Christian Studer
1f3b9312cc
add: [organization] Added the generic `contact_information` and `sector` fields for an organization
2023-06-15 13:27:55 +02:00
Alexandre Dulaunoy
e26541e89e
Merge branch 'main' of github.com:MISP/misp-objects into main
2023-06-14 19:21:37 +02:00
Alexandre Dulaunoy
5d307f7c30
chg: [cookie] cookie can be also only a key or a value
...
This change is required for the AIL project export
2023-06-14 17:36:22 +02:00
Michael Trenker
241f4455ac
ran jq_all_the_things.sh
2023-06-14 11:54:46 +00:00
Michael Trewen
25e1790e74
jq
2023-06-13 19:15:23 +02:00
Michael Trewen
71cc235a5d
new:added Diamond Object
2023-06-13 10:47:28 +02:00
Christian Studer
ec8645f421
add: [crowdsec-ip-context] Added the `false-positives` attribute that comes alongside with the `classifications`
2023-05-26 14:17:10 +02:00
Christian Studer
35285505a1
add: [crowdsec-ip-context] Added the classifications multiple attribute
2023-05-24 16:29:06 +02:00
Alexandre Dulaunoy
61608e5d44
chg: [scan-result] updated list of potential scanning tool
...
Source: https://gist.github.com/SteveClement/baf3a9ae0ba030283ecc30acd6f7c2ae
2023-05-24 11:03:47 +02:00
Alexandre Dulaunoy
20f567757d
chg: [scan-result] jq all the things
2023-05-22 14:08:34 +02:00
Alexandre Dulaunoy
e33e893b44
new: [scan-result] object for scanning result
...
This is the metadata of a scanning result including the raw output of
the scan result.
This objects can be used for tools like Nessus or even source code
scanner to share the details about a scan.
For additional information such IP address or alike, other objects will
be used with the proper relationship added.
2023-05-22 14:04:48 +02:00
goodlandsecurity
4e5719f29a
adding cobalt strike beacon config object
2023-05-19 14:07:24 -05:00
Alexandre Dulaunoy
a605792844
chg: [crowdsec] jq all the things
2023-05-12 10:34:19 +02:00
Alexandre Dulaunoy
b0e5f39f26
Update definition.json
2023-05-12 10:31:33 +02:00
Alexandre Dulaunoy
65f4be51d5
chg: [crowdsec] updated
2023-05-12 08:52:19 +02:00
Alexandre Dulaunoy
3d736c427c
new: [crowdsec-ip-context] new initial object for crowdsec expansion
2023-05-11 16:52:24 +02:00
Alexandre Dulaunoy
fd12a1bcd7
fix: [ai-chat-prompt] improved ai-chat-prompt template
2023-04-16 10:50:30 +02:00
Alexandre Dulaunoy
302697e045
chg: [ai-chat-prompt] ui-priority fixed
2023-04-15 16:38:13 +02:00
Alexandre Dulaunoy
b81698ae10
new: [ai-chat-prompt] new object template for AI chat prompt such as ChatGPT
...
Following a discussion with @aaronkaplan in Vienna, this object is a
first version to describe an AI chat prompt. The template can describe
the model used, the actual quality of results and also what's the actor
context.
Reference #388
2023-04-15 16:31:22 +02:00
Alexandre Dulaunoy
e1327d02bb
new: [risk-assessment-report] New object template Risk assessment report
...
To be used to share risk assessment report from risk assessment platform
such as [MONARC](https://github.com/monarc-project/ ).
This extension is done in the scope of the [NISDUC project](https://www.nisduc.eu/ ).
TODO: Maybe add a field for machine-readable version of the report
2023-04-13 10:41:39 +02:00
Christian Studer
9e4afdfb7a
add: [network-socket] Added MAC address attributes
...
