Alexandre Dulaunoy
570a5c18b6
chg: [devices] fixed missing ui-priority
2021-10-25 15:56:50 +02:00
Alexandre Dulaunoy
3e491aa83b
Merge branch 'main' of github.com:MISP/misp-objects into main
2021-10-25 15:53:12 +02:00
Alexandre Dulaunoy
dcc9e4c8be
chg: [device] added hits, status and infection_type (from ShadowServer)
...
- request for VarIOT project
2021-10-25 15:52:34 +02:00
Alexandre Dulaunoy
c380279dca
Merge pull request #332 from gallypette/master
...
add: [passive-ssh] new object
2021-10-25 15:36:58 +02:00
Alexandre Dulaunoy
960a03be22
chg: [geolocation] countrycode added as requested for the VarIOT.
2021-10-25 15:35:23 +02:00
misp
dac24a50c9
add: [passive-ssh] new object
2021-10-25 12:29:52 +02:00
chrisr3d
b0eb0779df
fix: [report] Removed parenthesis from the object relation `report-file`
2021-10-25 12:02:25 +02:00
chrisr3d
eb0af71d60
add: [email] Added display name attribute for CC and BCC
2021-10-25 12:00:25 +02:00
Sami Tainio
48e6ff2567
Ran jq_all_the_things_.sh
2021-10-23 10:58:55 +03:00
Sami Tainio
aa2aa0814a
chg: [email] add a `bcc` field, `reply-to` can be multiple
...
Fix #329
2021-10-22 23:29:35 +03:00
Quentin JEROME
2394885553
Ran jq_all_the_things.sh
2021-10-06 20:13:39 +02:00
qjerome
ce1aea0e14
Update descriptions of edr-report
2021-10-06 19:42:34 +02:00
Quentin JEROME
38303b282f
Added edr-report MISP Object definition
2021-10-06 19:42:45 +02:00
Alexandre Dulaunoy
6ad5f18831
chg: [security-playbook] updated
2021-10-05 15:28:26 +02:00
Vasileios Mavroeidis
ef16c5fe9a
Update definition.json
...
Improved the descriptions of the properties to aid their usability and resolve numerous ambiguities.
2021-10-02 13:01:11 +02:00
Alexandre Dulaunoy
3d52773e9d
fix: [playbook] it's always a newline story ;-)
2021-09-29 17:08:40 +02:00
Vasileios Mavroeidis
1b3447ffba
Update definition.json
...
person-role is not included in the attributes
2021-09-29 17:03:10 +02:00
Alexandre Dulaunoy
02e00959c4
fix: [security-playbook] newline issue
2021-09-28 14:49:28 +02:00
Alexandre Dulaunoy
4fed830b87
fix: [security-playbook] Categories are case sensitive
2021-09-28 14:48:27 +02:00
Pavel Eis
ee9b978c5e
new: [security-playbook] security-playbook added
2021-09-28 10:31:45 +02:00
Alexandre Dulaunoy
c8cd002a3b
chg: [hashlookup] add KnownMalicious field in hashlookup record
2021-09-24 15:33:53 +02:00
Alexandre Dulaunoy
0ba346f194
chg: [hashlookup] add source, TLSH, SSDEEP fields in the object template
2021-09-24 15:23:04 +02:00
Alexandre Dulaunoy
ffa6ed7963
chg: [process] remove ambiguity between user-creator and current user running the process
...
Following CISA/DHS feedback
Fix #322
2021-09-14 08:35:02 +02:00
Alexandre Dulaunoy
3f6a653b0d
fix: [user-account] replace the unclear text in description
...
Feedback from CISA/DHS - fix #323
2021-09-14 08:31:01 +02:00
Alexandre Dulaunoy
8c86f26e78
chg: [domain-ip] newline fix
2021-09-11 07:53:21 +02:00
Andras Iklody
12612abdcb
remove multiple from ip field
2021-09-10 15:24:50 +02:00
Alexandre Dulaunoy
b42a9d8fe0
chg: [ss7-attack] order and newline
2021-09-04 10:19:25 +02:00
Alexandre De Oliveira
9f2f46faa7
Added few fields for GT Leasing - v3
2021-09-02 13:57:40 +02:00
chrisr3d
d2b93f5aa6
chg: [hashlookup] Using the `filename` type for the FileName attribute instead of `text`
2021-08-26 15:13:14 +02:00
Alexandre Dulaunoy
633a84df03
chg: [hashlookup] newline because you know
2021-08-25 12:02:17 +02:00
Alexandre Dulaunoy
7e849963f1
chg: [hashlookup] filename changed
2021-08-25 12:00:11 +02:00
Alexandre Dulaunoy
1e4f39f728
new: [hashlookup] new hashlookup.circl.lu object
2021-08-25 11:55:57 +02:00
Alexandre Dulaunoy
8ecdd68eb8
chg: [tsk-web-search-query] jq all the things
2021-07-25 09:11:42 +02:00
Alexandre Dulaunoy
7d7cea0459
Fix incorrect type for domain
2021-07-25 09:09:53 +02:00
Alexandre Dulaunoy
d37c575ee0
chg: [email] add a from-domain field to add domain when full email is not known or a wild card
...
