MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,665 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

1158 Commits (ab1f97b881c8d3f0035fe93586053860cc12a33a)

Author SHA1 Message Date
Pavel Eis ee9b978c5e new: [security-playbook] security-playbook added 2021-09-28 10:31:45 +02:00
Alexandre Dulaunoy c8cd002a3b
chg: [hashlookup] add KnownMalicious field in hashlookup record 2021-09-24 15:33:53 +02:00
Alexandre Dulaunoy 0ba346f194
chg: [hashlookup] add source, TLSH, SSDEEP fields in the object template 2021-09-24 15:23:04 +02:00
Alexandre Dulaunoy ffa6ed7963
chg: [process] remove ambiguity between user-creator and current user running the process 
Following CISA/DHS feedback

Fix #322
 2021-09-14 08:35:02 +02:00
Alexandre Dulaunoy 3f6a653b0d
fix: [user-account] replace the unclear text in description 
Feedback from CISA/DHS - fix #323
 2021-09-14 08:31:01 +02:00
Alexandre Dulaunoy 8c86f26e78
chg: [domain-ip] newline fix 2021-09-11 07:53:21 +02:00
Andras Iklody 12612abdcb
remove multiple from ip field 2021-09-10 15:24:50 +02:00
Alexandre Dulaunoy b42a9d8fe0
chg: [ss7-attack] order and newline 2021-09-04 10:19:25 +02:00
Alexandre De Oliveira 9f2f46faa7
Added few fields for GT Leasing - v3 2021-09-02 13:57:40 +02:00
chrisr3d d2b93f5aa6
chg: [hashlookup] Using the `filename` type for the FileName attribute instead of `text` 2021-08-26 15:13:14 +02:00
Alexandre Dulaunoy 633a84df03
chg: [hashlookup] newline because you know 2021-08-25 12:02:17 +02:00
Alexandre Dulaunoy 7e849963f1
chg: [hashlookup] filename changed 2021-08-25 12:00:11 +02:00
Alexandre Dulaunoy 1e4f39f728
new: [hashlookup] new hashlookup.circl.lu object 2021-08-25 11:55:57 +02:00
Alexandre Dulaunoy 8ecdd68eb8
chg: [tsk-web-search-query] jq all the things 2021-07-25 09:11:42 +02:00
Alexandre Dulaunoy 7d7cea0459
Fix incorrect type for domain 2021-07-25 09:09:53 +02:00
Alexandre Dulaunoy d37c575ee0
chg: [email] add a from-domain field to add domain when full email is not known or a wild card 
Fix #318

Feedback from Eurocontrol training
 2021-06-22 15:23:41 +02:00
Alexandre Dulaunoy b6366988f4
chg: [paloalto-threat-event] fix newline 2021-05-28 23:07:49 +02:00
phmazzoni df58f2b29f
Disabling some field correlations 
Disabling some field correlations to avoid excessive number of events
 2021-05-27 17:24:58 -03:00
Alexandre Dulaunoy 212e410258
chg: [ddos] fix newline 2021-05-27 16:25:52 +02:00
Alexandre Dulaunoy a31f7d0f26
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA 
Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA
 2021-05-27 16:19:12 +02:00
Alexandre Dulaunoy 195f0fe46a
fix: [passive-dns-dnsdbflex] newline 2021-05-26 14:12:10 +02:00
aaronkaplan 094d61a51a
dnsdbflex object 2021-05-26 12:34:34 +02:00
Alexandre Dulaunoy 93b99230e3
chg: [jq] all the things 2021-05-25 23:15:59 +02:00
Alexandre Dulaunoy 265f8d3fc7
chg: [geolocation] fix UUID to be valid UUIDv4 2021-05-25 23:11:01 +02:00
Alexandre Dulaunoy d89296b542
new: [open-data-security] new object template based on open data 
security definition

To be used in VARIoT project. https://www.variot.eu/
 2021-05-17 15:55:23 +02:00
Alexandre Dulaunoy 5d986dc25e
chg: [phishing] newline 2021-05-11 15:44:35 +02:00
Alexandre Dulaunoy 8bb8a1d22c
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-05-11 15:01:53 +02:00
Alexandre Dulaunoy d8340c3f67
chg: [phishing] version bump 2021-05-11 15:01:31 +02:00
chrisr3d 3a2e44c442
fix: [network-socket] Typo 2021-05-06 15:42:03 +02:00
chrisr3d 5028d5d99f
add: [network-socket] Added Socket type attribute 2021-05-06 15:17:52 +02:00
Alexandre Dulaunoy 7a476ec4ef
chg: [passive-dns] jq 2021-05-03 07:20:51 +02:00
aaronkaplan b728ed3e29
Re-Do the definition.json, according to the results of the discussion in 
https://github.com/MISP/misp-objects/pull/314

