Alexandre Dulaunoy
ec00217098
Best practices when creating MISP object templates
2022-07-28 18:50:16 +02:00
Alexandre Dulaunoy
50f61a03be
chg: [scheduled-task] disable_correlation + clarification
2022-07-08 15:03:27 +02:00
Delta-Sierra
73c2462448
Windows Scheduled Task Object - First draft
2022-07-07 15:17:34 +02:00
Alexandre Dulaunoy
58ef1729f2
Merge pull request #364 from matthijsvp/main
...
New attack-step object.
2022-07-02 20:21:10 +01:00
matthijsvp
8e024f4863
chg: Fixed typo in disable_correlation
2022-07-01 16:59:03 +02:00
matthijsvp
896fb72735
Merge from master
2022-07-01 16:47:23 +02:00
Matthijs van P
29d7467de9
Merge branch 'MISP:main' into main
2022-07-01 16:43:49 +02:00
matthijsvp
593d80abd1
initial commit
2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy
db5033f385
fix: [ftm-*] Fixing missing description - #363
2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy
85dd164dbb
fix: [ftm] missing description fix #363
2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy
9b0a9cd9eb
chg: [ftm-Call] fixed missing description
2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy
91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
...
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy
fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
...
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy
07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
...
MISP object template designed following requests and especially this twitter thread:
https://twitter.com/castello_johnny/status/1540610057263628289
I added a list of sane default based on the ones I have seen being used:
"sane_default": [
"event query language (eql)",
"keyword query language (kql)",
"Query DSL",
"Query (Elastic Search)",
"Sigma",
"Lucene query",
"Google search query",
"Ariel Query Language (qradar)",
"Grep",
"Devo LINQ"
],
Thanks to Gianni Castaldi and others for ideas.
The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy
4badc17a84
chg: [doc] list of objects updated
2022-06-18 20:57:14 +02:00
Alexandre Dulaunoy
8fd41924dd
chg: [stock] newline fixed
2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy
7ea63899df
chg: [stock] UUID fixed
2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy
421f5f9ccc
new: [stock] a first version of a stock market object to describe stock in MISP
2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy
8215066c96
chg: [report] add Zotero item types in addition to the default type
2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy
b56d3a980b
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy
cbfff75588
chg: [network-connection] add a counter following discussion with @chrisr3d
2022-06-17 10:05:09 +02:00
iglocska
b99a0e939d
chg: [domain-ip] added the multiple flag back to ports
...
- as discussed with @righel, if we allow multiple IPs we should also allow multiple ports
- we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses
2022-05-30 18:07:25 +02:00
Alexandre Dulaunoy
db9d79b093
Merge pull request #360 from goodlandsecurity/spearphishing-objects
...
Spearphishing objects
2022-05-21 08:00:02 +02:00
Good Land Security
df5f9921df
Merge branch 'MISP:main' into spearphishing-objects
2022-05-20 20:20:10 -05:00
Alexandre Dulaunoy
52918bb373
Merge pull request #359 from matthijsvp/main
...
Processed feedback for ransom-negotiation object.
2022-05-20 21:50:52 +02:00
goodlandsecurity
2b19a8099e
formatting after jq_all_the_things
2022-05-20 14:24:40 -05:00
goodlandsecurity
1c3aff42c5
added date for tracking when e-mail was sent
2022-05-20 14:20:37 -05:00
goodlandsecurity
c62a113fec
add new objects for spearphishing-link and spearphishing-attachment intel
2022-05-20 11:49:15 -05:00
matthijsvp
f04caaa2c1
Added fields
2022-05-20 15:53:29 +02:00
matthijsvp
bffed035df
Merge branch 'main' of github.com:matthijsvp/misp-objects
2022-05-20 15:50:37 +02:00
matthijsvp
dac6d57e79
Added some field from feedback
2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy
a922f29b46
Merge branch 'Vasileios-Mavroeidis-patch-1' into main
2022-05-18 22:01:41 +02:00
Alexandre Dulaunoy
ccd239bf64
chg: [security-playbook] jq all the things
2022-05-18 22:00:41 +02:00
Vasileios Mavroeidis
0c54a39d37
Update definition.json
...
The PR updates the security playbook object with improved semantics based on feedback we have received.
The updated template has "one-to-one" mapping with the available STIX 2.1 ad-hoc extension for the COA SDO available here: https://github.com/fovea-research/stix2.1-coa-playbook-extension
This research (updated version 3) was partially supported by the research projects CyberHunt (Grant No. 303585 - funded by the Research Council of Norway) and JCOP (Grant No. INEA/CEF/ICT/A2020/2373266 - funded by the European Health and Digital Executive Agency through the Connected Europe Facility program).
2022-05-18 13:56:59 +02:00
Alexandre Dulaunoy
7c7d1fbe98
chg: [paloalto-threat-event] Hungary access to the git repository has been sanctioned
2022-05-11 15:38:24 +02:00
Andras Iklody
a5184c6746
chg: [paloalto-threat-event] version bump
...
For instances that ingested it before the disable_correlation changes, they didn't take and ended up pushing a lot of correlating noise. This should resolve it for the future.
2022-05-11 13:16:36 +02:00
Alexandre Dulaunoy
4125494c84
Merge pull request #355 from matthijsvp/main
...
New object template: Ransom negotations
2022-05-07 09:15:41 +02:00
matthijsvp
b8456cf80b
Ran validation
2022-05-07 08:00:38 +02:00
Matthijs van P
9e378c705f
Merge branch 'MISP:main' into main
2022-05-07 07:56:36 +02:00
Matthijs van P
109f78336b
Changed version to int.
2022-05-07 06:47:40 +02:00
Christian Studer
f762d5b2a4
add: [passive-ssh] Added `port` attribute
2022-05-06 17:01:13 +02:00
matthijsvp
3f90f65508
Fixed spelling mistakes
2022-05-06 14:09:50 +02:00
matthijsvp
bb686f24d4
Removed required field
2022-05-06 13:50:34 +02:00
matthijsvp
d04d453f47
Added sane defaults to all booleans
2022-05-06 13:48:12 +02:00
matthijsvp
dcf34a680f
bumped version number, fixed stray typo
2022-05-06 13:38:11 +02:00
matthijsvp
7480c51533
Added need/want for decryptor and data deletion
2022-05-06 13:25:31 +02:00
Christian Studer
de7792373c
add: [passive-ssh] Added `banner` & `hassh` attributes
2022-05-05 20:38:53 +02:00
matthijsvp
33458100e4
Fixed ui order, fixed screenshot type
2022-05-05 15:54:37 +02:00
matthijsvp
6ec02ff6d8
Added transcript and screenshot fields
2022-05-05 15:48:31 +02:00
matthijsvp
1c2513caf2
Fixed email attribute type, fixed typo
2022-05-05 15:38:19 +02:00