MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,335 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

1335 Commits (1cd5a3e9f0c1b407e53933d12259a9380bd6cd29)

Author SHA1 Message Date
Alexandre Dulaunoy d37c575ee0
chg: [email] add a from-domain field to add domain when full email is not known or a wild card 
Fix #318

Feedback from Eurocontrol training
 2021-06-22 15:23:41 +02:00
Raphaël Vinot 484a7b7c27 chg: Make mypy happy 2021-06-21 11:18:15 -07:00
Alexandre Dulaunoy fca66ddd7d
Merge branch 'phmazzoni-patch-4' into main 2021-05-28 23:08:23 +02:00
Alexandre Dulaunoy b6366988f4
chg: [paloalto-threat-event] fix newline 2021-05-28 23:07:49 +02:00
phmazzoni df58f2b29f
Disabling some field correlations 
Disabling some field correlations to avoid excessive number of events
 2021-05-27 17:24:58 -03:00
Alexandre Dulaunoy 212e410258
chg: [ddos] fix newline 2021-05-27 16:25:52 +02:00
Alexandre Dulaunoy a31f7d0f26
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA 
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
 2021-05-27 16:19:12 +02:00
Alexandre Dulaunoy 844d202844
chg: [doc] list of object templates updated 2021-05-26 14:15:57 +02:00
Alexandre Dulaunoy f24b1af50f
Merge branch 'aaronkaplan-cof2misp-dnsdbflex' into main 2021-05-26 14:12:48 +02:00
Alexandre Dulaunoy 195f0fe46a
fix: [passive-dns-dnsdbflex] newline 2021-05-26 14:12:10 +02:00
aaronkaplan 094d61a51a
dnsdbflex object 2021-05-26 12:34:34 +02:00
Alexandre Dulaunoy 93b99230e3
chg: [jq] all the things 2021-05-25 23:15:59 +02:00
Alexandre Dulaunoy 265f8d3fc7
chg: [geolocation] fix UUID to be valid UUIDv4 2021-05-25 23:11:01 +02:00
Alexandre Dulaunoy d89296b542
new: [open-data-security] new object template based on open data 
security definition

To be used in VARIoT project. https://www.variot.eu/
 2021-05-17 15:55:23 +02:00
Alexandre Dulaunoy 5d986dc25e
chg: [phishing] newline 2021-05-11 15:44:35 +02:00
Alexandre Dulaunoy 8bb8a1d22c
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-05-11 15:01:53 +02:00
Alexandre Dulaunoy d8340c3f67
chg: [phishing] version bump 2021-05-11 15:01:31 +02:00
chrisr3d 3a2e44c442
fix: [network-socket] Typo 2021-05-06 15:42:03 +02:00
chrisr3d 5028d5d99f
add: [network-socket] Added Socket type attribute 2021-05-06 15:17:52 +02:00
Alexandre Dulaunoy 60be6a5938
Merge branch 'aaronkaplan-main' into main 2021-05-03 07:21:30 +02:00
Alexandre Dulaunoy 7a476ec4ef
chg: [passive-dns] jq 2021-05-03 07:20:51 +02:00
aaronkaplan b728ed3e29
Re-Do the definition.json, according to the results of the discussion in 
https://github.com/MISP/misp-objects/pull/314

Removing *_ip and *_domain
Keeping bailiwick a domain type
 2021-05-03 00:57:14 +02:00
aaronkaplan bcd133527e
Merge branch 'main' of https://github.com/MISP/misp-objects 2021-05-02 16:03:35 +02:00
aaronkaplan 7b4c9cd6df
As discussed with @rafiot, we can't simply add rdata and rrname as 
text only into MISP objects. Why? Because otherwise we can't use MISP's
correlation engine to correlate attributes (rrname, rdata) inside these
MISP objects with other events. Because "text" would not correlate with
other "ip-src" or "domain" types in other objects/attributes.