Fix #318
Feedback from Eurocontrol training
2021-06-22 15:23:41 +02:00
Alexandre Dulaunoy
b6366988f4
chg: [paloalto-threat-event] fix newline
2021-05-28 23:07:49 +02:00
phmazzoni
df58f2b29f
Disabling some field correlations
...
Disabling some field correlations to avoid excessive number of events
2021-05-27 17:24:58 -03:00
Alexandre Dulaunoy
212e410258
chg: [ddos] fix newline
2021-05-27 16:25:52 +02:00
Alexandre Dulaunoy
a31f7d0f26
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
...
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
2021-05-27 16:19:12 +02:00
Alexandre Dulaunoy
195f0fe46a
fix: [passive-dns-dnsdbflex] newline
2021-05-26 14:12:10 +02:00
aaronkaplan
094d61a51a
dnsdbflex object
2021-05-26 12:34:34 +02:00
Alexandre Dulaunoy
93b99230e3
chg: [jq] all the things
2021-05-25 23:15:59 +02:00
Alexandre Dulaunoy
265f8d3fc7
chg: [geolocation] fix UUID to be valid UUIDv4
2021-05-25 23:11:01 +02:00
Alexandre Dulaunoy
d89296b542
new: [open-data-security] new object template based on open data
...
security definition
To be used in VARIoT project. https://www.variot.eu/
2021-05-17 15:55:23 +02:00
Alexandre Dulaunoy
5d986dc25e
chg: [phishing] newline
2021-05-11 15:44:35 +02:00
Alexandre Dulaunoy
8bb8a1d22c
Merge branch 'main' of github.com:MISP/misp-objects into main
2021-05-11 15:01:53 +02:00
Alexandre Dulaunoy
d8340c3f67
chg: [phishing] version bump
2021-05-11 15:01:31 +02:00
chrisr3d
3a2e44c442
fix: [network-socket] Typo
2021-05-06 15:42:03 +02:00
chrisr3d
5028d5d99f
add: [network-socket] Added Socket type attribute
2021-05-06 15:17:52 +02:00
Alexandre Dulaunoy
7a476ec4ef
chg: [passive-dns] jq
2021-05-03 07:20:51 +02:00
aaronkaplan
b728ed3e29
Re-Do the definition.json, according to the results of the discussion in
...
https://github.com/MISP/misp-objects/pull/314
Removing *_ip and *_domain
Keeping bailiwick a domain type
2021-05-03 00:57:14 +02:00
aaronkaplan
bcd133527e
Merge branch 'main' of https://github.com/MISP/misp-objects
2021-05-02 16:03:35 +02:00
aaronkaplan
7b4c9cd6df
As discussed with @rafiot, we can't simply add rdata and rrname as
...
text only into MISP objects. Why? Because otherwise we can't use MISP's
correlation engine to correlate attributes (rrname, rdata) inside these
MISP objects with other events. Because "text" would not correlate with
other "ip-src" or "domain" types in other objects/attributes.
Kind of sucks to duplicate the rrname and rdata entries, but that's the
only solution we came up with.
The COF2MISP module will populate both the rrname,rdata as well as the
rrname_{domain,ip} and rdata_{domain,ip} attributes.
Checked with jq_all_the_things.sh.
Thanks for your consideration.
2021-05-02 15:57:54 +02:00
Alexandre Dulaunoy
4b88a52cf4
chg: [passive-dns] fix
2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy
ab84bd837f
fix: [passive-dns] fix the JSON and the version
2021-04-27 18:13:05 +02:00
AaronK
df8604a8ca
Update definition.json
...
Added time_first_ms, time_last_ms. Clarified a few things in the descriptions.
2021-04-27 15:37:51 +02:00
Alexandre Dulaunoy
7c21a969d1
fix: [stix2-pattern] disable correlation on version
...
