MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
487 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

333 Commits (856cec8d0945c2715fe381da83d1ae080cd002be)

Author SHA1 Message Date
Alexandre Dulaunoy 1ff6cbf67a
fix: Feedback from @sheidan 2018-03-28 15:26:35 +02:00
Alexandre Dulaunoy 62e782b589
add: Suricata object added with context 2018-03-28 14:32:53 +02:00
Alexandre Dulaunoy 405d4e6bff
fix: name of the object template was incorrect 2018-03-28 14:31:32 +02:00
Raphaël Vinot 7c9e0420e1 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-27 10:26:21 +02:00
Raphaël Vinot 206da3b100 new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
Alexandre Dulaunoy d87336b5c9
version fixed for X509 object 2018-03-27 08:55:02 +02:00
Sheidan b3c348f4ab x509-add-required-one-of-serial-number 2018-03-26 18:16:29 +02:00
Raphaël Vinot 4708caffb5 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 17:28:03 +02:00
Raphaël Vinot 3d0540a671 chg: disable correlations in fail2ban 2018-03-26 17:27:55 +02:00
Alexandre Dulaunoy 0a0778bb86
add: new yara object added with a version number 2018-03-26 14:26:15 +02:00
Raphaël Vinot 7c2e07a50b fix: wrong attribute name 2018-03-26 12:05:17 +02:00
Raphaël Vinot d51c3712b9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 11:41:12 +02:00
Raphaël Vinot 1f8fd57d69 chg: Fix&update fail2ban def 2018-03-26 11:41:00 +02:00
Alexandre Dulaunoy b0755e3ca8
jq all 2018-03-26 11:37:38 +02:00
Alexandre Dulaunoy aa30a49796
fix: attribute type fixed 2018-03-26 11:28:32 +02:00
Raphaël Vinot 61fd6728d9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 10:54:52 +02:00
Raphaël Vinot 1f8a26fa3e new: Fail2ban object 2018-03-26 10:54:44 +02:00
Alexandre Dulaunoy c92ee2e461
fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
Alexandre Dulaunoy e7e3878042
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00
Alexandre Dulaunoy 982e2d8b75
fix: raw whois is also accepted as single attribute in whois object 
Required for importing STIX CybOX 1.1 object where just a raw whois
entry is added in remarks.
 2018-03-16 13:13:35 +01:00
Alexandre Dulaunoy f7f0a88838
fix: some parts of the URL can be repeated such as resource path, anchor... 
multiple flag added to the potential part to be repeated.

following a discussion in Gitter with @makflwana
 2018-03-15 09:38:53 +01:00
Alexandre Dulaunoy 4ed961f5e6
fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
Alexandre Dulaunoy a93a285132
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00
Sami Mokaddem 73aa339ddd typo: passsword -> password 2018-03-01 16:20:58 +01:00
Alexandre Dulaunoy 1fe3e79a05
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00
Alexandre Dulaunoy bdaee9e1c7
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00
Alexandre Dulaunoy 73a2b41103
fix: jq all the things 2018-02-23 08:25:35 +01:00
zoomequipd 0d31f27efc
correct rbn --> rtn 2018-02-22 16:37:12 -06:00
zoomequipd 8b1aff8135
add aba-rtn to bank-account object 2018-02-22 16:36:19 -06:00
chrisr3d 271c789f97
fix: Fixed somme bank-account fields 2018-02-22 01:18:15 +01:00
chrisr3d 4cccea8828
Fixed the bank-account meta-category 
... which is actually "financial"
 2018-02-20 15:44:02 +01:00
chrisr3d 71fa0f66fa
Added default values of funds code 2018-02-14 14:11:42 +01:00
chrisr3d 0367068f92
Added attributes to describe some origin and target fields of a transaction 2018-02-14 11:33:37 +01:00
chrisr3d 594bf5dcc0
Added attributes for the teller and the authorizer of a transaction 2018-02-13 17:53:37 +01:00
Andras Iklody eef4aab989
Changed http request object template 
require either uri or url, http method is no longer required.
 2018-02-09 09:43:39 +01:00
Alexandre Dulaunoy 3d2091b33c
fix: use new attribute type mime-type instead of text 2018-02-09 07:34:58 +01:00
Alexandre Dulaunoy 1c8a5031f7
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 11:55:19 +01:00
Alexandre Dulaunoy b4d433a845
add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
Alexandre Dulaunoy 64f9c60ae6
Merge pull request #78 from chrisr3d/master 
Transaction Object definition and readme file updated
 2018-02-08 08:06:35 +01:00
Alexandre Dulaunoy 857065e0e8
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 08:05:53 +01:00
Alexandre Dulaunoy 49f78f067d
add: Common Alerting Protocol Version (CAP) info object 2018-02-08 07:45:41 +01:00
chrisr3d 9ad2b50895
Updated description and readme 2018-02-07 17:26:09 +01:00
chrisr3d 416c91fd5d Merge branch 'master' of github.com:MISP/misp-objects 2018-02-07 15:43:40 +01:00
chrisr3d ad8e01d4c5
Transaction object 2018-02-07 15:36:37 +01:00
Alexandre Dulaunoy 3161533692
fix: trailing dot removed 2018-02-07 14:54:15 +01:00
Alexandre Dulaunoy e1258cd2f7
Common Alerting Protocol Version (CAP) alert object 2018-02-07 14:46:09 +01:00
chrisr3d fd74fac62b
Fixed disable_correlation variable type 2018-02-06 15:36:57 +01:00
chrisr3d 7966c58db9
typo 2018-02-06 15:06:20 +01:00
chrisr3d d250e62546
Added additional attributes 2018-02-06 14:19:04 +01:00
chrisr3d 573873db3b
First version of the legal-entity object 2018-02-05 17:20:39 +01:00
chrisr3d b92d92764b
description typo 2018-02-05 16:10:23 +01:00
chrisr3d c11c4a28ab
chg: Added address and zip code attributes 2018-02-05 14:19:58 +01:00
chrisr3d f169fbee36
chg: updated name of the new attribute 2018-02-05 14:18:21 +01:00
chrisr3d b09f0453ab
chg: Added identity card number 2018-02-05 09:26:50 +01:00
Alexandre Dulaunoy 41b0d33ab3
fix: improve ip-port object to add domain instead of IP address 2018-01-31 15:05:55 +01:00
Alexandre Dulaunoy c57b9b867c
fix: increment version of the MISP email object 2018-01-30 08:59:41 +01:00
David Lord 8d7e3b34a7
Add email-body to the email object definition 2018-01-30 10:12:53 +10:00
Alexandre Dulaunoy f91929738b
add: an object describing bank account information based on account description from goAML 4.0. 
A generic bank account partially based on the goAML 4.0 standard.
The bank account alone can convey information regarding the type
of transactions seen or suspected which allow to use the object alone
without the need to describe the full list of transactions.

