chrisr3d
77fc1e0d97
Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch
2020-09-08 11:53:41 +02:00
chrisr3d
33cf33dc24
add: Added an IP address family attribute to describe the address family concerned by the BGP ranking
2020-09-08 11:52:39 +02:00
Raphaël Vinot
6c98bf536f
fix: Incorrect relationships in requiredoneof field
2020-09-08 11:17:57 +02:00
chrisr3d
0ba4909549
add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time
...
- We can then associate as many bgp-ranking
objects as we need to the corresponding ASN
object, each one of them being the ranking of
the ASN for a given day
2020-09-07 23:56:10 +02:00
chrisr3d
e2f062e477
fix: Validation issue fixed
2020-09-03 14:21:06 +02:00
chrisr3d
e743d7d013
fix: Normalised object relations of the ilr objects
...
- Using dash as separator instead of space
2020-09-03 14:14:01 +02:00
chrisr3d
2c64f6e04a
fix: Normalised object relations of the vehicle object
...
- Using dash as separator instead of space
2020-09-03 14:12:59 +02:00
chrisr3d
3a7eb020e6
fix: Normalised object relations of the phishing objects
...
- Using dash as separator instead of space
2020-09-03 14:12:05 +02:00
chrisr3d
73ced3e75c
fix: Normalised object relations of the ip-api-address object
...
- Using dash as separator instead of space
2020-09-03 14:10:02 +02:00
chrisr3d
7865f4110d
chg: Making source port attribute multiple in the ip-port object
2020-09-03 14:08:36 +02:00
Alexandre Dulaunoy
7fe39ca8f6
chg: [keybase] newline issue
2020-09-03 12:23:13 +02:00
Alexandre Dulaunoy
3d530764b5
chg: [keybase-account] meta category updated
2020-09-03 12:19:36 +02:00
Alexandre Dulaunoy
bc59103f84
chg: [jq] all the things
2020-09-03 12:11:20 +02:00
Alexandre Dulaunoy
46b6f79cfd
chg: [keybase] description updated
2020-09-03 12:08:13 +02:00
Alexandre Dulaunoy
ae3158e3fa
chg: [keybase] updated
2020-09-03 12:02:37 +02:00
Alexandre Dulaunoy
1d870bf238
chg: [restore] file
2020-09-03 12:01:26 +02:00
Pauline Bourmeau
2e5d994deb
Revert "added description field in attributes"
...
This reverts commit 3224f78d4f
.
2020-09-03 11:55:31 +02:00
Pauline Bourmeau
496f4bd030
jq-ed file
2020-09-03 11:05:21 +02:00
Pauline Bourmeau
3224f78d4f
added description field in attributes
2020-09-03 11:00:38 +02:00
Pauline Bourmeau
a3fd21d39d
fixed comments
2020-09-03 10:02:30 +02:00
Pauline Bourmeau
5e7152714b
first addition of keybase object
2020-09-03 09:41:12 +02:00
Alexandre Dulaunoy
d35cd2d47f
chg: [jq] all the things
2020-08-28 16:45:47 +02:00
Pauline Bourmeau
da3c168506
Update definition.json
2020-08-28 16:41:01 +02:00
Alexandre Dulaunoy
939a950d87
chg: [jq] all the things
2020-08-28 16:33:05 +02:00
Pauline Bourmeau
50288b806c
Update definition.json
2020-08-28 16:27:41 +02:00
Pauline Bourmeau
d76f21d8b5
Update definition.json
2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy
a168037d93
chg: [jq] all the things
2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy
894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main
2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy
c487e73b86
chg: [jq] all the things
2020-08-28 16:08:39 +02:00
Pauline Bourmeau
794063dfe9
Update definition.json
2020-08-28 16:05:33 +02:00
Pauline Bourmeau
9fd1f78b5a
Update definition.json
2020-08-28 16:05:05 +02:00
Pauline Bourmeau
b698ccb724
Update definition.json
2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy
6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type
...
The vulnerability type is an official CVE number.
We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.
This commit fixes #234
2020-08-28 11:23:10 +02:00
rmkml
cd49fe8d97
add SHA3 Hash on definition.json
2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy
842d128ef3
chg: [misp-objects] newline newline newline is the evil
2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy
dc70db0204
chg: [pe] multiple is true not 1 ;-)
2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy
0c863f194f
chg: [pe] richpe
2020-08-20 10:39:49 +02:00
Andras Iklody
4a671ca739
chg: [RichPE] added
2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy
bfec61d8b0
chg: [file] jq
2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy
7fdfbd4110
UUID must be the same
2020-08-18 07:44:12 +02:00
rmkml
5bdc6c6592
add vhash (VirusTotal Hash) on definition.json
2020-08-17 17:35:58 +02:00
Emil Henry Flakk
097ea8c76c
Add more rrtypes to dns-record
2020-08-15 14:57:53 +02:00
VVX7
7bbcf0ed78
chg: [dev] add Parler app objects
2020-07-05 22:03:16 -04:00
Marc Hörsken
58fb163312
chg: [cortex-taxonomy] sort attributes
...