Thanks to the new feature in MISP 2.4.142 to find top correlations ;-)
2021-04-27 05:57:52 +02:00
Alexandre Dulaunoy
5e6f887fa1
Merge branch 'main' of github.com:MISP/misp-objects into main
2021-04-14 09:20:52 +02:00
Alexandre Dulaunoy
6f002cd4c6
chg: [report] add a report type
2021-04-14 09:20:25 +02:00
Raphaël Vinot
067ae49498
fix: Typo
2021-03-05 18:23:11 +01:00
Raphaël Vinot
321a952a66
chg: make jq validation happy
2021-03-05 18:16:46 +01:00
phmazzoni
16a3bed253
Create definition.json
2021-03-05 14:05:39 -03:00
phmazzoni
a16d689085
Delete objects/panorama directory
2021-03-05 14:03:37 -03:00
Raphaël Vinot
3fb441b8a0
chg: Make jq validation happy
2021-03-05 15:57:41 +01:00
phmazzoni
b3096262f5
Create definition.json
...
Create Palo Alto Threat Log Object Template.
2021-03-05 11:30:00 -03:00
Alexandre Dulaunoy
e1f01f674f
chg: [person] full-name attribute type added + expanding object person with full-name
2021-03-03 07:41:16 +01:00
Alexandre Dulaunoy
4c62d6091a
fix: [dkim] clean-up
2021-02-25 07:25:09 +01:00
Alexandre Dulaunoy
df6784859e
new: [dkim] DomainKeys Identified Mail - DKIM object template
2021-02-25 07:24:19 +01:00
Alexandre Dulaunoy
703b53fc3b
chg: [network-element] jq
2021-02-24 06:48:10 +01:00
Alexandre Dulaunoy
1fe9649205
chg: [network-profile] AS updated
2021-02-24 06:47:04 +01:00
Alexandre Dulaunoy
d87ce65cb9
chg: [network-profile] add jarm-fingerprint
2021-02-24 06:38:49 +01:00
Carlos Borges
85dc07a1f4
Creation of Network Profile MISP Object
...
The idea behind this object is to provide a unique form to identify network artifacts.
It's a mix of different including whois, URL and domain.
The need for a consolidated object comes to group correlated elements.
Beyond that, I'm introducing the idea to use the correlation feature in more generic ways.
Example:
The value of "threat-actor-infrastructure-value" is the unique value observed on a network resource that identify it. A practical and tested example is this resources from Kaspesky.
https://securelist.com/the-tetrade-brazilian-banking-malware/97779/
On this article they mention a trojan family called Javali. They recover the C2 server abusing Google Docs services. The mentioned field "threat-actor-infrastructure-value" would register the values available on this image. This item should be hard to correlate with other similar items, as this can change frequently.
A way to change it is also to register a more general pattern of the data with the "threat-actor-infrastructure-pattern". I.E
inicio{
"host":"<variable>",
"porta":"<variable>"
}fim
With other investigations and registry of it on MISP, is possible to correlate this data, facilitate identification of patterns used for tracking purposes and facilitate analysis.
2021-02-23 20:39:22 -03:00
Alexandre Dulaunoy
e902af130c
chg: [report] make link or summary as non-required field
2021-02-22 18:21:45 +01:00
Alexandre Dulaunoy
4e011f2478
chg: [regexp] fixed
2021-02-19 21:56:35 +01:00
Alexandre Dulaunoy
016f9e58af
chg: [regexp] added Farsight Compatible Regular Expressions (FCRE) added
...
Ref: https://docs.dnsdb.info/dnsdb-fcre-reference-guide/#farsight-compatible-regular-expressions-fcre
2021-02-19 18:03:23 +01:00
Alexandre Dulaunoy
36994fda1e
fix: [splunk] fixed
2021-02-15 15:10:20 +01:00
Alexandre Dulaunoy
cb73cfaf49
chg: [splunk] object updated
2021-02-15 14:43:44 +01:00
marcnil815
f3830e044a
Update definition.json
...
Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches.
