chrisr3d
ad8e01d4c5
Transaction object
2018-02-07 15:36:37 +01:00
Alexandre Dulaunoy
3161533692
fix: trailing dot removed
2018-02-07 14:54:15 +01:00
Alexandre Dulaunoy
e1258cd2f7
Common Alerting Protocol Version (CAP) alert object
2018-02-07 14:46:09 +01:00
chrisr3d
fd74fac62b
Fixed disable_correlation variable type
2018-02-06 15:36:57 +01:00
chrisr3d
7966c58db9
typo
2018-02-06 15:06:20 +01:00
chrisr3d
d250e62546
Added additional attributes
2018-02-06 14:19:04 +01:00
chrisr3d
573873db3b
First version of the legal-entity object
2018-02-05 17:20:39 +01:00
chrisr3d
b92d92764b
description typo
2018-02-05 16:10:23 +01:00
chrisr3d
c11c4a28ab
chg: Added address and zip code attributes
2018-02-05 14:19:58 +01:00
chrisr3d
f169fbee36
chg: updated name of the new attribute
2018-02-05 14:18:21 +01:00
chrisr3d
b09f0453ab
chg: Added identity card number
2018-02-05 09:26:50 +01:00
Alexandre Dulaunoy
41b0d33ab3
fix: improve ip-port object to add domain instead of IP address
2018-01-31 15:05:55 +01:00
Alexandre Dulaunoy
c57b9b867c
fix: increment version of the MISP email object
2018-01-30 08:59:41 +01:00
David Lord
8d7e3b34a7
Add email-body to the email object definition
2018-01-30 10:12:53 +10:00
Alexandre Dulaunoy
f91929738b
add: an object describing bank account information based on account description from goAML 4.0.
...
A generic bank account partially based on the goAML 4.0 standard.
The bank account alone can convey information regarding the type
of transactions seen or suspected which allow to use the object alone
without the need to describe the full list of transactions.
Additional objects could be created like report, transactions and like
to fully support AML.
The existing person in MISP objects was previously updated to include
the field missing from AML.
A potential evolution is based on the transaction status which can
be described as a simple relationship between MISP objects like:
Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other
2018-01-29 07:42:30 +01:00
Alexandre Dulaunoy
bd508a3455
fix: Passive DNS records especially on the disabled_correlation fields
2018-01-25 15:07:19 +01:00
Raphaël Vinot
333f9a46e4
fix: Make the schema happy.
2018-01-23 10:46:15 +01:00
Raphaël Vinot
8c178fd837
fix: Make JQ happy.
2018-01-23 10:43:36 +01:00
garanews
0f3b8195f5
sandbox-signature
...
Added object sb-signature
2018-01-23 10:12:07 +01:00
Alexandre Dulaunoy
90e72d5895
fix: person object updated to match AML client record + various fixes
2018-01-22 14:16:46 +01:00
Alexandre Dulaunoy
cd528865bb
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program
2018-01-22 13:34:33 +01:00
Alexandre Dulaunoy
c75015e1a6
fix: registry-key updated
2018-01-18 13:49:03 +01:00
Alexandre Dulaunoy
c04d56d7cd
remove registry hive because registry-key is enough
2018-01-18 13:47:57 +01:00
Alexandre Dulaunoy
94cfc57e16
add: registry-hive object describing a Windows registry hive including key, subkey and
...
value (and associated data if any)
2018-01-18 12:54:01 +01:00
Alexandre De Oliveira
1b42b02c99
Update definition.json
...
Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed.
Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS.
2018-01-11 11:52:11 +01:00
c-goes
f92eb6e1b7
added sandbox-report object
2018-01-08 17:28:21 +01:00
Alexandre Dulaunoy
735ebf26bc
fix: annotation object
2018-01-08 11:47:19 +01:00
Alexandre Dulaunoy
eafb54fd07
add: An annotation object allowing analysts to add annotations,
...
comments, executive summary to a MISP event, objects or attributes.
2018-01-08 11:28:11 +01:00
Alexandre Dulaunoy
1008428476
fix: add missing attribute type for the state
2018-01-08 08:15:43 +01:00
Alexandre Dulaunoy
71c0ae1e6c
fix: Vulnerability object improved to include the case of unpublished
...
security vulnerability
2018-01-08 07:48:32 +01:00
Alexandre Dulaunoy
60279184dd
add: ss7-attack object for the attack against GSM/UMTS networks seen in
...
SS7 logging.
2018-01-05 16:17:23 +01:00
Alexandre Dulaunoy
8f9c7b1ae1
add: Diameter attack object targeting GSM, UMTS and 4G networks.
