MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,261 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

1261 Commits (4b88a52cf4ac34b1ee23eaefe95aa9389a130b73)

Author SHA1 Message Date
Alexandre Dulaunoy 4b88a52cf4
chg: [passive-dns] fix 2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy f9f0e94781
Merge branch 'aaronkaplan-patch-1' into main 2021-04-27 18:24:33 +02:00
Alexandre Dulaunoy ab84bd837f
fix: [passive-dns] fix the JSON and the version 2021-04-27 18:13:05 +02:00
AaronK df8604a8ca
Update definition.json 
Added time_first_ms, time_last_ms. Clarified a few things in the descriptions.
 2021-04-27 15:37:51 +02:00
Alexandre Dulaunoy e72cf95275
chg: [doc] list of objects updated 2021-04-27 06:04:06 +02:00
Alexandre Dulaunoy 34a8807b15
new: [doc] gitchangelog.rc added 2021-04-27 06:01:57 +02:00
Alexandre Dulaunoy 7c21a969d1
fix: [stix2-pattern] disable correlation on version 
Thanks to the new feature in MISP 2.4.142 to find top correlations ;-)
 2021-04-27 05:57:52 +02:00
Alexandre Dulaunoy 5e6f887fa1
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-04-14 09:20:52 +02:00
Alexandre Dulaunoy 6f002cd4c6
chg: [report] add a report type 2021-04-14 09:20:25 +02:00
Raphaël Vinot 067ae49498 fix: Typo 2021-03-05 18:23:11 +01:00
Raphaël Vinot 52fe647e33 Merge branch 'phmazzoni-patch-3' into main 2021-03-05 18:16:57 +01:00
Raphaël Vinot 321a952a66 chg: make jq validation happy 2021-03-05 18:16:46 +01:00
phmazzoni 16a3bed253
Create definition.json 2021-03-05 14:05:39 -03:00
phmazzoni a16d689085
Delete objects/panorama directory 2021-03-05 14:03:37 -03:00
Raphaël Vinot 3fb441b8a0 chg: Make jq validation happy 2021-03-05 15:57:41 +01:00
Raphaël Vinot 04331becf0 chg: Add PR to GH actions 2021-03-05 15:56:43 +01:00
Raphaël Vinot f724130616
Merge pull request #308 from phmazzoni/main 
Create Palo Alto Threat Log Object Template.
 2021-03-05 15:50:33 +01:00
phmazzoni b3096262f5
Create definition.json 
Create Palo Alto Threat Log Object Template.
 2021-03-05 11:30:00 -03:00
Alexandre Dulaunoy e1f01f674f
chg: [person] full-name attribute type added + expanding object person with full-name 2021-03-03 07:41:16 +01:00
Alexandre Dulaunoy e764ed6983
chg: [schema] dkim and dkim signature added 2021-02-25 07:37:36 +01:00
Alexandre Dulaunoy 4c62d6091a
fix: [dkim] clean-up 2021-02-25 07:25:09 +01:00
Alexandre Dulaunoy df6784859e
new: [dkim] DomainKeys Identified Mail - DKIM object template 2021-02-25 07:24:19 +01:00
Alexandre Dulaunoy 703b53fc3b
chg: [network-element] jq 2021-02-24 06:48:10 +01:00
Alexandre Dulaunoy 1fe9649205
chg: [network-profile] AS updated 2021-02-24 06:47:04 +01:00
Alexandre Dulaunoy d87ce65cb9
chg: [network-profile] add jarm-fingerprint 2021-02-24 06:38:49 +01:00
Alexandre Dulaunoy 41375621f7
Merge pull request #307 from hackunagi/main 
Creation of Network Profile MISP Object
 2021-02-24 06:37:22 +01:00
Carlos Borges 85dc07a1f4
Creation of Network Profile MISP Object 
The idea behind this object is to provide a unique form to identify network artifacts.
It's a mix of different including whois, URL and domain.

The need for a consolidated object comes to group correlated elements.

