Deborah Servili
7dfa69a743
Object Victim - Extended requiredOneof
2018-12-21 12:27:11 +01:00
Alexandre Dulaunoy
11a462e79b
chg: [person] OFAC fields - Office of Foreign Assets Control
2018-12-04 15:39:51 +01:00
Alexandre Dulaunoy
6cc29aad3d
chg: [microblog] a small clarification about the username to avoid the @
2018-11-26 22:21:51 +01:00
Alexander J
e44dd16b18
new misp object for a timesketch message
...
to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
2018-11-23 15:40:57 +01:00
Alexandre Dulaunoy
7808850ce2
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with
...
relationships from this object
2018-11-18 10:29:42 +01:00
Alexandre Dulaunoy
39dd150e2a
add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF)
2018-11-18 10:28:18 +01:00
Alexandre Dulaunoy
3ec98a8a65
chg: [cortex-taxonomy] aka mini-report
2018-11-18 10:11:25 +01:00
Alexandre Dulaunoy
0f1f23fbb5
fix: [cortex-taxonomy] jq all the things(tm)
2018-11-09 14:21:10 +01:00
Hendrik
d61a1f3390
Added cortex taxonomy object definition
2018-11-09 12:37:34 +01:00
Alexandre Dulaunoy
78bfd806e7
Merge pull request #127 from thomaspatzke/process-extension
...
Extension of process object
2018-11-02 08:56:14 +01:00
Thomas Patzke
e12f15d5da
Fixed misp-attribute in link attribute of paste object
2018-11-02 00:40:55 +01:00
Thomas Patzke
d41b642bc4
Extension of process object
2018-11-02 00:35:28 +01:00
Steve Clement
e132ea8e03
fix: [definition] Fixed current balance type, is float.
2018-10-30 22:58:54 +09:00
Steve Clement
6560a53b80
chg: [definition] Extended crypto coin object to be able to enrich with interesting data
2018-10-30 21:30:09 +09:00
Alexandre Dulaunoy
a4207d1f36
chg: [mactime-timeline-analysis] disable some correlations
2018-10-29 20:43:36 +01:00
Alexandre Dulaunoy
ccab94e1b7
chg: [ip-api-adress] updated to ensure correlation disabled
2018-10-28 15:07:35 +01:00
Raphaël Vinot
decd49b6fc
fix: JQ things
2018-10-25 17:45:47 -04:00
Raphaël Vinot
e3d5d636e4
chg: Add type of internal reference
2018-10-25 15:47:04 -04:00
Raphaël Vinot
1a0d055caa
new: Internal reference object
2018-10-25 13:47:20 -04:00
Alexandre Dulaunoy
2f1ed1ee0c
chg: [regripper-sam-hive-single-user] uuid fixed
2018-10-25 17:49:20 +02:00
Alexandre Dulaunoy
5e952a4bf7
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
2018-10-25 17:45:58 +02:00
Alexandre Dulaunoy
38a3718693
typo fixed
2018-10-25 17:42:57 +02:00
Alexandre Dulaunoy
7a70a1ece3
fix: various typos
2018-10-25 17:38:26 +02:00
Alexandre Dulaunoy
26fcbcd3bf
fix typo
2018-10-25 17:35:50 +02:00
Alexandre Dulaunoy
172b5551ba
Merge branch 'master' of github.com:MISP/misp-objects
2018-10-25 17:32:47 +02:00
Alexandre Dulaunoy
b93ad7969f
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
Alexandre Dulaunoy
38a006b05b
Merge branch 'master' of https://github.com/Aks6193/misp-objects
2018-10-25 17:30:30 +02:00
aksha
bb119724ba
fix: Changed TSK object names to lower case
2018-10-25 13:21:08 +01:00
aksha
1cedea6506
Chg: Jq'ed all the objects
2018-10-25 12:39:48 +01:00
Alexandre Dulaunoy
15539c5e25
Merge pull request #123 from neok0/sandbox-file-attribute
...
added sandbox-file type as attribute for storing e.g. sandbox results…
2018-10-24 14:39:25 +02:00
Alexandre Dulaunoy
7bffd599ab
Merge pull request #122 from neok0/master
...
