MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
746 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

517 Commits (230122493cf66881eb89c9e6aa393df808dad50e)

Author SHA1 Message Date
Deborah Servili bd9970b1c9
fix lr-impact attributes names 2019-02-26 14:26:29 +01:00
Deborah Servili bc05eca2b6
disable correlations on ilr-impact attributes 2019-02-26 14:05:01 +01:00
Deborah Servili ec2851d4eb
add ilr-impact object 2019-02-26 13:57:31 +01:00
Sascha Rommelfangen 45f6aec0f5
corrected order 2019-02-25 09:29:15 +01:00
marcnil815 03870031db
jq'ed definition.json 2019-02-21 19:36:07 +01:00
marcnil815 e26e54b54a
Create splunk object definition.json 
Adding misp-object for basic splunk search/correlation search values.
 2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy b0f07156ae
Merge pull request #147 from Delta-Sierra/master 
Person object - Add a (or several) role to a person
 2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy 18042c0749
chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
Deborah Servili 0173504050
Person object - Add a (several) role to a person 2019-02-15 09:46:29 +01:00
Alexandre Dulaunoy 08798f1262
chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
Alexandre Dulaunoy 8a4f2c96b8
chg: [file] preferred charset used by the file (if decoded from mime-type parsing) 2019-02-14 14:16:01 +01:00
Alexandre Dulaunoy f9bb8bfa9b
chg: [phishing] removed the IDS flag on the email used for takedown - and change attribute type 2019-02-11 06:45:18 +01:00
Sascha Rommelfangen f09a392d49
added hostname attribute to the phishing object 2019-02-07 14:58:40 +01:00
Alexandre Dulaunoy 75ae30f44d
Merge pull request #143 from rommelfs/master 
added values valuable to operators
 2019-02-02 09:27:38 +01:00
Alexandre Dulaunoy 36dc6efab3
chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
Sascha Rommelfangen 732476d7ca
added values valuable to operators 2019-02-01 09:37:31 +01:00
Alexandre Dulaunoy f5c7530e0b
chg: [anonymisation] algo list fixed 2019-01-31 23:01:08 +01:00
Andras Iklody 86a116770b
Update definition.json 2019-01-31 22:57:49 +01:00
Alexandre Dulaunoy b141dce581
add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. 2019-01-31 22:41:23 +01:00
Deborah Servili db6297131f Merge https://github.com/MISP/misp-objects 2019-01-28 15:44:31 +01:00
Deborah Servili 0f6f7de384
fix required field for interpol notice 2019-01-28 15:40:07 +01:00
Deborah Servili 1533703894
add interpol notice object 2019-01-28 15:26:49 +01:00
Alexandre Dulaunoy beb0ec8bb7
chg: [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet) 
- I sense a new stackoverflow survey category

Signed-off: 5c45721d-de08-4fff-b9b0-168a02de0b81
 2019-01-24 13:36:09 +01:00
Alexandre Dulaunoy b25388c406
Merge pull request #139 from Delta-Sierra/master 
Person object - add alias as a requiredOneof attribute
 2019-01-11 20:31:03 +01:00
chrisr3d b94abc9182 Merge branch 'master' of github.com:MISP/misp-objects 2019-01-11 16:51:18 +01:00
chrisr3d cf8c50b72e
fix: Disabled correlation for original imported samples 2019-01-11 16:50:29 +01:00
Deborah Servili d6299e6542
update person object version 2019-01-11 15:03:11 +01:00
Deborah Servili b0d8e91f0f
add alias as a requiredOneof attribute 2019-01-11 15:02:06 +01:00
Christophe Vandeplas ae32e23fbf chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00
Stefan Kelm d98cfd6d16 New object: Information related to known scanning activity (e.g. from research projects) 2019-01-02 16:19:08 +01:00
eCrimeLabs 68ca8b0a92 Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version 2018-12-30 12:31:17 +01:00