Beyond that, I'm introducing the idea to use the correlation feature in more generic ways.
Example:

The value of "threat-actor-infrastructure-value" is the unique value observed on a network resource that identify it. A practical and tested example is this resources from Kaspesky.

https://securelist.com/the-tetrade-brazilian-banking-malware/97779/

On this article they mention a trojan family called Javali. They recover the C2 server abusing Google Docs services. The mentioned field "threat-actor-infrastructure-value" would register the values available on this image. This item should be hard to correlate with other similar items, as this can change frequently.

A way to change it is also to register a more general pattern of the data with the "threat-actor-infrastructure-pattern". I.E

inicio{
"host":"<variable>",
"porta":"<variable>"
}fim

With other investigations and registry of it on MISP, is possible to correlate this data, facilitate identification of patterns used for tracking purposes and facilitate analysis.
 2021-02-23 20:39:22 -03:00
Alexandre Dulaunoy 67d364a97b
chg: [relationships] jq all the things 2021-02-22 18:23:08 +01:00
Alexandre Dulaunoy 0db27fedd0
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-02-22 18:22:37 +01:00
Alexandre Dulaunoy e902af130c
chg: [report] make link or summary as non-required field 2021-02-22 18:21:45 +01:00
Alexandre Dulaunoy e48e797901
Merge pull request #306 from theobarrague/main 
Ajout des relations opposées dans relationships/definition.json
 2021-02-22 13:27:06 +01:00
Théo BARRAGUÉ 1bf9f93b83
Merge branch 'main' into main 2021-02-22 11:46:56 +01:00
Théo BARRAGUÉ 159be29a66
add: check if opposite key is valid in relationships 2021-02-22 11:28:24 +01:00
Théo BARRAGUÉ df7cf6bffb
chg: update json schema for relationships to include opposite key 2021-02-22 11:21:11 +01:00
Théo BARRAGUÉ ebfcf6a169
add: tool to validate if declared opposites exist 2021-02-22 11:19:31 +01:00
Théo BARRAGUÉ c2149bee81
fix: commas were sometimes doubled 2021-02-22 11:05:56 +01:00
Alexandre Dulaunoy 4e011f2478
chg: [regexp] fixed 2021-02-19 21:56:35 +01:00
Alexandre Dulaunoy 016f9e58af
chg: [regexp] added Farsight Compatible Regular Expressions (FCRE) added 
Ref: https://docs.dnsdb.info/dnsdb-fcre-reference-guide/#farsight-compatible-regular-expressions-fcre
 2021-02-19 18:03:23 +01:00
Alexandre Dulaunoy 36994fda1e
fix: [splunk] fixed 2021-02-15 15:10:20 +01:00
Alexandre Dulaunoy cb73cfaf49
chg: [splunk] object updated 2021-02-15 14:43:44 +01:00
Alexandre Dulaunoy b425b17a37
Merge pull request #305 from marcnil815/patch-1 
Update definition.json
 2021-02-15 14:23:02 +01:00
marcnil815 f3830e044a
Update definition.json 
Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches.
 2021-02-15 14:13:17 +01:00
Alexandre Dulaunoy 84df20e51f
new: [windows-service] windows-service object added 2021-02-13 17:01:44 +01:00
Alexandre Dulaunoy 2b1c3532dc
chg: [report] add a link field to the report object template 2021-02-04 11:03:01 +01:00
Raphaël Vinot 3d3d40e6c0 fix: keys order in VT object 2021-02-02 15:31:00 +01:00
Raphaël Vinot 625684684a chg: Disable correlation in VT objects 2021-02-02 15:25:13 +01:00
Alexandre Dulaunoy 4b9f12c644
chg: [relationships] updated 2021-02-02 12:29:31 +01:00
Alexandre Dulaunoy 0756f2d43f
chg: [relationships] writes added 2021-02-02 12:26:08 +01:00
Alexandre Dulaunoy 160c39d91e
chg: [url] jq all the things 2021-02-02 11:57:41 +01:00
Raphaël Vinot 82c217781f chg: allow multiple IPs in URL object 2021-02-02 11:39:37 +01:00