Alexandre Dulaunoy
dff3733361
Merge branch 'Aisik00-main' into main
2021-09-28 14:50:43 +02:00
Alexandre Dulaunoy
02e00959c4
fix: [security-playbook] newline issue
2021-09-28 14:49:28 +02:00
Alexandre Dulaunoy
4fed830b87
fix: [security-playbook] Categories are case sensitive
2021-09-28 14:48:27 +02:00
Pavel Eis
ee9b978c5e
new: [security-playbook] security-playbook added
2021-09-28 10:31:45 +02:00
Alexandre Dulaunoy
c8cd002a3b
chg: [hashlookup] add KnownMalicious field in hashlookup record
2021-09-24 15:33:53 +02:00
Alexandre Dulaunoy
0ba346f194
chg: [hashlookup] add source, TLSH, SSDEEP fields in the object template
2021-09-24 15:23:04 +02:00
Alexandre Dulaunoy
ffa6ed7963
chg: [process] remove ambiguity between user-creator and current user running the process
...
Following CISA/DHS feedback
Fix #322
2021-09-14 08:35:02 +02:00
Alexandre Dulaunoy
3f6a653b0d
fix: [user-account] replace the unclear text in description
...
Feedback from CISA/DHS - fix #323
2021-09-14 08:31:01 +02:00
Alexandre Dulaunoy
8c86f26e78
chg: [domain-ip] newline fix
2021-09-11 07:53:21 +02:00
Andras Iklody
12612abdcb
remove multiple from ip field
2021-09-10 15:24:50 +02:00
Alexandre Dulaunoy
238fc99b60
Merge branch 'yodresh-SS7-gt-leasing' into main
2021-09-04 10:19:46 +02:00
Alexandre Dulaunoy
b42a9d8fe0
chg: [ss7-attack] order and newline
2021-09-04 10:19:25 +02:00
Alexandre De Oliveira
9f2f46faa7
Added few fields for GT Leasing - v3
2021-09-02 13:57:40 +02:00
chrisr3d
d2b93f5aa6
chg: [hashlookup] Using the `filename` type for the FileName attribute instead of `text`
2021-08-26 15:13:14 +02:00
Alexandre Dulaunoy
388b57e342
chg: [index] add hashlookup object in the directory list
2021-08-25 12:04:40 +02:00
Alexandre Dulaunoy
633a84df03
chg: [hashlookup] newline because you know
2021-08-25 12:02:17 +02:00
Alexandre Dulaunoy
7e849963f1
chg: [hashlookup] filename changed
2021-08-25 12:00:11 +02:00
Alexandre Dulaunoy
1e4f39f728
new: [hashlookup] new hashlookup.circl.lu object
2021-08-25 11:55:57 +02:00
Alexandre Dulaunoy
8ecdd68eb8
chg: [tsk-web-search-query] jq all the things
2021-07-25 09:11:42 +02:00
Alexandre Dulaunoy
7d7cea0459
Fix incorrect type for domain
2021-07-25 09:09:53 +02:00
Alexandre Dulaunoy
6413749f67
chg: [relationships] jq all the things
2021-07-06 11:51:40 +02:00
Alexandre Dulaunoy
80650931fb
new: [relationships] parent-of added
2021-07-05 10:22:17 +02:00
Alexandre Dulaunoy
01168e43ea
Merge branch 'main' of github.com:MISP/misp-objects into main
2021-06-22 15:25:14 +02:00
Alexandre Dulaunoy
d37c575ee0
chg: [email] add a from-domain field to add domain when full email is not known or a wild card
...
Fix #318
Feedback from Eurocontrol training
2021-06-22 15:23:41 +02:00
Raphaël Vinot
484a7b7c27
chg: Make mypy happy
2021-06-21 11:18:15 -07:00
Alexandre Dulaunoy
fca66ddd7d
Merge branch 'phmazzoni-patch-4' into main
2021-05-28 23:08:23 +02:00
Alexandre Dulaunoy
b6366988f4
chg: [paloalto-threat-event] fix newline
2021-05-28 23:07:49 +02:00
phmazzoni
df58f2b29f
Disabling some field correlations
...