2021-02-15 14:13:17 +01:00
Alexandre Dulaunoy
84df20e51f
new: [windows-service] windows-service object added
2021-02-13 17:01:44 +01:00
Alexandre Dulaunoy
2b1c3532dc
chg: [report] add a link field to the report object template
2021-02-04 11:03:01 +01:00
Raphaël Vinot
3d3d40e6c0
fix: keys order in VT object
2021-02-02 15:31:00 +01:00
Raphaël Vinot
625684684a
chg: Disable correlation in VT objects
2021-02-02 15:25:13 +01:00
Alexandre Dulaunoy
160c39d91e
chg: [url] jq all the things
2021-02-02 11:57:41 +01:00
Raphaël Vinot
82c217781f
chg: allow multiple IPs in URL object
2021-02-02 11:39:37 +01:00
Terrtia
4f50074ba7
chg: [telegram-account] required attributes
2021-01-26 11:39:22 +01:00
Alexandre Dulaunoy
eedcc2d5af
chg: [telegram-account] fixes
2021-01-26 10:30:30 +01:00
Alexandre Dulaunoy
ca247d8c2a
new: [telegram-user] basic telegram user
...
Ref: https://core.telegram.org/constructor/user
More could be added in the future
2021-01-26 10:27:35 +01:00
Raphaël Vinot
1e14201fc0
chg: Update objects to match lief output for authenticode
2021-01-19 15:38:31 +01:00
Alexandre Dulaunoy
fd7c05d74b
chg: [jarm] jq all the things
2021-01-05 14:49:34 +01:00
Alexandre Dulaunoy
8d08dc52d0
chg: [jarm] jarm type is jarm-fingerprint
2021-01-05 14:48:06 +01:00
Alexandre Dulaunoy
8753de0e1e
new: [jarm] new jarm object to describe TLS/SSL implementation matching
...
a jarm fingerprint
2021-01-05 14:44:46 +01:00
Alexandre Dulaunoy
2cb16e7be0
chg: [trustar_report] Updated to add "THREAT_ACTOR"
...
Fixing #273
2021-01-05 09:30:28 +01:00
Alexandre Dulaunoy
d6d515d3d8
chg: [yara] disable correlations on some fields
2020-12-30 14:46:04 +01:00
Alexandre Dulaunoy
4d1c42e491
chg: [crypto-material] add a public field for public cryptographic materials
2020-12-30 14:21:37 +01:00
Alexandre Dulaunoy
3650498630
chg: [favicon] jq all the things
2020-12-27 16:21:09 +01:00
Alexandre Dulaunoy
179bd48bec
chg: [favicon] A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular web
...
site or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation.
2020-12-27 16:19:04 +01:00
Alexandre Dulaunoy
b71e7c3458
chg: [twitter-post] jq
2020-12-20 10:52:40 +01:00
Alexandre Dulaunoy
8eae725e49
fix: [twitter-post] underscore - minus are difficult to choose from ;-)
2020-12-20 10:41:39 +01:00
Alexandre Dulaunoy
ed1ceebdf4
chg: [jq] all the things
2020-12-20 10:37:14 +01:00
Alexandre Dulaunoy
85e37b360e
Merge pull request #302 from ater49/main
...
Adding fields in twitter-post and paste
2020-12-20 10:34:11 +01:00
Alexandre Dulaunoy
413a2618b6
Merge pull request #303 from seamustuohy/pymisp-pr/631
...
Updated for support for msg format.
2020-12-20 10:30:04 +01:00
seamus tuohy
7e65e5dfaf
Updated for support for msg format.
...
Adding first class support for Emails in .msg format to the email definition.
This includes making the attribute support multiple bodies. Msg formats
nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html).
2020-12-19 17:03:26 -05:00
ater49
a410c7c7a6
Typo and version number correction + adding a field in twitter-post
...
Adding created-at field in twitter-post
2020-12-14 23:01:12 +01:00
ater49
a47ba8c5b8
Add media in twitter-post in order to store attached medias in a tweet
...
Add pastebin.fr in source of paste and paste_file for storing whole
paste file.
2020-12-14 22:25:58 +01:00
Alexandre Dulaunoy
f517d6691c
Merge branch 'main' of github.com:MISP/misp-objects into main
2020-12-10 19:13:07 +01:00
Alexandre Dulaunoy
499392ca0a
chg: [domain-ip] hostname added as an attribute
2020-12-10 19:12:33 +01:00
Beaujeant
a65aa06859
chg: can have mutliple text attributes
2020-11-25 16:17:54 +01:00
Alexandre Dulaunoy
9185d69d14
chg: [jq] all the [things]
2020-11-24 11:48:22 +01:00
Steve Clement
506116f0ac
chg: [json] sort
2020-11-24 14:58:19 +09:00
Steve Clement
dd6ebe5385
new: [sh] Added process state
2020-11-24 14:55:47 +09:00
Steve Clement
4997dc575c
Merge remote-tracking branch 'upstream/main' into process
2020-11-24 14:45:04 +09:00
chrisr3d
0a3e94839c
add: [passive-dns] Added a raw_rdata object relation
2020-11-13 20:09:46 +01:00
chrisr3d
903935c1fe
chg: Using the actual attribute type for cpe and weakness instead of text
2020-10-22 22:11:50 +02:00
Alexandre Dulaunoy
27a554ab12
chg: [cpe-asset] updated
2020-10-16 12:31:44 +02:00
Alexandre Dulaunoy
89f4f6dbc1
new: [cpe-asset] an asset as defined with a CPE value
...
