_johnny/status/1540610057263628289

I added a list of sane default based on the ones I have seen being used:

      "sane_default": [
        "event query language (eql)",
        "keyword query language (kql)",
        "Query DSL",
        "Query (Elastic Search)",
        "Sigma",
        "Lucene query",
        "Google search query",
        "Ariel Query Language (qradar)",
        "Grep",
        "Devo LINQ"
      ],

Thanks to Gianni Castaldi and others for ideas.

The object can be expanded and improved over the time and the needs
to share new queries.
 2022-06-25 11:37:41 +02:00