enable multiple summary attribute in report object
2018-10-24 14:37:33 +02:00
Tobias Mainka
8b861df876
fix failing check via running .jq_all_the_things.sh
2018-10-24 14:14:32 +02:00
Tobias Mainka
675b60703b
added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object
2018-10-24 13:58:38 +02:00
Alexandre Dulaunoy
a2ce46ecad
chg: [pcap-metadata] linktype added in the sane default
2018-10-24 07:35:31 +02:00
Alexandre Dulaunoy
3bf8c938aa
fix the required part of the url
2018-10-23 20:03:58 +02:00
Alexandre Dulaunoy
1a1972003d
add: [pcap-metadata] new object template for pcap file metadata (WiP)
2018-10-23 16:35:08 +02:00
Alexandre Dulaunoy
ae103f6080
chg: [person] add attributes to whois-related information which can be associated to a person
2018-10-23 08:43:35 +02:00
Tobias Mainka
332cf5475c
enable multiple summary attribute in report object
2018-10-22 14:55:27 +02:00
aksha
478dc899f2
Add: Web artefacts objects
2018-10-22 09:35:21 +01:00
chrisr3d
de3acf865d
fix: Disabled correlation of imported files format attribute
2018-10-22 10:13:48 +02:00
aksha
711abb094a
Add: python-etvx object
2018-10-15 11:08:09 +01:00
chrisr3d
141a0c8d41
fix: JQed ip-api-address template
2018-10-11 09:14:08 +02:00
chrisr3d
8137a58f48
fix: Fixed ip-api-address object template filename
2018-10-11 07:11:28 +02:00
Alexandre Dulaunoy
09495c3f2a
chg: [network-connection] disable correlation
2018-10-06 20:27:51 +02:00
Alexandre Dulaunoy
6ea337654a
Merge branch 'master' of github.com:MISP/misp-objects
2018-10-06 09:35:58 +02:00
Alexandre Dulaunoy
9735995ba1
chg: [process] disable correlation where it's not required
2018-10-06 07:42:34 +02:00
DigitalLeukocyte
afb1d28b2b
Added ip-api-address object
...
Object useful for IP data from http://ip-api.com .
2018-10-04 13:45:22 -07:00
DigitalLeukocyte
237b5a364b
Delete IP_API_IP_Address.json
2018-10-04 13:42:07 -07:00
DigitalLeukocyte
c39ff94f41
Deleted IP_API single file
2018-10-04 13:15:55 -07:00
DigitalLeukocyte
04aea7b596
Uploaded IP_API Object in folder
2018-10-04 13:14:42 -07:00
DigitalLeukocyte
59b1dda754
Updated to match more of ip-api.com
2018-10-04 12:41:52 -07:00
DigitalLeukocyte
ec75268f5c
Created for data from ip-api.com
2018-10-02 13:02:49 -07:00
DigitalLeukocyte
60f559f6da
Create IP_API.JSON
2018-10-02 13:01:29 -07:00
aksha
f8226fc200
Fix: Regripper object templates fixed
2018-10-02 10:14:19 +01:00
aksha
44d92e95be
Add: Regripper objects (System + Software Hive)
2018-10-01 12:18:55 +01:00
aksha
58f39ff62d
Add: regripper objects for system hive
2018-09-30 21:35:38 +01:00
Alexandre Dulaunoy
25e9f5d51a
chg: [phishing] new template object (first draft) based on the phishtank format
2018-09-28 15:14:51 +02:00
aksha
58ab539825
Fix: NTUser template
2018-09-28 12:15:21 +01:00
aksha
98459432a2
Add: Regripper 3 object templates including SAM hive and NTUSer.dat.
2018-09-28 12:13:31 +01:00
Alexandre Dulaunoy
5acaa3498f
chg: jq all the things ;-)
2018-09-27 13:19:33 +02:00
Alexandre Dulaunoy
96f234884a
Merge branch 'master' of https://github.com/Aks6193/misp-objects into Aks6193-master
2018-09-27 13:19:04 +02:00
aksha
10acf6289e
add: Misp object for Mactime-timeline-analysis
2018-09-27 11:46:32 +01:00
Alexandre Dulaunoy
01ea4c3097
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded
...
ref: fix https://github.com/MISP/MISP/issues/3679
2018-09-21 07:11:38 +02:00
Alexandre Dulaunoy
4d6e0d7580
chg: [file] fullpath can be part of a single file object
2018-09-16 17:13:30 +02:00
Stefan Kelm
00184b6fc0
bgp-hijack
2018-09-13 14:13:33 +02:00
Stefan Kelm
8b5b5df77c
bgp-hijack
2018-09-13 14:05:45 +02:00
Alexandre Dulaunoy
243396a34d
chg: [ail] version of the template updated
2018-09-12 22:11:46 +02:00
Terrtia
76b3086356
fix: [ail-leak] disable correlation
2018-09-12 16:49:28 +02:00
Alexandre Dulaunoy
bb2b8d810f
chg: [tracking-id] add the tracker origin such as the vendor or software
2018-09-09 12:39:22 +02:00
Alexandre Dulaunoy
37a4a93326
chg: [original-import-file] list of "sane" default format.