Additional objects could be created like report, transactions and like
to fully support AML.

The existing person in MISP objects was previously updated to include
the field missing from AML.

A potential evolution is based on the transaction status which can
be described as a simple relationship between MISP objects like:

Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other
 2018-01-29 07:42:30 +01:00
Alexandre Dulaunoy bd508a3455
fix: Passive DNS records especially on the disabled_correlation fields 2018-01-25 15:07:19 +01:00
Raphaël Vinot 333f9a46e4 fix: Make the schema happy. 2018-01-23 10:46:15 +01:00
Raphaël Vinot 8c178fd837 fix: Make JQ happy. 2018-01-23 10:43:36 +01:00
garanews 0f3b8195f5 sandbox-signature 
Added object sb-signature
 2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy 90e72d5895
fix: person object updated to match AML client record + various fixes 2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program 2018-01-22 13:34:33 +01:00
Alexandre Dulaunoy c75015e1a6
fix: registry-key updated 2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy c04d56d7cd
remove registry hive because registry-key is enough 2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy 94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and 
value (and associated data if any)
 2018-01-18 12:54:01 +01:00
Alexandre De Oliveira 1b42b02c99
Update definition.json 
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
 2018-01-11 11:52:11 +01:00
c-goes f92eb6e1b7 added sandbox-report object 2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy 735ebf26bc
fix: annotation object 2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy eafb54fd07
add: An annotation object allowing analysts to add annotations, 
comments, executive summary to a MISP event, objects or attributes.
 2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy 1008428476
fix: add missing attribute type for the state 2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy 71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished 
security vulnerability
 2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy 60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in 
SS7 logging.
 2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy 8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks. 2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy 17373f6130
fix: GTPInterface updated 2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy 93f8c7e9d3
fix: GTP attack - multiple on GTP interface 2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy 60d5767e8b
add: first version of a MISP object to describe GTP attack on 
GSM/UTMS/3G network.
 2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy 7ebda41b4a
fix: disable correlation on fields where is not needed 2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy b4d30b1419
fix: disable correlation on microblog type (Twitter or alike) 2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy 5cd069acdd
fix: disable correlation on all filename-* 2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy 3aea2f2950
fix: Disable correlation on filename by default 2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy 1460d055a0
add: new stix2-pattern object to include STIX 2 patterning 2017-12-21 16:16:33 +01:00
Christophe Vandeplas 9de7423501 whois - adds nameserver attributes 
adding nameserver attributes as a whois response contains those
 2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy 871b86e35f
fix: Update registry-key to match correct MISP attributes 2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy cf7aa00f98
chg: whois object now includes registrant-org matching new MISP 
attributes type - whois-registrant-org
 2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy b85438fc45
Fix: x509 object now uses the new and proper fp type 2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy de36d3b735
jq all the things! 2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy 75f9af5464
Merge pull request #41 from truckydev/patch-1 
regex addon
 2017-12-12 21:42:13 +01:00
Raphaël Vinot 4a7bb59354 chg: Allow malware-sample as only attribute in file. 2017-12-12 17:16:47 +01:00
c-goes fbccdfef24 disable correlation for last-seen/first-seen/text 2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy f5d1742bae
Merge pull request #57 from c-goes/coin-address 
Coin address object
 2017-12-04 16:00:22 +01:00
c-goes bc01c0c4b8 added coin-address object(2) 2017-12-04 15:43:49 +01:00
c-goes bb0788e267 added coin-address object 2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy b4cae64392
Never trust standards using Google docs to store list of machine parsable information. 
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
 2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy c3f88d6901
State of the file is no more correlated - and default state value is Malicious. 2017-12-04 11:01:56 +01:00
c-goes 3fc7ce2f7d victim object: changed attributes, added object relations(2) 2017-12-04 10:49:44 +01:00
c-goes 7fadc89ed8 victim object: changed attributes, added object relations 2017-12-04 10:48:01 +01:00
Alexandre Dulaunoy 82f440931c
Disable correlation on classification on the victim object 2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy a258d79fef
Typo fixed 2017-12-03 11:42:56 +01:00