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:
`namespace:predicate="value"` with `level` as a meta information.
2020-07-02 13:29:32 +02:00
Raphaël Vinot
b7c2562a4f
new: android-app object template
2020-06-21 21:45:46 +02:00
Jean-Louis Huynen
c1b7b93526
add: [d4] authentication failure report object
2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy
bffde5446e
Merge pull request #261 from VVX7/master
...
chg: [dev] disable correlation on some attributes.
2020-06-12 09:00:07 +02:00
VVX7
bbd5a2a94d
chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image.
2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy
968a7a8212
Merge pull request #260 from VVX7/master
...
chg: [dev] make Reddit attributes reflect Reddit API.
2020-06-08 17:22:27 +02:00
VVX7
7577cbe59a
chg: [dev] make Reddit attributes (mostly) reflect Reddit API.
2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy
75b71d6f3b
Merge pull request #258 from VVX7/master
...
chg: [dev] add object properties from #254
2020-06-02 19:00:35 +02:00
VVX7
53d2a18811
chg: [dev] run validate_all/jq
2020-06-02 11:11:43 -04:00
VVX7
56bd29d829
chg: [dev] make twitter object attributes more consistent with twitter api
2020-06-02 11:08:30 -04:00
Jesse Hedden
42d3dda12f
fixed order
2020-06-01 16:36:58 -07:00
Jesse Hedden
8256c0ada9
extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored
2020-06-01 16:02:03 -07:00
VVX7
200ac19bad
chg: [dev] add object properties from #257
2020-05-31 09:52:49 -04:00
VVX7
b9e235a4f4
chg: [dev] fix attribute type
2020-05-30 18:36:09 -04:00
VVX7
cf5687b50d
new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image.
2020-05-29 21:10:02 -04:00
VVX7
ed7a730a79
new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit
2020-05-29 16:34:00 -04:00
VVX7
c6da4c9e66
chg: [dev] add user avatar
2020-05-28 16:40:21 -04:00
VVX7
69467c133f
new: [dev] add facebook-account
2020-05-28 16:32:20 -04:00
VVX7
5aeac12979
chg: [dev] change post-id attribute type to text
2020-05-28 15:48:18 -04:00
VVX7
ede33742aa
chg: [dev] run rq
2020-05-28 15:32:43 -04:00
VVX7
ae95dd1834
new: [dev] add facebook-post object.
2020-05-28 15:31:50 -04:00
VVX7
5a9a0fe5ce
new: [dev] add facebook-page object.
2020-05-28 15:29:01 -04:00
VVX7
66f96da3d9
new: [dev] add facebook-group object.
2020-05-28 15:25:04 -04:00
VVX7
2164d80337
chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions.
2020-05-28 15:19:27 -04:00
Raphaël Vinot
093850f6c3
new: Preliminary version of git-vuln-finder object template
2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy
9e73449ec7
chg: [sms] format fixed
2020-05-14 18:17:09 +02:00
Carlos Borges
546cd88918
Updating template version
2020-05-13 20:44:09 -03:00
Carlos Borges
02ea8d2afc
updating a missing comma
2020-05-13 20:43:37 -03:00
Carlos Borges
e5ed919e26
Adding phone company of the sending SMS number
...
While sharing some data using this object, we saw the need to add the phone company of the number sending the sms.
With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies.
Using web services like Truecaller, it's possible to enrich an analysis with this data.
2020-05-13 20:42:55 -03:00
Raphaël Vinot
26a9d6b51f
new: Objects and relations for FollowTheMoney
2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy
366a8bb121
chg: [boleto] JSON fixed
2020-05-04 13:19:59 +02:00
Carlos Borges
68fe7eed05
New object - Boleto
...
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code.
This object will help institutions identify frauds sources and improve orgs protection.
2020-05-03 00:02:40 -03:00
VVX7
bb600ce627
chg: [publication] modify requiredOneOf, contributor type to text attribute
2020-04-28 18:58:59 -04:00
VVX7
738f32e27b
new: [publication] jq'd the object
2020-04-28 15:46:13 -04:00
VVX7
84633dbd32
new: [publication] add object to describe academic journals, books, etc.
2020-04-28 11:57:28 -04:00
Raphaël Vinot
d9f1db590a
chg: Sort all the entries in the templates by default
2020-04-26 02:13:18 +02:00
Raphaël Vinot
73d710cfbc
fix: Align directory names with object name
2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy
3b5451c325
chg: [legal-entity] website and logo added for legal entity
...