2018-01-05 14:34:20 +01:00
Alexandre Dulaunoy
17373f6130
fix: GTPInterface updated
2018-01-05 14:26:28 +01:00
Alexandre Dulaunoy
93f8c7e9d3
fix: GTP attack - multiple on GTP interface
2018-01-05 14:10:05 +01:00
Alexandre Dulaunoy
60d5767e8b
add: first version of a MISP object to describe GTP attack on
...
GSM/UTMS/3G network.
2018-01-05 13:37:54 +01:00
Alexandre Dulaunoy
7ebda41b4a
fix: disable correlation on fields where is not needed
2017-12-30 19:39:55 +01:00
Alexandre Dulaunoy
b4d30b1419
fix: disable correlation on microblog type (Twitter or alike)
2017-12-30 19:26:48 +01:00
Alexandre Dulaunoy
5cd069acdd
fix: disable correlation on all filename-*
2017-12-24 15:05:12 +01:00
Alexandre Dulaunoy
3aea2f2950
fix: Disable correlation on filename by default
2017-12-24 15:02:47 +01:00
Alexandre Dulaunoy
1460d055a0
add: new stix2-pattern object to include STIX 2 patterning
2017-12-21 16:16:33 +01:00
Christophe Vandeplas
9de7423501
whois - adds nameserver attributes
...
adding nameserver attributes as a whois response contains those
2017-12-20 15:22:45 +01:00
Alexandre Dulaunoy
871b86e35f
fix: Update registry-key to match correct MISP attributes
2017-12-18 14:16:36 +01:00
Alexandre Dulaunoy
cf7aa00f98
chg: whois object now includes registrant-org matching new MISP
...
attributes type - whois-registrant-org
2017-12-18 14:04:53 +01:00
Alexandre Dulaunoy
b85438fc45
Fix: x509 object now uses the new and proper fp type
2017-12-13 17:39:59 +01:00
Alexandre Dulaunoy
de36d3b735
jq all the things!
2017-12-12 21:57:45 +01:00
Alexandre Dulaunoy
75f9af5464
Merge pull request #41 from truckydev/patch-1
...
regex addon
2017-12-12 21:42:13 +01:00
Raphaël Vinot
4a7bb59354
chg: Allow malware-sample as only attribute in file.
2017-12-12 17:16:47 +01:00
c-goes
fbccdfef24
disable correlation for last-seen/first-seen/text
2017-12-05 11:05:56 +01:00
Alexandre Dulaunoy
f5d1742bae
Merge pull request #57 from c-goes/coin-address
...
Coin address object
2017-12-04 16:00:22 +01:00
c-goes
bc01c0c4b8
added coin-address object(2)
2017-12-04 15:43:49 +01:00
c-goes
bb0788e267
added coin-address object
2017-12-04 15:37:39 +01:00
Alexandre Dulaunoy
b4cae64392
Never trust standards using Google docs to store list of machine parsable information.
...
Another good reason, why all open vocabularies in OASIS should be
in parsable and validated JSON files. And not *bloody* list of words
in a Google doc.
2017-12-04 15:28:29 +01:00
Alexandre Dulaunoy
c3f88d6901
State of the file is no more correlated - and default state value is Malicious.
2017-12-04 11:01:56 +01:00
c-goes
3fc7ce2f7d
victim object: changed attributes, added object relations(2)
2017-12-04 10:49:44 +01:00
c-goes
7fadc89ed8
victim object: changed attributes, added object relations
2017-12-04 10:48:01 +01:00
Alexandre Dulaunoy
82f440931c
Disable correlation on classification on the victim object
2017-12-03 12:07:54 +01:00
Alexandre Dulaunoy
a258d79fef
Typo fixed
2017-12-03 11:42:56 +01:00
Alexandre Dulaunoy
e11e95415a
add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE)
2017-12-03 11:36:22 +01:00
Alexandre Dulaunoy
04d38118d1
registar->registrar
2017-12-02 23:08:56 +01:00
Alexandre Dulaunoy
465251bf43
fix: update android permissions based on Google latest list
2017-11-28 15:59:01 +01:00
Alexandre Dulaunoy
2baad824b0
add: first version of an android permission(s) object
2017-11-28 15:24:47 +01:00
Deborah Servili
0051ad8167
ddos v5 - add destination domain attribute
2017-11-23 14:43:04 +01:00
c-goes
39319e1cd6
allow multiple filenames
2017-11-23 09:57:49 +01:00
Alexandre Dulaunoy
59edaa978f
raw data is now an attachment
2017-11-22 20:52:26 +01:00
Alexandre Dulaunoy
b915869ab2
being lax on origin to avoid rebuilding url path for unknown services
2017-11-22 17:08:56 +01:00
Alexandre Dulaunoy
51e873760e
AIL leak template updated to include duplicate of leaks
2017-11-22 16:38:25 +01:00
Alexandre Dulaunoy
dd4e2d1977
fix: MISP type are case-sensitive - fixing AS number type
2017-11-19 10:22:32 +01:00
Alexandre Dulaunoy
b046eb4ba7
fix: AIL leak object to include raw-data
2017-11-15 07:32:49 +01:00
Alexandre Dulaunoy
1fd5d4f6a7
fix: subnets announced is an ip-src type
2017-11-14 15:02:49 +01:00
Alexandre Dulaunoy
666c7a6916
added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o
...
r alike.