- Even though they are not exactly part of the
socket fields, it could be interesting to have
them to have the information about them like
they are described within the packets that are
sent using the socket
2023-03-31 11:30:33 +02:00
Alexandre Dulaunoy
b49c6824ba
chg: [greynoise-intelligence] JSON fixed
2023-03-10 15:34:32 +01:00
Brad Chiappetta
9b74873fe5
add greynoise-ip object
2023-03-10 09:16:49 -05:00
Christian Studer
1da4760dcc
fix: [network-connection, network-socket] Bytes count if also better with an S
2023-03-07 23:26:51 +01:00
Christian Studer
437808339e
fix: [network-connection, network-socket] Packets count is better with an S
2023-03-07 23:19:08 +01:00
Christian Studer
1cab455a56
fix: [network-socket] Typo
2023-03-07 16:54:30 +01:00
Christian Studer
d71cdf367d
add: [network-socket] Added bytes & packets count object relations for both the source and destination
2023-03-07 16:49:06 +01:00
Christian Studer
1651281d0b
add: [network-socket] Added the first & last packet seen object relation and made the protocol attribute multiple
2023-03-07 16:48:00 +01:00
Christian Studer
57beac3bc7
add: [network-connection] Added bytes & packets count object relations for both the source and destination
2023-03-07 16:45:51 +01:00
Christian Studer
0e9ae98b49
add: [network-connection] Added a `last-packet-seen` attribute
2023-03-06 12:02:24 +01:00
Christian Studer
9c51feb43b
add: [network-connection] Added MAC address attributes
2023-03-03 14:55:09 +01:00
Christian Studer
4b5faf196b
add: [registry-key-value] New template to describe registry key values
...
- The `registry-key` object template includes
already the `data`, `data-type` & `name` fields
of a registry key value, but there is a
limitation in the case of multiple registry key
values
- In order to describe multiple registry key
values, instead of adding a simple `multiple`
field to the related and above mentioned fields,
it is better to use the `registry-key-value`
template so we know which data, data type and
name values are related to a given registry key
value
- It is then possible to have a reference between
the registry key object and the related values
2023-03-01 20:50:30 +01:00
Raphaël Vinot
f579209884
fix: forgot to jq all the things.
2023-03-01 15:13:39 +01:00
Raphaël Vinot
38cfc975b5
fix: [ais] invalid ref name in requirements
2023-02-28 13:14:13 +01:00
Raphaël Vinot
ba80167846
chg: rename AIS -> ais to match the directory name.
2023-02-28 13:10:31 +01:00
Christian Studer
79bf12de68
add: [directory] New object template for directories
2023-02-27 10:56:31 +01:00
Christophe Vandeplas
0c7eb831d8
chg: [AIS] Addition of AIS maritime ship identification and tracking
2023-02-25 18:48:11 +08:00
Christian Studer
892b7ee70f
add: [file] Added creation, modification & access time attributes
2023-02-20 19:31:59 +01:00
Alexandre Dulaunoy
d60112ee66
new: [ransomware-group-post] First draft object for ransomlook.io
2023-02-17 10:33:59 +01:00
Alexandre Dulaunoy
13f173a3ce
fix: [victim] format fixed
2023-02-02 10:58:30 +01:00
Alexandre Dulaunoy
89010c466c
Merge pull request #383 from nyx0/main
...
[victim] add information and cultural industries sector
2023-02-02 10:57:08 +01:00
Alexandre Dulaunoy
cd27802aab
fix: [objects description] ref #384 - Grammar fixes included in the JSON files.
2023-02-02 10:51:32 +01:00
Thomas Dupuy
9b56d1f427
fix: [victim] replace tab with spaces
2023-02-01 16:56:32 +00:00
Thomas Dupuy
92ed5d48ad
new: [victim] add information and cultural industries sector
2023-02-01 16:48:01 +00:00
Thomas Dupuy
bd168c639a
chg: [victim] sort sectors
2023-02-01 16:40:24 +00:00
Alexandre Dulaunoy
fa39a64dc4
chg: [transport-ticket] update to add the type of ticket (e.g. boarding pass versus ticket)
2023-01-27 15:55:08 +01:00
Alexandre Dulaunoy
5a45977e23
fix: [transport-ticket] JSON orders
2023-01-27 15:33:22 +01:00
Alexandre Dulaunoy
81214acbbe
new: [transport-ticket] new object template to describe a transport ticket
...
Credits for the idea: Maxime Benoit
2023-01-27 15:30:32 +01:00
David Cruciani
350c9b07cf
chg: [typosquatting] jq_all_the_things
2023-01-16 08:45:20 +01:00
David Cruciani
7518752dff
add: [object] typosquatting-finder
2023-01-16 07:48:03 +01:00
Alexandre Dulaunoy
5cb7e98e20
fix: [victim] jq run
2023-01-06 15:08:28 +01:00
Thomas Dupuy
9e9540524d
new: Add legal sector.