Thanks to Emmanuel MANCIET for the proposal
2020-04-24 18:24:25 +02:00
VVX7
28b4b615ed
chg: [object] add new microblog attributes, change some of the descriptions to make them clearer
2020-04-17 00:11:48 -04:00
VVX7
d50a9eeb13
new: [object] add scheduled-event, add social-media-group
2020-04-15 22:57:12 -04:00
VVX7
fae74bf73c
Merge branch 'master' of https://github.com/misp/misp-objects
2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy
ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name
2020-04-15 09:39:32 +02:00
VVX7
efa53e812d
chg: [object] update narrative required object fields
2020-04-10 01:39:05 -04:00
VVX7
1527dedb26
chg: [object] update narrative object fields
2020-04-08 09:45:49 -04:00
Christophe Vandeplas
87e3824d99
Merge pull request #244 from Golbark/x509_enhancements
...
chg: [x509] using built-in types wherever possible
2020-04-08 10:51:01 +02:00
Golbark
238c44041a
chg: [x509] using built-in types wherever possible
2020-04-08 01:42:12 -07:00
VVX7
a7e9fd9697
chg: [object] disable correlation on some fields. add external references.
2020-03-28 19:23:28 -04:00
VVX7
2b3e89b614
chg: [object] add narrative description/summary
2020-03-28 19:17:25 -04:00
VVX7
0518dd1aa3
chg: [object] add narrative description/summary
2020-03-28 19:16:33 -04:00
VVX7
1198f8fe68
chg: [object] change narrative version
2020-03-27 15:46:31 -04:00
VVX7
e387009bdd
new: [object] add narrative.
2020-03-27 15:10:22 -04:00
Raphaël Vinot
b436f9f28b
Merge branch 'master' of github.com:MISP/misp-objects
2020-03-24 13:24:40 +01:00
Raphaël Vinot
9eedb854de
chg: Bump CSSE COVID-19 Daily report to new version
2020-03-24 13:24:31 +01:00
chrisr3d
fdfe7d2e4c
add: External references attribute for attack-pattern object
2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy
7ef9a2ba56
Merge pull request #240 from cudeso/master
...
Objects for data coming from the Cytomic Orion API
2020-03-10 09:40:50 +01:00
Koen Van Impe
2c58470654
JQ-all-the-things
2020-03-09 23:29:29 +01:00
Koen Van Impe
ecac7ea52a
Update object definition with first-|last- seen
2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy
a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project)
2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy
65a51a586f
chg: [http-request] fixed
2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy
401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request
...
Adding optional ip-src to http-request
2020-03-09 16:25:14 +01:00
Koen Van Impe
bffae90c3d
Remove -x from JSON files
2020-03-07 09:28:43 +01:00
Koen Van Impe
bbac01aa1b
Fix with jq_all_the_things
2020-03-07 09:24:51 +01:00
Koen Van Impe
8bb88fceaf
Objects for data coming from the Cytomic Orion API
2020-03-07 09:03:01 +01:00
frpet
5fdec81530
Update definition.json
...
bump version
2020-03-06 14:08:20 +01:00
cbboggs
fa6fe463a9
Adding optional ip-src to http-request
...
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src. This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
2020-03-05 12:24:14 -06:00
frpet
2c6c44ccf8
Use more explicit misp-attribute types
...
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy
3d57ee4fd2
chg: [network-socket] add filename to object template
...
Reported-by: Belgian Defence - Tancred
2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy
1e5bb552f8
chg: [microblog] add Twitter-id reference
2020-03-04 14:08:10 +01:00
Raphaël Vinot
b29a360c02
new: Add covid19 dxy live object
2020-03-02 00:12:24 +01:00
Raphaël Vinot
89db1fc34e
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-29 01:17:04 +01:00
Raphaël Vinot
eabd0c1e55
new: CSSE COVID-19 Dataset - Daily report
...
Source:
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
2020-02-29 01:16:28 +01:00
Raphaël Vinot
416820edc0
new: [crypto-material] add generic-symmetric-key
2020-02-27 15:41:45 +01:00
Raphaël Vinot
ef0c95bc9b
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-27 10:50:58 +01:00
Raphaël Vinot
6f5cd0d9d3
chg: [IntelMQ Event] replace non-ascii double quote by single quote
2020-02-27 10:50:47 +01:00
Raphaël Vinot
2f2315d4e2
fix: Typo in requiredOneOf
2020-02-26 14:52:06 +01:00
Raphaël Vinot
d9226e0f5a
fix: Typo in requiredOneOf
2020-02-26 14:49:59 +01:00
Alexandre Dulaunoy
d110657604
chg: [vulnerability] remove underscore from the object
2020-02-25 10:53:17 +01:00
Alexandre Dulaunoy
8de8d85979
chg: [iot-device] reference added
2020-02-17 23:12:09 +01:00
Alexandre Dulaunoy
6ed76f4948
add: [iot-firmware] new object template to describe IoT firmware
...