This object was created to support the use-case of pisax.org for the
following use-case:
- They define well-known assets which are used by IXPs and GRXs via
their CPEs;
- The assets are defined in a set of fixed/master MISP events;
- Those events are used to query NVD/CVE database via cve-search
(https://github.com/cve-search/cve-search ) using a PyMISP script
- Then the CVEs matching the CPE are added in MISP and dispatched to the
sharing community of users as specific MISP events.
Ref: PISAX - pan-European Information Sharing and Analysis Center (ISAC) to IXPs and GRXs
Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf ((NIST Interagency Report 7695))
2020-10-16 09:21:40 +02:00
Alexandre Dulaunoy
141a8d2e2f
chg: [vulnerability] fixed
2020-10-15 22:49:29 +02:00
Alexandre Dulaunoy
25c888cecb
chg: [vulnerability] vulnerable_configuration are now cpe type
2020-10-15 22:40:50 +02:00
Alexandre Dulaunoy
5c935172ea
chg: [file] because sorted is always better
2020-10-13 22:47:10 +02:00
Alexandre Dulaunoy
0196285c0f
chg: [file] imphash and telfhash added
2020-10-13 22:46:24 +02:00
Alexandre Dulaunoy
8ee7728e84
chg: [gitlab-user] because -r is important
2020-10-07 09:20:54 +02:00
Alexandre Dulaunoy
b4d21455fd
new: [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template
2020-10-07 09:13:29 +02:00
Richard Hallick
f6f419cadc
Addition of Intel 471 vulnerability intelligence object
...
Intel 471 object to contain structured vulnerability related data.
2020-09-23 13:20:33 +01:00
Richard Hallick
f116494ac9
Addition of intel471-vulnerability-intelligence object
...
Intel 471 object to contain structured vulnerability related data.
2020-09-23 13:02:02 +01:00
Alexandre Dulaunoy
bd6aad0cd9
Merge branch 'main' of github.com:MISP/misp-objects into main
2020-09-17 08:19:03 +02:00
Alexandre Dulaunoy
4828fea3b7
chg: [github-user] reflect the API fields
2020-09-17 07:24:30 +02:00
Raphaël Vinot
e009365d61
chg: Sort json
2020-09-16 15:17:43 +02:00
Alexandre Dulaunoy
794f9e7c43
chg: [keybase] be consistent with keybase API
2020-09-16 14:49:08 +02:00
Alexandre Dulaunoy
9cc343781f
chg: [keybase-account] at least username is required
2020-09-16 14:45:37 +02:00
chrisr3d
054899d28b
fix: JSON Validation
2020-09-09 10:36:20 +02:00
chrisr3d
3fce227f39
Merge branch 'main' of github.com:MISP/misp-objects into main
2020-09-09 10:11:58 +02:00
chrisr3d
cadaa5d8c9
fix: Disabling correlation for all the bgp-ranking object attributes
2020-09-09 10:09:07 +02:00
Alexandre Dulaunoy
bb26860669
Merge branch 'main' of github.com:MISP/misp-objects into main
2020-09-09 08:12:55 +02:00
Alexandre Dulaunoy
ca7ed9b396
new: [github-user] a GitHub user object template
...
Based on the information seen on the web interface.
TODO: Check the GitHub API and review the information available.
2020-09-09 07:40:03 +02:00
Alexandre Dulaunoy
31586921b2
chg: [twitter-account] incorrect description fixed
2020-09-09 07:24:03 +02:00
chrisr3d
2671039cec
fix: JSON validation
2020-09-08 12:11:50 +02:00
chrisr3d
77fc1e0d97
Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch
2020-09-08 11:53:41 +02:00
chrisr3d
33cf33dc24
add: Added an IP address family attribute to describe the address family concerned by the BGP ranking
2020-09-08 11:52:39 +02:00
Raphaël Vinot
6c98bf536f
fix: Incorrect relationships in requiredoneof field
2020-09-08 11:17:57 +02:00
chrisr3d
0ba4909549
add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time
...