Alexandre Dulaunoy 9b84576442
add: [facial-composite] new facial composite object 2018-12-21 20:41:45 +01:00
Alexandre Dulaunoy 5a9800ab6a
chg: [person] portrait added #133 2018-12-21 20:28:24 +01:00
Deborah Servili 7dfa69a743
Object Victim - Extended requiredOneof 2018-12-21 12:27:11 +01:00
Alexandre Dulaunoy 11a462e79b
chg: [person] OFAC fields - Office of Foreign Assets Control 2018-12-04 15:39:51 +01:00
Alexandre Dulaunoy 6cc29aad3d
chg: [microblog] a small clarification about the username to avoid the @ 2018-11-26 22:21:51 +01:00
Alexander J e44dd16b18
new misp object for a timesketch message 
to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
 2018-11-23 15:40:57 +01:00
Alexandre Dulaunoy 7808850ce2
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with 
relationships from this object
 2018-11-18 10:29:42 +01:00
Alexandre Dulaunoy 39dd150e2a
add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF) 2018-11-18 10:28:18 +01:00
Alexandre Dulaunoy 3ec98a8a65
chg: [cortex-taxonomy] aka mini-report 2018-11-18 10:11:25 +01:00
Alexandre Dulaunoy 0f1f23fbb5
fix: [cortex-taxonomy] jq all the things(tm) 2018-11-09 14:21:10 +01:00
Hendrik d61a1f3390 Added cortex taxonomy object definition 2018-11-09 12:37:34 +01:00
Alexandre Dulaunoy 78bfd806e7
Merge pull request #127 from thomaspatzke/process-extension 
Extension of process object
 2018-11-02 08:56:14 +01:00
Thomas Patzke e12f15d5da Fixed misp-attribute in link attribute of paste object 2018-11-02 00:40:55 +01:00
Thomas Patzke d41b642bc4 Extension of process object 2018-11-02 00:35:28 +01:00
Steve Clement e132ea8e03 fix: [definition] Fixed current balance type, is float. 2018-10-30 22:58:54 +09:00
Steve Clement 6560a53b80 chg: [definition] Extended crypto coin object to be able to enrich with interesting data 2018-10-30 21:30:09 +09:00
Alexandre Dulaunoy a4207d1f36
chg: [mactime-timeline-analysis] disable some correlations 2018-10-29 20:43:36 +01:00
Alexandre Dulaunoy ccab94e1b7
chg: [ip-api-adress] updated to ensure correlation disabled 2018-10-28 15:07:35 +01:00
Raphaël Vinot decd49b6fc fix: JQ things 2018-10-25 17:45:47 -04:00
Raphaël Vinot e3d5d636e4 chg: Add type of internal reference 2018-10-25 15:47:04 -04:00
Raphaël Vinot 1a0d055caa new: Internal reference object 2018-10-25 13:47:20 -04:00
Alexandre Dulaunoy 2f1ed1ee0c
chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
Alexandre Dulaunoy 5e952a4bf7
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
Alexandre Dulaunoy 38a3718693
typo fixed 2018-10-25 17:42:57 +02:00
Alexandre Dulaunoy 7a70a1ece3
fix: various typos 2018-10-25 17:38:26 +02:00
Alexandre Dulaunoy 26fcbcd3bf
fix typo 2018-10-25 17:35:50 +02:00
Alexandre Dulaunoy 172b5551ba
Merge branch 'master' of github.com:MISP/misp-objects 2018-10-25 17:32:47 +02:00
Alexandre Dulaunoy b93ad7969f
fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
Alexandre Dulaunoy 38a006b05b
Merge branch 'master' of https://github.com/Aks6193/misp-objects 2018-10-25 17:30:30 +02:00
aksha bb119724ba fix: Changed TSK object names to lower case 2018-10-25 13:21:08 +01:00
aksha 1cedea6506 Chg: Jq'ed all the objects 2018-10-25 12:39:48 +01:00
Alexandre Dulaunoy 15539c5e25
Merge pull request #123 from neok0/sandbox-file-attribute 
added sandbox-file type as attribute for storing e.g. sandbox results…
 2018-10-24 14:39:25 +02:00
Alexandre Dulaunoy 7bffd599ab
Merge pull request #122 from neok0/master 
enable multiple summary attribute in report object
 2018-10-24 14:37:33 +02:00
