MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,256 Commits
6 Branches
44 Tags
12 MiB
Commit Graph

871 Commits (34a8807b15be6eaccf7cfab2c3589935368775d9)

Author SHA1 Message Date
Beaujeant a65aa06859 chg: can have mutliple text attributes 2020-11-25 16:17:54 +01:00
Alexandre Dulaunoy 9185d69d14
chg: [jq] all the [things] 2020-11-24 11:48:22 +01:00
Steve Clement 506116f0ac
chg: [json] sort 2020-11-24 14:58:19 +09:00
Steve Clement dd6ebe5385
new: [sh] Added process state 2020-11-24 14:55:47 +09:00
Steve Clement 4997dc575c
Merge remote-tracking branch 'upstream/main' into process 2020-11-24 14:45:04 +09:00
chrisr3d 0a3e94839c
add: [passive-dns] Added a raw_rdata object relation 2020-11-13 20:09:46 +01:00
chrisr3d 903935c1fe
chg: Using the actual attribute type for cpe and weakness instead of text 2020-10-22 22:11:50 +02:00
Alexandre Dulaunoy 27a554ab12
chg: [cpe-asset] updated 2020-10-16 12:31:44 +02:00
Alexandre Dulaunoy 89f4f6dbc1
new: [cpe-asset] an asset as defined with a CPE value 
This object was created to support the use-case of pisax.org for the
following use-case:

 - They define well-known assets which are used by IXPs and GRXs via
 their CPEs;
 - The assets are defined in a set of fixed/master MISP events;
 - Those events are used to query NVD/CVE database via cve-search
 (https://github.com/cve-search/cve-search) using a PyMISP script
 - Then the CVEs matching the CPE are added in MISP and dispatched to the
 sharing community of users as specific MISP events.

Ref: PISAX - pan-European Information Sharing and Analysis Center (ISAC) to IXPs and GRXs
Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf ((NIST Interagency Report 7695))
 2020-10-16 09:21:40 +02:00
Alexandre Dulaunoy 141a8d2e2f
chg: [vulnerability] fixed 2020-10-15 22:49:29 +02:00
Alexandre Dulaunoy 25c888cecb
chg: [vulnerability] vulnerable_configuration are now cpe type 2020-10-15 22:40:50 +02:00
Alexandre Dulaunoy 5c935172ea
chg: [file] because sorted is always better 2020-10-13 22:47:10 +02:00
Alexandre Dulaunoy 0196285c0f
chg: [file] imphash and telfhash added 2020-10-13 22:46:24 +02:00
Alexandre Dulaunoy 8ee7728e84
chg: [gitlab-user] because -r is important 2020-10-07 09:20:54 +02:00
Alexandre Dulaunoy b4d21455fd
new: [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template 2020-10-07 09:13:29 +02:00
Richard Hallick f6f419cadc Addition of Intel 471 vulnerability intelligence object 
Intel 471 object to contain structured vulnerability related data.
 2020-09-23 13:20:33 +01:00
Richard Hallick f116494ac9 Addition of intel471-vulnerability-intelligence object 
Intel 471 object to contain structured vulnerability related data.
 2020-09-23 13:02:02 +01:00
Alexandre Dulaunoy bd6aad0cd9
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-17 08:19:03 +02:00
Alexandre Dulaunoy 4828fea3b7
chg: [github-user] reflect the API fields 2020-09-17 07:24:30 +02:00
Raphaël Vinot e009365d61 chg: Sort json 2020-09-16 15:17:43 +02:00
Alexandre Dulaunoy 794f9e7c43
chg: [keybase] be consistent with keybase API 2020-09-16 14:49:08 +02:00
Alexandre Dulaunoy 9cc343781f
chg: [keybase-account] at least username is required 2020-09-16 14:45:37 +02:00
chrisr3d 054899d28b
fix: JSON Validation 2020-09-09 10:36:20 +02:00
chrisr3d 3fce227f39 Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-09 10:11:58 +02:00
chrisr3d cadaa5d8c9
fix: Disabling correlation for all the bgp-ranking object attributes 2020-09-09 10:09:07 +02:00
Alexandre Dulaunoy bb26860669
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-09 08:12:55 +02:00
Alexandre Dulaunoy ca7ed9b396
new: [github-user] a GitHub user object template 
Based on the information seen on the web interface.