2018-09-09 12:34:06 +02:00
Alexandre Dulaunoy
755dbe5837
Merge branch 'master' of github.com:MISP/misp-objects
2018-09-09 12:30:26 +02:00
Alexandre Dulaunoy
c8ecf75fdc
new: [tracking-id] Analytics and tracking ID such as used in Google Analytics or other analytic platform.
2018-09-09 12:29:58 +02:00
chrisr3d
5f74fe8fa8
Merge branch 'master' of github.com:MISP/misp-objects into chrisr3d_patch
2018-09-07 11:33:45 +02:00
chrisr3d
344b8f002e
fix: Changed 'type' attribute that is more relevant as being called 'format'
2018-09-07 11:32:47 +02:00
Alexandre Dulaunoy
767b461429
chg: [file] following some CyBOX import adding a fullpath field which includes filename and path request
2018-09-07 11:26:37 +02:00
chrisr3d
1a02c6879e
chg: Deleted filename attribute since it is already contained in attachment
2018-09-06 14:54:39 +02:00
chrisr3d
0890420856
new: New Object describing original files usedd to import data in MISP
2018-09-06 11:20:26 +02:00
Alexandre Dulaunoy
38071f4bd9
chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields
2018-09-04 20:48:51 +02:00
Alexandre Dulaunoy
3a81765d8f
jq all the things (tm)
2018-09-04 20:40:16 +02:00
aksha
d2550dffb6
update: Forensic-evidence object
2018-09-04 14:18:30 +01:00
aksha
4e66e692d4
fixed intendation
2018-09-04 12:46:00 +01:00
aksha
7ee2ff1901
Add: Object template for digital evidence
2018-09-04 12:31:13 +01:00
Aks6193
d92e482a96
Merge pull request #1 from MISP/master
...
chg: [forensic-case] object added based on the original one from @Aks…
2018-09-03 20:01:41 +01:00
Alexandre Dulaunoy
0c98a925f3
chg: [forensic-case] object added based on the original one from @Aks6193
...
The idea is to separate the evidences from the case itself as you can
have multiple acquisitions for a specific case. Another object template
is required such as [forensic-evidence] to be able to link between the
forensic-case object and one or more evidences.
2018-09-03 13:54:59 +02:00
aksha
b83e98bbd4
Add: Misp object for Digital Forensic - Case metadata
2018-09-03 11:28:40 +01:00
Alexandre Dulaunoy
e90b1ce457
chg: [ja3] categories removed (default attributes categories will be used)
...
Fix MISP/MISP/issues/3593
2018-08-28 14:30:29 +02:00
Alexandre Dulaunoy
ab58f01666
chg: [geolocation] disable correlation on specific attributes
2018-08-15 18:34:35 +02:00
Alexandre Dulaunoy
487ff53afe
fix: [geolocation] to include accuracy-radius as described by maxmind geoip2 API
2018-08-15 18:26:10 +02:00
Alexandre Dulaunoy
0b164141af
chg: [vehicle] Vehicle object template to describe a vehicle information and registration
2018-08-04 15:39:38 +02:00
Deborah Servili
60010ce556
fix file object version
2018-07-27 15:19:15 +02:00
Deborah Servili
4e23159cb0
fix RequiredOneOf list in fle object
2018-07-27 15:15:47 +02:00
Deborah Servili
c1f5e7342b
url is not a field of email object, then not one of the requiredOneOf
2018-07-26 15:49:44 +02:00
Alexandre Dulaunoy
3aa3247b09
chg: [paste object] add a link attribute when the paste reference is not malicious
2018-07-26 14:06:39 +02:00
Alexandre Dulaunoy
51d8e83b1f
Merge branch 'master' of github.com:MISP/misp-objects
2018-07-20 10:18:33 +02:00
Alexandre Dulaunoy
9a72b53923
chg: allow multiple domains too fix #108
2018-07-20 10:12:09 +02:00
Andras Iklody
5af0d31c49
Allow multiple "pattern-in-file" in file object, fixes #109
2018-07-20 07:03:22 +02:00
Alexandre Dulaunoy
6bfa279701
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added
2018-07-18 09:52:31 +02:00
Raphaël Vinot
0244bce6ef
new: threatgrid-report object template
2018-07-16 13:48:56 +02:00
Alexandre Dulaunoy
9918cc393d
chg: [coin-address] ETN symbol added
2018-07-13 17:07:35 +02:00
Alexandre Dulaunoy
88819d6fa3
chg: [exploit-poc] a same context can contains multiple PoC samples
2018-07-10 09:32:12 +02:00