2023-01-04 17:10:18 +00:00
Alexandre Dulaunoy
322cbaa21e
fix: [vehicle] jq all the things
2022-12-30 07:37:54 +01:00
Andras Iklody
3e8730cc1f
fix: [language] Turning french fries into freedom fries
2022-12-23 08:59:16 +01:00
Alexandre Dulaunoy
a3263d72d6
fix: [jq] all
2022-12-22 13:15:10 +01:00
Alexandre Dulaunoy
c52481cac1
fix: [thaicert-group-cards] name is singular has a single value which
...
can be multiple
2022-12-22 13:12:05 +01:00
Alexandre Dulaunoy
2b65dedb4d
fix: [objects] jq all the things
2022-12-22 13:10:03 +01:00
Alexandre Dulaunoy
83930e211f
chg: [groups->thaicert-group-cards] to make it more logical
2022-12-22 13:08:34 +01:00
Alexandre Dulaunoy
b9c512a71b
fix: [jq] JSON fixed
2022-12-15 14:39:52 +01:00
th3r3d
56c6b9148c
Create definition
...
Faked persnona template inspired by MITRE
2022-12-12 19:03:29 +01:00
th3r3d
5ff1dff7b0
Create definition in groups
...
Inspired by threat actor group cards
2022-12-12 19:02:23 +01:00
th3r3d
262e2bee90
Created definition for ADS
...
For ADS framework - create
2022-12-12 19:01:23 +01:00
Alexandre Dulaunoy
858e485263
fix: [mactim-timeline-analysis] invalid UUID fixed
2022-12-11 13:03:18 +01:00
Alexandre Dulaunoy
d491cde4b1
fix: [fail2ban] incorrect UUID fixed
2022-12-11 12:54:24 +01:00
Alexandre Dulaunoy
2787dc45d7
fix: [person] add a missing passport-creation date field.
2022-11-19 12:21:16 +01:00
Christian Studer
b877eb0815
add: [exploit] Added `description` and `title` attributes
2022-10-23 23:11:48 +02:00
Delta-Sierra
e7b9a8e7cf
add username field in telegram-bot object
2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy
82c699cc5f
new: [telegram-bot] new object to describe Telegram bots
2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy
06df368890
new: [intrusion-set] based on the STIX 2.1 definition
...
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00
Alexandre Dulaunoy
35df5bad01
new: [exploit] Exploit object template to describe code or program used
...
to exploit specific vulnerabilities. The objet can be linked to
`vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00
Alexandre Dulaunoy
3cf9307b24
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-09-09 07:26:37 +02:00
Alexandre Dulaunoy
fa26cdf15e
fix: [facebook-group] add an optional ID reference to the facebook id
2022-09-09 07:24:05 +02:00
Alexandre Dulaunoy
fc51889b42
new: [facebook-reaction] new object to link reaction with facebook posts or alike
2022-09-09 07:21:59 +02:00
Alexandre Dulaunoy
3abfb19982
Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2
...
spearphishing-objects-v2
2022-08-26 08:53:49 +02:00
goodlandsecurity
b258786935
jq_all_the_things
2022-08-25 16:03:59 -05:00
goodlandsecurity
26c2767228
allow multiple of certain types. bump version
2022-08-25 15:56:36 -05:00
Alexandre Dulaunoy
ec351176f9
chg: [security-playbook] JSON fixed
2022-08-25 10:17:48 +02:00
Vasileios Mavroeidis
2771e2681f
Update definition.json
...
Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)
2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy
9b9c838961
fix: [yara] add a reference link to the YARA object template
2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy
734d85337d
new: [sigma] a sigma attribute exists in MISP but the object was
...
missing to add some additional meta information.
2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy
50f61a03be
chg: [scheduled-task] disable_correlation + clarification
2022-07-08 15:03:27 +02:00
Delta-Sierra
73c2462448
Windows Scheduled Task Object - First draft
2022-07-07 15:17:34 +02:00
matthijsvp
8e024f4863
chg: Fixed typo in disable_correlation
2022-07-01 16:59:03 +02:00
matthijsvp
896fb72735
Merge from master
2022-07-01 16:47:23 +02:00
Matthijs van P
29d7467de9
Merge branch 'MISP:main' into main
2022-07-01 16:43:49 +02:00
matthijsvp
593d80abd1
initial commit
2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy
db5033f385
fix: [ftm-*] Fixing missing description - #363
2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy
85dd164dbb
fix: [ftm] missing description fix #363
2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy
9b0a9cd9eb
chg: [ftm-Call] fixed missing description
2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy
91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
...