Disabling some field correlations to avoid excessive number of events
2021-05-27 17:24:58 -03:00
Alexandre Dulaunoy
212e410258
chg: [ddos] fix newline
2021-05-27 16:25:52 +02:00
Alexandre Dulaunoy
a31f7d0f26
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
...
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
2021-05-27 16:19:12 +02:00
Alexandre Dulaunoy
844d202844
chg: [doc] list of object templates updated
2021-05-26 14:15:57 +02:00
Alexandre Dulaunoy
f24b1af50f
Merge branch 'aaronkaplan-cof2misp-dnsdbflex' into main
2021-05-26 14:12:48 +02:00
Alexandre Dulaunoy
195f0fe46a
fix: [passive-dns-dnsdbflex] newline
2021-05-26 14:12:10 +02:00
aaronkaplan
094d61a51a
dnsdbflex object
2021-05-26 12:34:34 +02:00
Alexandre Dulaunoy
93b99230e3
chg: [jq] all the things
2021-05-25 23:15:59 +02:00
Alexandre Dulaunoy
265f8d3fc7
chg: [geolocation] fix UUID to be valid UUIDv4
2021-05-25 23:11:01 +02:00
Alexandre Dulaunoy
d89296b542
new: [open-data-security] new object template based on open data
...
security definition
To be used in VARIoT project. https://www.variot.eu/
2021-05-17 15:55:23 +02:00
Alexandre Dulaunoy
5d986dc25e
chg: [phishing] newline
2021-05-11 15:44:35 +02:00
Alexandre Dulaunoy
8bb8a1d22c
Merge branch 'main' of github.com:MISP/misp-objects into main
2021-05-11 15:01:53 +02:00
Alexandre Dulaunoy
d8340c3f67
chg: [phishing] version bump
2021-05-11 15:01:31 +02:00
chrisr3d
3a2e44c442
fix: [network-socket] Typo
2021-05-06 15:42:03 +02:00
chrisr3d
5028d5d99f
add: [network-socket] Added Socket type attribute
2021-05-06 15:17:52 +02:00
Alexandre Dulaunoy
60be6a5938
Merge branch 'aaronkaplan-main' into main
2021-05-03 07:21:30 +02:00
Alexandre Dulaunoy
7a476ec4ef
chg: [passive-dns] jq
2021-05-03 07:20:51 +02:00
aaronkaplan
b728ed3e29
Re-Do the definition.json, according to the results of the discussion in
...
https://github.com/MISP/misp-objects/pull/314
Removing *_ip and *_domain
Keeping bailiwick a domain type
2021-05-03 00:57:14 +02:00
aaronkaplan
bcd133527e
Merge branch 'main' of https://github.com/MISP/misp-objects
2021-05-02 16:03:35 +02:00
aaronkaplan
7b4c9cd6df
As discussed with @rafiot, we can't simply add rdata and rrname as
...
text only into MISP objects. Why? Because otherwise we can't use MISP's
correlation engine to correlate attributes (rrname, rdata) inside these
MISP objects with other events. Because "text" would not correlate with
other "ip-src" or "domain" types in other objects/attributes.
Kind of sucks to duplicate the rrname and rdata entries, but that's the
only solution we came up with.
The COF2MISP module will populate both the rrname,rdata as well as the
rrname_{domain,ip} and rdata_{domain,ip} attributes.
Checked with jq_all_the_things.sh.
Thanks for your consideration.
2021-05-02 15:57:54 +02:00
Alexandre Dulaunoy
4b88a52cf4
chg: [passive-dns] fix
2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy
f9f0e94781
Merge branch 'aaronkaplan-patch-1' into main
2021-04-27 18:24:33 +02:00
Alexandre Dulaunoy
ab84bd837f
fix: [passive-dns] fix the JSON and the version
2021-04-27 18:13:05 +02:00