Fix #50
2017-11-13 20:36:16 +01:00
Raphaël Vinot
f9b2bdf22c
chg: Fix logic in URL
...
Fix #21
2017-11-10 15:05:22 -08:00
Raphaël Vinot
805ed85bbe
chg: Disable some correlations by default in URL
...
Fix #47
2017-11-10 15:02:37 -08:00
Raphaël Vinot
dade532c1f
Merge branch 'master' of github.com:MISP/misp-objects
2017-11-10 13:29:03 -08:00
Raphaël Vinot
b4b3e685ea
fix: requiredOneOf list of r2graphity was wrong
...
Fix #20
2017-11-10 13:28:05 -08:00
c-goes
8e47b33787
Added file attribute screenshot to email object
2017-11-09 16:07:54 +01:00
Andras Iklody
6b43b68651
Merge pull request #48 from Delta-Sierra/master
...
allow multiple ips in domain|ip object
2017-11-07 10:08:24 +01:00
Deborah Servili
51f79bceba
allow multiple ips in domain|ip object
2017-11-07 09:34:26 +01:00
Alexandre Dulaunoy
f46343b2e2
Merge pull request #46 from Delta-Sierra/master
...
update ail-leak object
2017-11-06 16:20:25 +01:00
Deborah Servili
d171c73660
update ail-leak object
2017-11-06 14:53:58 +01:00
Alexandre Dulaunoy
2a2b48a162
fix: origin of credential as sane_default
2017-11-02 21:37:53 +01:00
Alexandre Dulaunoy
dab3ad881a
add: credential object ( fix #44 )
2017-11-02 20:41:02 +01:00
Raphaël Vinot
28dfbb50f7
Remove the executable flag from the json files
2017-10-25 12:16:17 -04:00
truckydev
fe594f98ba
regex addon
...
Add field to specify which type correspond to this regex.
2017-10-25 10:39:39 +02:00
Raphaël Vinot
3569c70407
Add report object
2017-10-24 13:04:41 -04:00
Thomas Gardner
6e36c162a4
fixed av-signature merge conflicts with upstream
2017-10-24 10:26:24 -04:00
Thomas Gardner
1c4933c1ce
disabled AV software correlation and re-ran jq-all-the-things
2017-10-24 10:23:46 -04:00
Alexandre Dulaunoy
9410aa99a5
Fix the file object
2017-10-23 20:35:07 +02:00
Alexandre Dulaunoy
0f3261077b
State added to file like signed, harmless...
2017-10-23 20:28:30 +02:00
Raphaël Vinot
b801bc6603
jq all the things
2017-10-23 11:51:05 -04:00
Thomas Gardner
f9204db304
added av-signature and virustotal-report
2017-10-23 10:43:12 -04:00
Alexandre Dulaunoy
a5d2f71fef
Merge pull request #34 from MISP/fix-31-2
...
Fix object name
2017-10-16 15:41:33 +02:00
Raphaël Vinot
9078fa0e73
Fix object name
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:41:22 +02:00
Raphaël Vinot
60a375f85d
Fix object name.
...
Related to: https://github.com/MISP/misp-objects/issues/31
2017-10-16 11:40:20 +02:00
Alexandre Dulaunoy
0ab002e94c
Fix typo in the field
2017-10-13 15:08:25 +02:00
Alexandre Dulaunoy
9b55a361ec
Some updates including description of fields
2017-10-13 15:02:04 +02:00
Alexandre Dulaunoy
94b9bc9aee
First version of Netflow object based on proposal from @JanKoDFNCERT
...
Open questions:
- What is a minimal Netflow records? I relax a bit the required fields.
- How does this work with IPFIX (and variable templates)?
- How should we express the TCP flags expressed? (S/SA/SAF)
2017-10-13 14:30:10 +02:00
Alexandre Dulaunoy
2b9ba3ac00
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform)
2017-10-12 22:08:09 +02:00
Alexandre Dulaunoy
deda8abfb1
use url attribute type for link inside a post
2017-10-06 08:22:41 +02:00
Alexandre Dulaunoy
c4bc232be2
Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4
2017-10-06 08:22:00 +02:00
ater49
a13726c138
Update definition.json
...
Link attribute added in case of url present into the post.
Multiple set to true for "username-quoted"
2017-10-04 13:31:25 +02:00