TODO: Check the GitHub API and review the information available.
 2020-09-09 07:40:03 +02:00
Alexandre Dulaunoy 31586921b2
chg: [twitter-account] incorrect description fixed 2020-09-09 07:24:03 +02:00
chrisr3d 2671039cec
fix: JSON validation 2020-09-08 12:11:50 +02:00
chrisr3d 77fc1e0d97 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2020-09-08 11:53:41 +02:00
chrisr3d 33cf33dc24
add: Added an IP address family attribute to describe the address family concerned by the BGP ranking 2020-09-08 11:52:39 +02:00
Raphaël Vinot 6c98bf536f fix: Incorrect relationships in requiredoneof field 2020-09-08 11:17:57 +02:00
chrisr3d 0ba4909549
add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time 
- We can then associate as many bgp-ranking
  objects as we need to the corresponding  ASN
  object, each one of them being the ranking of
  the ASN for a given day
 2020-09-07 23:56:10 +02:00
chrisr3d e2f062e477
fix: Validation issue fixed 2020-09-03 14:21:06 +02:00
chrisr3d e743d7d013
fix: Normalised object relations of the ilr objects 
- Using dash as separator instead of space
 2020-09-03 14:14:01 +02:00
chrisr3d 2c64f6e04a
fix: Normalised object relations of the vehicle object 
- Using dash as separator instead of space
 2020-09-03 14:12:59 +02:00
chrisr3d 3a7eb020e6
fix: Normalised object relations of the phishing objects 
- Using dash as separator instead of space
 2020-09-03 14:12:05 +02:00
chrisr3d 73ced3e75c
fix: Normalised object relations of the ip-api-address object 
- Using dash as separator instead of space
 2020-09-03 14:10:02 +02:00
chrisr3d 7865f4110d
chg: Making source port attribute multiple in the ip-port object 2020-09-03 14:08:36 +02:00
Alexandre Dulaunoy 7fe39ca8f6
chg: [keybase] newline issue 2020-09-03 12:23:13 +02:00
Alexandre Dulaunoy 3d530764b5
chg: [keybase-account] meta category updated 2020-09-03 12:19:36 +02:00
Alexandre Dulaunoy bc59103f84
chg: [jq] all the things 2020-09-03 12:11:20 +02:00
Alexandre Dulaunoy 46b6f79cfd
chg: [keybase] description updated 2020-09-03 12:08:13 +02:00
Alexandre Dulaunoy ae3158e3fa
chg: [keybase] updated 2020-09-03 12:02:37 +02:00
Alexandre Dulaunoy 1d870bf238
chg: [restore] file 2020-09-03 12:01:26 +02:00
Pauline Bourmeau 2e5d994deb Revert "added description field in attributes" 
This reverts commit 3224f78d4f.
 2020-09-03 11:55:31 +02:00
Pauline Bourmeau 496f4bd030 jq-ed file 2020-09-03 11:05:21 +02:00
Pauline Bourmeau 3224f78d4f added description field in attributes 2020-09-03 11:00:38 +02:00
Pauline Bourmeau a3fd21d39d fixed comments 2020-09-03 10:02:30 +02:00
Pauline Bourmeau 5e7152714b first addition of keybase object 2020-09-03 09:41:12 +02:00
Alexandre Dulaunoy d35cd2d47f
chg: [jq] all the things 2020-08-28 16:45:47 +02:00
Pauline Bourmeau da3c168506
Update definition.json 2020-08-28 16:41:01 +02:00
Alexandre Dulaunoy 939a950d87
chg: [jq] all the things 2020-08-28 16:33:05 +02:00
Pauline Bourmeau 50288b806c
Update definition.json 2020-08-28 16:27:41 +02:00
Pauline Bourmeau d76f21d8b5
Update definition.json 2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy a168037d93
chg: [jq] all the things 2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy 894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main 2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy c487e73b86
chg: [jq] all the things 2020-08-28 16:08:39 +02:00
Pauline Bourmeau 794063dfe9
Update definition.json 2020-08-28 16:05:33 +02:00
Pauline Bourmeau 9fd1f78b5a
Update definition.json 2020-08-28 16:05:05 +02:00
Pauline Bourmeau b698ccb724
Update definition.json 2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy 6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type 
The vulnerability type is an official CVE number.