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy
fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
...
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy
07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
...
MISP object template designed following requests and especially this twitter thread:
https://twitter.com/castello_johnny/status/1540610057263628289
I added a list of sane default based on the ones I have seen being used:
"sane_default": [
"event query language (eql)",
"keyword query language (kql)",
"Query DSL",
"Query (Elastic Search)",
"Sigma",
"Lucene query",
"Google search query",
"Ariel Query Language (qradar)",
"Grep",
"Devo LINQ"
],
Thanks to Gianni Castaldi and others for ideas.
The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy
8fd41924dd
chg: [stock] newline fixed
2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy
7ea63899df
chg: [stock] UUID fixed
2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy
421f5f9ccc
new: [stock] a first version of a stock market object to describe stock in MISP
2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy
8215066c96
chg: [report] add Zotero item types in addition to the default type
2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy
b56d3a980b
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy
cbfff75588
chg: [network-connection] add a counter following discussion with @chrisr3d
2022-06-17 10:05:09 +02:00
iglocska
b99a0e939d
chg: [domain-ip] added the multiple flag back to ports
...
- as discussed with @righel, if we allow multiple IPs we should also allow multiple ports
- we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses
2022-05-30 18:07:25 +02:00
Good Land Security
df5f9921df
Merge branch 'MISP:main' into spearphishing-objects
2022-05-20 20:20:10 -05:00
goodlandsecurity
2b19a8099e
formatting after jq_all_the_things
2022-05-20 14:24:40 -05:00
goodlandsecurity
1c3aff42c5
added date for tracking when e-mail was sent
2022-05-20 14:20:37 -05:00
goodlandsecurity
c62a113fec
add new objects for spearphishing-link and spearphishing-attachment intel
2022-05-20 11:49:15 -05:00
matthijsvp
f04caaa2c1
Added fields
2022-05-20 15:53:29 +02:00
matthijsvp
bffed035df
Merge branch 'main' of github.com:matthijsvp/misp-objects
2022-05-20 15:50:37 +02:00
matthijsvp
dac6d57e79
Added some field from feedback
2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy
ccd239bf64
chg: [security-playbook] jq all the things
2022-05-18 22:00:41 +02:00
Vasileios Mavroeidis
0c54a39d37
Update definition.json
...
The PR updates the security playbook object with improved semantics based on feedback we have received.
The updated template has "one-to-one" mapping with the available STIX 2.1 ad-hoc extension for the COA SDO available here: https://github.com/fovea-research/stix2.1-coa-playbook-extension
This research (updated version 3) was partially supported by the research projects CyberHunt (Grant No. 303585 - funded by the Research Council of Norway) and JCOP (Grant No. INEA/CEF/ICT/A2020/2373266 - funded by the European Health and Digital Executive Agency through the Connected Europe Facility program).
2022-05-18 13:56:59 +02:00
Alexandre Dulaunoy
7c7d1fbe98
chg: [paloalto-threat-event] Hungary access to the git repository has been sanctioned
2022-05-11 15:38:24 +02:00
Andras Iklody
a5184c6746
chg: [paloalto-threat-event] version bump
...
For instances that ingested it before the disable_correlation changes, they didn't take and ended up pushing a lot of correlating noise. This should resolve it for the future.
2022-05-11 13:16:36 +02:00
matthijsvp
b8456cf80b
Ran validation
2022-05-07 08:00:38 +02:00
Matthijs van P
9e378c705f
Merge branch 'MISP:main' into main
2022-05-07 07:56:36 +02:00
Matthijs van P
109f78336b
Changed version to int.