Removing *_ip and *_domain
Keeping bailiwick a domain type
 2021-05-03 00:57:14 +02:00
aaronkaplan bcd133527e
Merge branch 'main' of https://github.com/MISP/misp-objects 2021-05-02 16:03:35 +02:00
aaronkaplan 7b4c9cd6df
As discussed with @rafiot, we can't simply add rdata and rrname as 
text only into MISP objects. Why? Because otherwise we can't use MISP's
correlation engine to correlate attributes (rrname, rdata) inside these
MISP objects with other events. Because "text" would not correlate with
other "ip-src" or "domain" types in other objects/attributes.

Kind of sucks to duplicate the rrname and rdata entries, but that's the
only solution we came up with.

The COF2MISP module will populate both the rrname,rdata as well as the
rrname_{domain,ip} and rdata_{domain,ip} attributes.

Checked with jq_all_the_things.sh.
Thanks for your consideration.
 2021-05-02 15:57:54 +02:00
Alexandre Dulaunoy 4b88a52cf4
chg: [passive-dns] fix 2021-04-27 18:26:23 +02:00
Alexandre Dulaunoy ab84bd837f
fix: [passive-dns] fix the JSON and the version 2021-04-27 18:13:05 +02:00
AaronK df8604a8ca
Update definition.json 
Added time_first_ms, time_last_ms. Clarified a few things in the descriptions.
 2021-04-27 15:37:51 +02:00
Alexandre Dulaunoy 7c21a969d1
fix: [stix2-pattern] disable correlation on version 
Thanks to the new feature in MISP 2.4.142 to find top correlations ;-)
 2021-04-27 05:57:52 +02:00
Alexandre Dulaunoy 5e6f887fa1
Merge branch 'main' of github.com:MISP/misp-objects into main 2021-04-14 09:20:52 +02:00
Alexandre Dulaunoy 6f002cd4c6
chg: [report] add a report type 2021-04-14 09:20:25 +02:00
Raphaël Vinot 067ae49498 fix: Typo 2021-03-05 18:23:11 +01:00
Raphaël Vinot 321a952a66 chg: make jq validation happy 2021-03-05 18:16:46 +01:00
phmazzoni 16a3bed253
Create definition.json 2021-03-05 14:05:39 -03:00
phmazzoni a16d689085
Delete objects/panorama directory 2021-03-05 14:03:37 -03:00
Raphaël Vinot 3fb441b8a0 chg: Make jq validation happy 2021-03-05 15:57:41 +01:00
phmazzoni b3096262f5
Create definition.json 
Create Palo Alto Threat Log Object Template.
 2021-03-05 11:30:00 -03:00
Alexandre Dulaunoy e1f01f674f
chg: [person] full-name attribute type added + expanding object person with full-name 2021-03-03 07:41:16 +01:00
Alexandre Dulaunoy 4c62d6091a
fix: [dkim] clean-up 2021-02-25 07:25:09 +01:00
Alexandre Dulaunoy df6784859e
new: [dkim] DomainKeys Identified Mail - DKIM object template 2021-02-25 07:24:19 +01:00
Alexandre Dulaunoy 703b53fc3b
chg: [network-element] jq 2021-02-24 06:48:10 +01:00
Alexandre Dulaunoy 1fe9649205
chg: [network-profile] AS updated 2021-02-24 06:47:04 +01:00
Alexandre Dulaunoy d87ce65cb9
chg: [network-profile] add jarm-fingerprint 2021-02-24 06:38:49 +01:00
Carlos Borges 85dc07a1f4
Creation of Network Profile MISP Object 
The idea behind this object is to provide a unique form to identify network artifacts.
It's a mix of different including whois, URL and domain.

The need for a consolidated object comes to group correlated elements.

Beyond that, I'm introducing the idea to use the correlation feature in more generic ways.
Example:

The value of "threat-actor-infrastructure-value" is the unique value observed on a network resource that identify it. A practical and tested example is this resources from Kaspesky.

https://securelist.com/the-tetrade-brazilian-banking-malware/97779/

On this article they mention a trojan family called Javali. They recover the C2 server abusing Google Docs services. The mentioned field "threat-actor-infrastructure-value" would register the values available on this image. This item should be hard to correlate with other similar items, as this can change frequently.