Kind of sucks to duplicate the rrname and rdata entries, but that's the
only solution we came up with.

The COF2MISP module will populate both the rrname,rdata as well as the
rrname_{domain,ip} and rdata_{domain,ip} attributes.

Checked with jq_all_the_things.sh.
Thanks for your consideration.
 2021-05-02 15:57:54 +02:00
Alexandre Dulaunoy 4b88a52cf4
chg: [passive-dns] fix 2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy f9f0e94781
Merge branch 'aaronkaplan-patch-1' into main 2021-04-27 18:24:33 +02:00
Alexandre Dulaunoy ab84bd837f
fix: [passive-dns] fix the JSON and the version 2021-04-27 18:13:05 +02:00
AaronK df8604a8ca
Update definition.json 
Added time_first_ms, time_last_ms. Clarified a few things in the descriptions.
 2021-04-27 15:37:51 +02:00
Alexandre Dulaunoy e72cf95275
chg: [doc] list of objects updated 2021-04-27 06:04:06 +02:00
Alexandre Dulaunoy 34a8807b15
new: [doc] gitchangelog.rc added 2021-04-27 06:01:57 +02:00
Alexandre Dulaunoy 7c21a969d1
fix: [stix2-pattern] disable correlation on version 
Thanks to the new feature in MISP 2.4.142 to find top correlations ;-)
 2021-04-27 05:57:52 +02:00
Alexandre Dulaunoy 5e6f887fa1
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-04-14 09:20:52 +02:00
Alexandre Dulaunoy 6f002cd4c6
chg: [report] add a report type 2021-04-14 09:20:25 +02:00
Raphaël Vinot 067ae49498 fix: Typo 2021-03-05 18:23:11 +01:00
Raphaël Vinot 52fe647e33 Merge branch 'phmazzoni-patch-3' into main 2021-03-05 18:16:57 +01:00
Raphaël Vinot 321a952a66 chg: make jq validation happy 2021-03-05 18:16:46 +01:00
phmazzoni 16a3bed253
Create definition.json 2021-03-05 14:05:39 -03:00
phmazzoni a16d689085
Delete objects/panorama directory 2021-03-05 14:03:37 -03:00
Raphaël Vinot 3fb441b8a0 chg: Make jq validation happy 2021-03-05 15:57:41 +01:00
Raphaël Vinot 04331becf0 chg: Add PR to GH actions 2021-03-05 15:56:43 +01:00
Raphaël Vinot f724130616
Merge pull request #308 from phmazzoni/main 
Create Palo Alto Threat Log Object Template.
 2021-03-05 15:50:33 +01:00
phmazzoni b3096262f5
Create definition.json 
Create Palo Alto Threat Log Object Template.
 2021-03-05 11:30:00 -03:00
Alexandre Dulaunoy e1f01f674f
chg: [person] full-name attribute type added + expanding object person with full-name 2021-03-03 07:41:16 +01:00
Alexandre Dulaunoy e764ed6983
chg: [schema] dkim and dkim signature added 2021-02-25 07:37:36 +01:00
Alexandre Dulaunoy 4c62d6091a
fix: [dkim] clean-up 2021-02-25 07:25:09 +01:00
Alexandre Dulaunoy df6784859e
new: [dkim] DomainKeys Identified Mail - DKIM object template 2021-02-25 07:24:19 +01:00
Alexandre Dulaunoy 703b53fc3b
chg: [network-element] jq 2021-02-24 06:48:10 +01:00
Alexandre Dulaunoy 1fe9649205
chg: [network-profile] AS updated 2021-02-24 06:47:04 +01:00
Alexandre Dulaunoy d87ce65cb9
chg: [network-profile] add jarm-fingerprint 2021-02-24 06:38:49 +01:00
Alexandre Dulaunoy 41375621f7
Merge pull request #307 from hackunagi/main 
Creation of Network Profile MISP Object
 2021-02-24 06:37:22 +01:00