We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.

This commit fixes #234
 2020-08-28 11:23:10 +02:00
rmkml cd49fe8d97 add SHA3 Hash on definition.json 2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy 842d128ef3
chg: [misp-objects] newline newline newline is the evil 2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy dc70db0204
chg: [pe] multiple is true not 1 ;-) 2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy 0c863f194f
chg: [pe] richpe 2020-08-20 10:39:49 +02:00
Andras Iklody 4a671ca739
chg: [RichPE] added 2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy bfec61d8b0
chg: [file] jq 2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy 7fdfbd4110
UUID must be the same 2020-08-18 07:44:12 +02:00
rmkml 5bdc6c6592 add vhash (VirusTotal Hash) on definition.json 2020-08-17 17:35:58 +02:00
Emil Henry Flakk 097ea8c76c Add more rrtypes to dns-record 2020-08-15 14:57:53 +02:00
VVX7 7bbcf0ed78 chg: [dev] add Parler app objects 2020-07-05 22:03:16 -04:00
Marc Hörsken 58fb163312 chg: [cortex-taxonomy] sort attributes 
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:

`namespace:predicate="value"` with `level` as a meta information.
 2020-07-02 13:29:32 +02:00
Raphaël Vinot b7c2562a4f new: android-app object template 2020-06-21 21:45:46 +02:00
Jean-Louis Huynen c1b7b93526 add: [d4] authentication failure report object 2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy bffde5446e
Merge pull request #261 from VVX7/master 
chg: [dev] disable correlation on some attributes.
 2020-06-12 09:00:07 +02:00
VVX7 bbd5a2a94d chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image. 2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy 968a7a8212
Merge pull request #260 from VVX7/master 
chg: [dev] make Reddit attributes reflect Reddit API.
 2020-06-08 17:22:27 +02:00
VVX7 7577cbe59a chg: [dev] make Reddit attributes (mostly) reflect Reddit API. 2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy 75b71d6f3b
Merge pull request #258 from VVX7/master 
chg: [dev] add object properties from #254
 2020-06-02 19:00:35 +02:00
VVX7 53d2a18811 chg: [dev] run validate_all/jq 2020-06-02 11:11:43 -04:00
VVX7 56bd29d829 chg: [dev] make twitter object attributes more consistent with twitter api 2020-06-02 11:08:30 -04:00
Jesse Hedden 42d3dda12f fixed order 2020-06-01 16:36:58 -07:00
Jesse Hedden 8256c0ada9 extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored 2020-06-01 16:02:03 -07:00
VVX7 200ac19bad chg: [dev] add object properties from #257 2020-05-31 09:52:49 -04:00
VVX7 b9e235a4f4 chg: [dev] fix attribute type 2020-05-30 18:36:09 -04:00
VVX7 cf5687b50d new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. 2020-05-29 21:10:02 -04:00
VVX7 ed7a730a79 new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit 2020-05-29 16:34:00 -04:00
VVX7 c6da4c9e66 chg: [dev] add user avatar 2020-05-28 16:40:21 -04:00
VVX7 69467c133f new: [dev] add facebook-account 2020-05-28 16:32:20 -04:00
VVX7 5aeac12979 chg: [dev] change post-id attribute type to text 2020-05-28 15:48:18 -04:00
VVX7 ede33742aa chg: [dev] run rq 2020-05-28 15:32:43 -04:00
VVX7 ae95dd1834 new: [dev] add facebook-post object. 2020-05-28 15:31:50 -04:00
VVX7 5a9a0fe5ce new: [dev] add facebook-page object. 2020-05-28 15:29:01 -04:00
VVX7 66f96da3d9 new: [dev] add facebook-group object. 2020-05-28 15:25:04 -04:00
VVX7 2164d80337 chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions. 2020-05-28 15:19:27 -04:00
Raphaël Vinot 093850f6c3 new: Preliminary version of git-vuln-finder object template 2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy 9e73449ec7
chg: [sms] format fixed 2020-05-14 18:17:09 +02:00
Carlos Borges 546cd88918
Updating template version 2020-05-13 20:44:09 -03:00
Carlos Borges 02ea8d2afc
updating a missing comma 2020-05-13 20:43:37 -03:00