- We can then associate as many bgp-ranking
objects as we need to the corresponding ASN
object, each one of them being the ranking of
the ASN for a given day
2020-09-07 23:56:10 +02:00
chrisr3d
e2f062e477
fix: Validation issue fixed
2020-09-03 14:21:06 +02:00
chrisr3d
e743d7d013
fix: Normalised object relations of the ilr objects
...
- Using dash as separator instead of space
2020-09-03 14:14:01 +02:00
chrisr3d
2c64f6e04a
fix: Normalised object relations of the vehicle object
...
- Using dash as separator instead of space
2020-09-03 14:12:59 +02:00
chrisr3d
3a7eb020e6
fix: Normalised object relations of the phishing objects
...
- Using dash as separator instead of space
2020-09-03 14:12:05 +02:00
chrisr3d
73ced3e75c
fix: Normalised object relations of the ip-api-address object
...
- Using dash as separator instead of space
2020-09-03 14:10:02 +02:00
chrisr3d
7865f4110d
chg: Making source port attribute multiple in the ip-port object
2020-09-03 14:08:36 +02:00
Alexandre Dulaunoy
7fe39ca8f6
chg: [keybase] newline issue
2020-09-03 12:23:13 +02:00
Alexandre Dulaunoy
3d530764b5
chg: [keybase-account] meta category updated
2020-09-03 12:19:36 +02:00
Alexandre Dulaunoy
bc59103f84
chg: [jq] all the things
2020-09-03 12:11:20 +02:00
Alexandre Dulaunoy
46b6f79cfd
chg: [keybase] description updated
2020-09-03 12:08:13 +02:00
Alexandre Dulaunoy
ae3158e3fa
chg: [keybase] updated
2020-09-03 12:02:37 +02:00
Alexandre Dulaunoy
1d870bf238
chg: [restore] file
2020-09-03 12:01:26 +02:00
Pauline Bourmeau
2e5d994deb
Revert "added description field in attributes"
...
This reverts commit 3224f78d4f
.
2020-09-03 11:55:31 +02:00
Pauline Bourmeau
496f4bd030
jq-ed file
2020-09-03 11:05:21 +02:00
Pauline Bourmeau
3224f78d4f
added description field in attributes
2020-09-03 11:00:38 +02:00
Pauline Bourmeau
a3fd21d39d
fixed comments
2020-09-03 10:02:30 +02:00
Pauline Bourmeau
5e7152714b
first addition of keybase object
2020-09-03 09:41:12 +02:00
Alexandre Dulaunoy
d35cd2d47f
chg: [jq] all the things
2020-08-28 16:45:47 +02:00
Pauline Bourmeau
da3c168506
Update definition.json
2020-08-28 16:41:01 +02:00
Alexandre Dulaunoy
939a950d87
chg: [jq] all the things
2020-08-28 16:33:05 +02:00
Pauline Bourmeau
50288b806c
Update definition.json
2020-08-28 16:27:41 +02:00
Pauline Bourmeau
d76f21d8b5
Update definition.json
2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy
a168037d93
chg: [jq] all the things
2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy
894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main
2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy
c487e73b86
chg: [jq] all the things
2020-08-28 16:08:39 +02:00
Pauline Bourmeau
794063dfe9
Update definition.json
2020-08-28 16:05:33 +02:00
Pauline Bourmeau
9fd1f78b5a
Update definition.json
2020-08-28 16:05:05 +02:00
Pauline Bourmeau
b698ccb724
Update definition.json
2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy
6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type
...
The vulnerability type is an official CVE number.
We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.
This commit fixes #234
2020-08-28 11:23:10 +02:00
rmkml
cd49fe8d97
add SHA3 Hash on definition.json
2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy
842d128ef3
chg: [misp-objects] newline newline newline is the evil
2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy
dc70db0204
chg: [pe] multiple is true not 1 ;-)
2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy
0c863f194f
chg: [pe] richpe
2020-08-20 10:39:49 +02:00
Andras Iklody
4a671ca739
chg: [RichPE] added
2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy
bfec61d8b0
chg: [file] jq
2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy
7fdfbd4110
UUID must be the same
2020-08-18 07:44:12 +02:00
rmkml
5bdc6c6592
add vhash (VirusTotal Hash) on definition.json
2020-08-17 17:35:58 +02:00
Emil Henry Flakk
097ea8c76c
Add more rrtypes to dns-record
2020-08-15 14:57:53 +02:00
VVX7
7bbcf0ed78
chg: [dev] add Parler app objects
2020-07-05 22:03:16 -04:00
Marc Hörsken
58fb163312
chg: [cortex-taxonomy] sort attributes
...