2022-05-07 06:47:40 +02:00
Christian Studer
f762d5b2a4
add: [passive-ssh] Added `port` attribute
2022-05-06 17:01:13 +02:00
matthijsvp
3f90f65508
Fixed spelling mistakes
2022-05-06 14:09:50 +02:00
matthijsvp
bb686f24d4
Removed required field
2022-05-06 13:50:34 +02:00
matthijsvp
d04d453f47
Added sane defaults to all booleans
2022-05-06 13:48:12 +02:00
matthijsvp
dcf34a680f
bumped version number, fixed stray typo
2022-05-06 13:38:11 +02:00
matthijsvp
7480c51533
Added need/want for decryptor and data deletion
2022-05-06 13:25:31 +02:00
Christian Studer
de7792373c
add: [passive-ssh] Added `banner` & `hassh` attributes
2022-05-05 20:38:53 +02:00
matthijsvp
33458100e4
Fixed ui order, fixed screenshot type
2022-05-05 15:54:37 +02:00
matthijsvp
6ec02ff6d8
Added transcript and screenshot fields
2022-05-05 15:48:31 +02:00
matthijsvp
1c2513caf2
Fixed email attribute type, fixed typo
2022-05-05 15:38:19 +02:00
matthijsvp
38d22a425f
v1 of ransom-negotiation object
2022-05-05 15:18:22 +02:00
matthijsvp
25c318c3b3
Initial commit
2022-05-04 16:49:17 +02:00
3c7
314d72f948
Fixes wrong category and typo in value list
2022-04-26 15:05:05 +02:00
3c7
e57ab0f522
uploaded -> submitted; otherwise possible semantic collision with "uploads" relationship
2022-04-26 14:07:20 +02:00
3c7
dcb44bcc5a
Added VirusTotal Submission object and uploaded/uploaded-by relation
2022-04-26 14:02:43 +02:00
Alexandre Dulaunoy
ea23d59185
chg: [organization] NL fixed
2022-04-04 14:49:44 +02:00
Alexandre Dulaunoy
783ae64fa0
chg: [organization] typo fixed
2022-04-04 14:46:22 +02:00
Alexandre Dulaunoy
6e98779d1a
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-04-04 14:08:34 +02:00
Alexandre Dulaunoy
46a4b67c35
chg: [organization] add registry number and format for date of registration
2022-04-04 14:07:55 +02:00
chrisr3d
60d2fc447f
add: [employee] Added a `full-name` object_relation for cases when we are not sure which name is the first and the last
2022-03-31 20:21:12 +02:00
Alexandre Dulaunoy
f1086328a1
chg: [personification] fixed
2022-03-24 15:42:35 +01:00
Alexandre Dulaunoy
05195859b1
Merge pull request #351 from 0wlyW00d/main
...
Add new objects to better describe a natural person
2022-03-22 21:58:37 +01:00
Alexandre De Oliveira
2a7d2de508
modified by ./jq_all_the_things.sh
2022-03-21 15:04:26 +01:00
Alexandre De Oliveira
a98ac163fb
Update object version to v5
2022-03-21 15:02:48 +01:00
0wlyW00d
c44272a069
test
2022-03-21 10:08:36 +00:00
0wlyW00d
3dd5c938fe
Objects add
2022-03-21 10:01:37 +00:00
0wlyW00d
d82287d35f
Add news objects to MISP
...
Creation of new object to better describe a natural perso
Add CLoth Object
Add Tattoo object
Add Personification Object
2022-03-20 17:13:31 +01:00
0wlyW00d
b6c6de5632
Add tattoo object definition
2022-03-19 11:56:48 +01:00
Alexandre De Oliveira
e54cfa0e4c
modified by ./jq_all_the_things.sh
2022-03-18 12:17:41 +01:00
Alexandre De Oliveira
e2da981c94
Update definition.json
2022-03-18 12:15:58 +01:00
Alexandre De Oliveira
df2b900c75
Run the ./jq_all_the_things.sh
2022-03-18 12:12:04 +01:00
Alexandre De Oliveira
da1d90ab8a
Add fields related to GT
2022-03-18 12:08:13 +01:00
Alexandre Dulaunoy
5bfe1f2d66
chg: [person] add new potential direct message chat application
2022-03-17 15:56:16 +01:00
Alexandre Dulaunoy
cc2587d733
chg: [person] handle added as requested by @gallypette
2022-03-17 15:14:32 +01:00
Alexandre Dulaunoy
9515ae332e
chg: [instant-message] Jabber and Twitter added + updated required fields
2022-03-17 09:14:39 +01:00
enes-usta
3c7ee6214e
added cheat types and minor changes
2022-03-15 03:37:26 +01:00
enes
5eea5eae14
Add game-cheat Object
2022-03-14 16:07:09 +01:00