The relationship will be often between iot-device and iot-firmware.
Ref: https://github.com/C00kie-/workshop-materials
2020-02-17 15:07:49 +01:00
Alexandre Dulaunoy
8fa25f4f47
chg: [file] imphash removed as it should be at PE level
2020-02-17 14:29:30 +01:00
Alexandre Dulaunoy
36ae20bf02
chg: [pe] imphash and impfuzzy can be as key attribute
2020-02-17 14:27:05 +01:00
Alexandre Dulaunoy
1d2bfe97ce
Merge pull request #233 from Terrtia/master
...
chg: [domain-crawled] domain shouldn't be a multiple
2020-02-17 10:51:35 +01:00
Terrtia
566612302f
chg: [domain-crawled] domain shouldn't be a multiple
2020-02-17 10:00:21 +01:00
Alexandre Dulaunoy
83073d8c65
chg: [iot] add SPI, Serial and JTAG status
2020-02-17 08:55:47 +01:00
Alexandre Dulaunoy
cf30efabc6
chg: [iot] because reusing UUID is bad
2020-02-17 08:33:51 +01:00
Alexandre Dulaunoy
1d0065e852
new: [iot] a first version of the IoT object
...
Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials
The idea is to have this root object when a new IoT device is documented
and further objects will be connected such as firmware or even file object
2020-02-17 07:46:58 +01:00
Alexandre Dulaunoy
48bb38d67a
Merge pull request #232 from Terrtia/master
...
domain-crawled object
2020-02-16 21:04:16 +01:00
Terrtia
42df9d2e2f
chg: [crawled domain] rename object
2020-02-14 17:11:42 +01:00
Terrtia
5c46a3aad4
chg: add domain crawled object
2020-02-14 17:08:37 +01:00
Deborah Servili
fdc24a8df8
update version
2020-02-13 12:30:08 +01:00
Deborah Servili
6380007b10
allow several subjects or sender for email objects
2020-02-13 12:28:47 +01:00
ater49
2738648e81
Adding some parts from HAR format description ( http://www.softwareishard.com/blog/har-12-spec/ ) (More to come)
2020-02-10 14:59:35 +01:00
VVX7
1a40095f1a
new: [objects] add instant-message object. add instant-message-group object.
2020-02-09 11:39:36 -05:00
Alexandre Dulaunoy
3ba77c9d2c
chg: [sms] the SMS center is a phone number
2020-02-06 12:06:26 +01:00
Alexandre Dulaunoy
371788589c
chg: [rtir] disable correlation on incident state
2020-02-06 11:55:27 +01:00
Alexandre Dulaunoy
c32c7f4155
chg: [sms] missing Cellebrite fields added
2020-02-06 11:36:13 +01:00
Alexandre Dulaunoy
013c2c9c22
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-06 11:04:53 +01:00
Alexandre Dulaunoy
3f9aca8e27
chg: [email] ip-src added in the email object templated as requested by Norberto Chavez
...
Ref: https://twitter.com/NORBERTOCHAVEZ/status/1225213457429127170
2020-02-06 11:03:33 +01:00
Raphaël Vinot
0c3aa14165
fix: attachment object relation does not exists.
2020-02-06 10:57:44 +01:00
Alexandre Dulaunoy
78fe4325b7
chg: [vehicule] image + type of vehicle added
2020-02-05 15:15:23 +01:00
Alexandre Dulaunoy
ab6d7c3885
chg: [organization] typo fixed + description added
2020-02-05 15:06:37 +01:00
Alexandre Dulaunoy
ccc0f4dd1f
chg: [phone] add brand and model
2020-02-05 15:04:10 +01:00
Andras Iklody
195fc46a13
fix: added iban as an alternative to bank account for the requirements
...
- fixes https://github.com/MISP/MISP/issues/5358
2020-02-04 11:46:24 +01:00
Alexandre Dulaunoy
5897fa7c37
Merge pull request #227 from Terrtia/master
...
chg: [new object pgp-meta]
2020-02-03 18:47:37 +01:00
Terrtia
ae11730a82
fix: [new object pgp-meta] remove first seen/last seen + fix description
2020-02-03 16:45:28 +01:00
Terrtia
b036b52e36
chg: [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature
2020-02-03 16:03:34 +01:00
VVX7
bde68265e3
chg: [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media.
2020-02-02 20:08:44 -05:00