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:
`namespace:predicate="value"` with `level` as a meta information.
2020-07-02 13:29:32 +02:00
Raphaël Vinot
b7c2562a4f
new: android-app object template
2020-06-21 21:45:46 +02:00
Jean-Louis Huynen
c1b7b93526
add: [d4] authentication failure report object
2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy
bffde5446e
Merge pull request #261 from VVX7/master
...
chg: [dev] disable correlation on some attributes.
2020-06-12 09:00:07 +02:00
VVX7
bbd5a2a94d
chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image.
2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy
968a7a8212
Merge pull request #260 from VVX7/master
...
chg: [dev] make Reddit attributes reflect Reddit API.
2020-06-08 17:22:27 +02:00
VVX7
7577cbe59a
chg: [dev] make Reddit attributes (mostly) reflect Reddit API.
2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy
75b71d6f3b
Merge pull request #258 from VVX7/master
...
chg: [dev] add object properties from #254
2020-06-02 19:00:35 +02:00
VVX7
53d2a18811
chg: [dev] run validate_all/jq
2020-06-02 11:11:43 -04:00
VVX7
56bd29d829
chg: [dev] make twitter object attributes more consistent with twitter api
2020-06-02 11:08:30 -04:00
Jesse Hedden
42d3dda12f
fixed order
2020-06-01 16:36:58 -07:00
Jesse Hedden
8256c0ada9
extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored
2020-06-01 16:02:03 -07:00
VVX7
200ac19bad
chg: [dev] add object properties from #257
2020-05-31 09:52:49 -04:00
VVX7
b9e235a4f4
chg: [dev] fix attribute type
2020-05-30 18:36:09 -04:00
VVX7
cf5687b50d
new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image.
2020-05-29 21:10:02 -04:00
VVX7
ed7a730a79
new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit
2020-05-29 16:34:00 -04:00
VVX7
c6da4c9e66
chg: [dev] add user avatar
2020-05-28 16:40:21 -04:00
VVX7
69467c133f
new: [dev] add facebook-account
2020-05-28 16:32:20 -04:00
VVX7
5aeac12979
chg: [dev] change post-id attribute type to text
2020-05-28 15:48:18 -04:00
VVX7
ede33742aa
chg: [dev] run rq
2020-05-28 15:32:43 -04:00
VVX7
ae95dd1834
new: [dev] add facebook-post object.
2020-05-28 15:31:50 -04:00
VVX7
5a9a0fe5ce
new: [dev] add facebook-page object.
2020-05-28 15:29:01 -04:00
VVX7
66f96da3d9
new: [dev] add facebook-group object.
2020-05-28 15:25:04 -04:00
VVX7
2164d80337
chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions.
2020-05-28 15:19:27 -04:00
Raphaël Vinot
093850f6c3
new: Preliminary version of git-vuln-finder object template
2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy
9e73449ec7
chg: [sms] format fixed
2020-05-14 18:17:09 +02:00
Carlos Borges
546cd88918
Updating template version
2020-05-13 20:44:09 -03:00
Carlos Borges
02ea8d2afc
updating a missing comma
2020-05-13 20:43:37 -03:00
Carlos Borges
e5ed919e26
Adding phone company of the sending SMS number
...
While sharing some data using this object, we saw the need to add the phone company of the number sending the sms.
With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies.
Using web services like Truecaller, it's possible to enrich an analysis with this data.
2020-05-13 20:42:55 -03:00
Raphaël Vinot
26a9d6b51f
new: Objects and relations for FollowTheMoney
2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy
366a8bb121
chg: [boleto] JSON fixed
2020-05-04 13:19:59 +02:00
Carlos Borges
68fe7eed05
New object - Boleto
...
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code.
This object will help institutions identify frauds sources and improve orgs protection.
2020-05-03 00:02:40 -03:00
VVX7
bb600ce627
chg: [publication] modify requiredOneOf, contributor type to text attribute
2020-04-28 18:58:59 -04:00
VVX7
738f32e27b
new: [publication] jq'd the object
2020-04-28 15:46:13 -04:00
VVX7
84633dbd32
new: [publication] add object to describe academic journals, books, etc.