Tobias Mainka 8b861df876 fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00
Tobias Mainka 675b60703b added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00
Alexandre Dulaunoy a2ce46ecad
chg: [pcap-metadata] linktype added in the sane default 2018-10-24 07:35:31 +02:00
Alexandre Dulaunoy 3bf8c938aa
fix the required part of the url 2018-10-23 20:03:58 +02:00
Alexandre Dulaunoy 1a1972003d
add: [pcap-metadata] new object template for pcap file metadata (WiP) 2018-10-23 16:35:08 +02:00
Alexandre Dulaunoy ae103f6080
chg: [person] add attributes to whois-related information which can be associated to a person 2018-10-23 08:43:35 +02:00
Tobias Mainka 332cf5475c enable multiple summary attribute in report object 2018-10-22 14:55:27 +02:00
aksha 478dc899f2 Add: Web artefacts objects 2018-10-22 09:35:21 +01:00
chrisr3d de3acf865d
fix: Disabled correlation of imported files format attribute 2018-10-22 10:13:48 +02:00
aksha 711abb094a Add: python-etvx object 2018-10-15 11:08:09 +01:00
chrisr3d 141a0c8d41
fix: JQed ip-api-address template 2018-10-11 09:14:08 +02:00
chrisr3d 8137a58f48 fix: Fixed ip-api-address object template filename 2018-10-11 07:11:28 +02:00
Alexandre Dulaunoy 09495c3f2a
chg: [network-connection] disable correlation 2018-10-06 20:27:51 +02:00
Alexandre Dulaunoy 6ea337654a
Merge branch 'master' of github.com:MISP/misp-objects 2018-10-06 09:35:58 +02:00
Alexandre Dulaunoy 9735995ba1
chg: [process] disable correlation where it's not required 2018-10-06 07:42:34 +02:00
DigitalLeukocyte afb1d28b2b
Added ip-api-address object 
Object useful for IP data from http://ip-api.com.
 2018-10-04 13:45:22 -07:00
DigitalLeukocyte 237b5a364b
Delete IP_API_IP_Address.json 2018-10-04 13:42:07 -07:00
DigitalLeukocyte c39ff94f41
Deleted IP_API single file 2018-10-04 13:15:55 -07:00
DigitalLeukocyte 04aea7b596
Uploaded IP_API Object in folder 2018-10-04 13:14:42 -07:00
DigitalLeukocyte 59b1dda754
Updated to match more of ip-api.com 2018-10-04 12:41:52 -07:00
DigitalLeukocyte ec75268f5c
Created for data from ip-api.com 2018-10-02 13:02:49 -07:00
DigitalLeukocyte 60f559f6da
Create IP_API.JSON 2018-10-02 13:01:29 -07:00
aksha f8226fc200 Fix: Regripper object templates fixed 2018-10-02 10:14:19 +01:00
aksha 44d92e95be Add: Regripper objects (System + Software Hive) 2018-10-01 12:18:55 +01:00
aksha 58f39ff62d Add: regripper objects for system hive 2018-09-30 21:35:38 +01:00
Alexandre Dulaunoy 25e9f5d51a
chg: [phishing] new template object (first draft) based on the phishtank format 2018-09-28 15:14:51 +02:00
aksha 58ab539825 Fix: NTUser template 2018-09-28 12:15:21 +01:00
aksha 98459432a2 Add: Regripper 3 object templates including SAM hive and NTUSer.dat. 2018-09-28 12:13:31 +01:00
Alexandre Dulaunoy 5acaa3498f
chg: jq all the things ;-) 2018-09-27 13:19:33 +02:00
Alexandre Dulaunoy 96f234884a
Merge branch 'master' of https://github.com/Aks6193/misp-objects into Aks6193-master 2018-09-27 13:19:04 +02:00
aksha 10acf6289e add: Misp object for Mactime-timeline-analysis 2018-09-27 11:46:32 +01:00
Alexandre Dulaunoy 01ea4c3097
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded 
ref: fix https://github.com/MISP/MISP/issues/3679
 2018-09-21 07:11:38 +02:00
Alexandre Dulaunoy 4d6e0d7580
chg: [file] fullpath can be part of a single file object 2018-09-16 17:13:30 +02:00
Stefan Kelm 00184b6fc0 bgp-hijack 2018-09-13 14:13:33 +02:00
Stefan Kelm 8b5b5df77c bgp-hijack 2018-09-13 14:05:45 +02:00
Alexandre Dulaunoy 243396a34d
chg: [ail] version of the template updated 2018-09-12 22:11:46 +02:00