2020-04-28 11:57:28 -04:00
Raphaël Vinot
d9f1db590a
chg: Sort all the entries in the templates by default
2020-04-26 02:13:18 +02:00
Raphaël Vinot
73d710cfbc
fix: Align directory names with object name
2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy
3b5451c325
chg: [legal-entity] website and logo added for legal entity
...
Thanks to Emmanuel MANCIET for the proposal
2020-04-24 18:24:25 +02:00
VVX7
28b4b615ed
chg: [object] add new microblog attributes, change some of the descriptions to make them clearer
2020-04-17 00:11:48 -04:00
VVX7
d50a9eeb13
new: [object] add scheduled-event, add social-media-group
2020-04-15 22:57:12 -04:00
VVX7
fae74bf73c
Merge branch 'master' of https://github.com/misp/misp-objects
2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy
ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name
2020-04-15 09:39:32 +02:00
VVX7
efa53e812d
chg: [object] update narrative required object fields
2020-04-10 01:39:05 -04:00
VVX7
1527dedb26
chg: [object] update narrative object fields
2020-04-08 09:45:49 -04:00
Christophe Vandeplas
87e3824d99
Merge pull request #244 from Golbark/x509_enhancements
...
chg: [x509] using built-in types wherever possible
2020-04-08 10:51:01 +02:00
Golbark
238c44041a
chg: [x509] using built-in types wherever possible
2020-04-08 01:42:12 -07:00
VVX7
a7e9fd9697
chg: [object] disable correlation on some fields. add external references.
2020-03-28 19:23:28 -04:00
VVX7
2b3e89b614
chg: [object] add narrative description/summary
2020-03-28 19:17:25 -04:00
VVX7
0518dd1aa3
chg: [object] add narrative description/summary
2020-03-28 19:16:33 -04:00
VVX7
1198f8fe68
chg: [object] change narrative version
2020-03-27 15:46:31 -04:00
VVX7
e387009bdd
new: [object] add narrative.
2020-03-27 15:10:22 -04:00
Raphaël Vinot
b436f9f28b
Merge branch 'master' of github.com:MISP/misp-objects
2020-03-24 13:24:40 +01:00
Raphaël Vinot
9eedb854de
chg: Bump CSSE COVID-19 Daily report to new version
2020-03-24 13:24:31 +01:00
chrisr3d
fdfe7d2e4c
add: External references attribute for attack-pattern object
2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy
7ef9a2ba56
Merge pull request #240 from cudeso/master
...
Objects for data coming from the Cytomic Orion API
2020-03-10 09:40:50 +01:00
Koen Van Impe
2c58470654
JQ-all-the-things
2020-03-09 23:29:29 +01:00
Koen Van Impe
ecac7ea52a
Update object definition with first-|last- seen
2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy
a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project)
2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy
65a51a586f
chg: [http-request] fixed
2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy
401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request
...
Adding optional ip-src to http-request
2020-03-09 16:25:14 +01:00
Koen Van Impe
bffae90c3d
Remove -x from JSON files
2020-03-07 09:28:43 +01:00
Koen Van Impe
bbac01aa1b
Fix with jq_all_the_things
2020-03-07 09:24:51 +01:00
Koen Van Impe
8bb88fceaf
Objects for data coming from the Cytomic Orion API
2020-03-07 09:03:01 +01:00
frpet
5fdec81530
Update definition.json
...
bump version
2020-03-06 14:08:20 +01:00
cbboggs
fa6fe463a9
Adding optional ip-src to http-request
...
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src. This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
2020-03-05 12:24:14 -06:00
frpet
2c6c44ccf8
Use more explicit misp-attribute types
...
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy
3d57ee4fd2
chg: [network-socket] add filename to object template
...
Reported-by: Belgian Defence - Tancred
2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy
1e5bb552f8
chg: [microblog] add Twitter-id reference
2020-03-04 14:08:10 +01:00
Raphaël Vinot
b29a360c02
new: Add covid19 dxy live object
2020-03-02 00:12:24 +01:00
Raphaël Vinot
89db1fc34e
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-29 01:17:04 +01:00
Raphaël Vinot
eabd0c1e55
new: CSSE COVID-19 Dataset - Daily report
...
Source:
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
2020-02-29 01:16:28 +01:00
Raphaël Vinot
416820edc0
new: [crypto-material] add generic-symmetric-key
2020-02-27 15:41:45 +01:00