A way to change it is also to register a more general pattern of the data with the "threat-actor-infrastructure-pattern". I.E

inicio{
"host":"<variable>",
"porta":"<variable>"
}fim

With other investigations and registry of it on MISP, is possible to correlate this data, facilitate identification of patterns used for tracking purposes and facilitate analysis.
 2021-02-23 20:39:22 -03:00
Alexandre Dulaunoy e902af130c
chg: [report] make link or summary as non-required field 2021-02-22 18:21:45 +01:00
Alexandre Dulaunoy 4e011f2478
chg: [regexp] fixed 2021-02-19 21:56:35 +01:00
Alexandre Dulaunoy 016f9e58af
chg: [regexp] added Farsight Compatible Regular Expressions (FCRE) added 
Ref: https://docs.dnsdb.info/dnsdb-fcre-reference-guide/#farsight-compatible-regular-expressions-fcre
 2021-02-19 18:03:23 +01:00
Alexandre Dulaunoy 36994fda1e
fix: [splunk] fixed 2021-02-15 15:10:20 +01:00
Alexandre Dulaunoy cb73cfaf49
chg: [splunk] object updated 2021-02-15 14:43:44 +01:00
marcnil815 f3830e044a
Update definition.json 
Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches.
 2021-02-15 14:13:17 +01:00
Alexandre Dulaunoy 84df20e51f
new: [windows-service] windows-service object added 2021-02-13 17:01:44 +01:00
Alexandre Dulaunoy 2b1c3532dc
chg: [report] add a link field to the report object template 2021-02-04 11:03:01 +01:00
Raphaël Vinot 3d3d40e6c0 fix: keys order in VT object 2021-02-02 15:31:00 +01:00
Raphaël Vinot 625684684a chg: Disable correlation in VT objects 2021-02-02 15:25:13 +01:00
Alexandre Dulaunoy 160c39d91e
chg: [url] jq all the things 2021-02-02 11:57:41 +01:00
Raphaël Vinot 82c217781f chg: allow multiple IPs in URL object 2021-02-02 11:39:37 +01:00
Terrtia 4f50074ba7
chg: [telegram-account] required attributes 2021-01-26 11:39:22 +01:00
Alexandre Dulaunoy eedcc2d5af
chg: [telegram-account] fixes 2021-01-26 10:30:30 +01:00
Alexandre Dulaunoy ca247d8c2a
new: [telegram-user] basic telegram user 
Ref: https://core.telegram.org/constructor/user

More could be added in the future
 2021-01-26 10:27:35 +01:00
Raphaël Vinot 1e14201fc0 chg: Update objects to match lief output for authenticode 2021-01-19 15:38:31 +01:00
Alexandre Dulaunoy fd7c05d74b
chg: [jarm] jq all the things 2021-01-05 14:49:34 +01:00
Alexandre Dulaunoy 8d08dc52d0
chg: [jarm] jarm type is jarm-fingerprint 2021-01-05 14:48:06 +01:00
Alexandre Dulaunoy 8753de0e1e
new: [jarm] new jarm object to describe TLS/SSL implementation matching 
a jarm fingerprint
 2021-01-05 14:44:46 +01:00
Alexandre Dulaunoy 2cb16e7be0
chg: [trustar_report] Updated to add "THREAT_ACTOR" 
Fixing #273
 2021-01-05 09:30:28 +01:00
Alexandre Dulaunoy d6d515d3d8
chg: [yara] disable correlations on some fields 2020-12-30 14:46:04 +01:00
Alexandre Dulaunoy 4d1c42e491
chg: [crypto-material] add a public field for public cryptographic materials 2020-12-30 14:21:37 +01:00
Alexandre Dulaunoy 3650498630
chg: [favicon] jq all the things 2020-12-27 16:21:09 +01:00
Alexandre Dulaunoy 179bd48bec
chg: [favicon] A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular web 
site or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation.
 2020-12-27 16:19:04 +01:00
Alexandre Dulaunoy b71e7c3458
chg: [twitter-post] jq 2020-12-20 10:52:40 +01:00
Alexandre Dulaunoy 8eae725e49
fix: [twitter-post] underscore - minus are difficult to choose from ;-) 2020-12-20 10:41:39 +01:00
Alexandre Dulaunoy ed1ceebdf4
chg: [jq] all the things 2020-12-20 10:37:14 +01:00
Alexandre Dulaunoy 85e37b360e
Merge pull request #302 from ater49/main 
Adding fields in twitter-post and paste
 2020-12-20 10:34:11 +01:00
Alexandre Dulaunoy 413a2618b6
Merge pull request #303 from seamustuohy/pymisp-pr/631 
Updated for support for msg format.
 2020-12-20 10:30:04 +01:00
seamus tuohy 7e65e5dfaf Updated for support for msg format. 
Adding first class support for Emails in .msg format to the email definition.
This includes making the  attribute support multiple bodies. Msg formats
nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html).
 2020-12-19 17:03:26 -05:00
ater49 a410c7c7a6 Typo and version number correction + adding a field in twitter-post 
Adding created-at field in twitter-post
 2020-12-14 23:01:12 +01:00
ater49 a47ba8c5b8 Add media in twitter-post in order to store attached medias in a tweet 
Add pastebin.fr in source of paste and paste_file for storing whole
paste file.
 2020-12-14 22:25:58 +01:00
Alexandre Dulaunoy f517d6691c
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-12-10 19:13:07 +01:00
Alexandre Dulaunoy 499392ca0a
chg: [domain-ip] hostname added as an attribute 2020-12-10 19:12:33 +01:00
Beaujeant a65aa06859 chg: can have mutliple text attributes 2020-11-25 16:17:54 +01:00
Alexandre Dulaunoy 9185d69d14
chg: [jq] all the [things] 2020-11-24 11:48:22 +01:00
Steve Clement 506116f0ac
chg: [json] sort 2020-11-24 14:58:19 +09:00
Steve Clement dd6ebe5385
new: [sh] Added process state 2020-11-24 14:55:47 +09:00
Steve Clement 4997dc575c
Merge remote-tracking branch 'upstream/main' into process 2020-11-24 14:45:04 +09:00
chrisr3d 0a3e94839c
add: [passive-dns] Added a raw_rdata object relation 2020-11-13 20:09:46 +01:00
chrisr3d 903935c1fe
chg: Using the actual attribute type for cpe and weakness instead of text 2020-10-22 22:11:50 +02:00
Alexandre Dulaunoy 27a554ab12
chg: [cpe-asset] updated 2020-10-16 12:31:44 +02:00
Alexandre Dulaunoy 89f4f6dbc1
new: [cpe-asset] an asset as defined with a CPE value 
This object was created to support the use-case of pisax.org for the
following use-case:

 - They define well-known assets which are used by IXPs and GRXs via
 their CPEs;
 - The assets are defined in a set of fixed/master MISP events;
 - Those events are used to query NVD/CVE database via cve-search
 (https://github.com/cve-search/cve-search) using a PyMISP script
 - Then the CVEs matching the CPE are added in MISP and dispatched to the
 sharing community of users as specific MISP events.

Ref: PISAX - pan-European Information Sharing and Analysis Center (ISAC) to IXPs and GRXs
Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf ((NIST Interagency Report 7695))
 2020-10-16 09:21:40 +02:00
Alexandre Dulaunoy 141a8d2e2f
chg: [vulnerability] fixed 2020-10-15 22:49:29 +02:00
Alexandre Dulaunoy 25c888cecb
chg: [vulnerability] vulnerable_configuration are now cpe type 2020-10-15 22:40:50 +02:00
Alexandre Dulaunoy 5c935172ea
chg: [file] because sorted is always better 2020-10-13 22:47:10 +02:00
Alexandre Dulaunoy 0196285c0f
chg: [file] imphash and telfhash added 2020-10-13 22:46:24 +02:00
Alexandre Dulaunoy 8ee7728e84
chg: [gitlab-user] because -r is important 2020-10-07 09:20:54 +02:00
Alexandre Dulaunoy b4d21455fd
new: [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template 2020-10-07 09:13:29 +02:00
Richard Hallick f6f419cadc Addition of Intel 471 vulnerability intelligence object 
Intel 471 object to contain structured vulnerability related data.
 2020-09-23 13:20:33 +01:00
Richard Hallick f116494ac9 Addition of intel471-vulnerability-intelligence object 
Intel 471 object to contain structured vulnerability related data.
 2020-09-23 13:02:02 +01:00
Alexandre Dulaunoy bd6aad0cd9
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-17 08:19:03 +02:00
Alexandre Dulaunoy 4828fea3b7
chg: [github-user] reflect the API fields 2020-09-17 07:24:30 +02:00
Raphaël Vinot e009365d61 chg: Sort json 2020-09-16 15:17:43 +02:00
Alexandre Dulaunoy 794f9e7c43
chg: [keybase] be consistent with keybase API 2020-09-16 14:49:08 +02:00
Alexandre Dulaunoy 9cc343781f
chg: [keybase-account] at least username is required 2020-09-16 14:45:37 +02:00
chrisr3d 054899d28b
fix: JSON Validation 2020-09-09 10:36:20 +02:00
chrisr3d 3fce227f39 Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-09 10:11:58 +02:00
chrisr3d cadaa5d8c9
fix: Disabling correlation for all the bgp-ranking object attributes 2020-09-09 10:09:07 +02:00
Alexandre Dulaunoy bb26860669
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-09-09 08:12:55 +02:00
Alexandre Dulaunoy ca7ed9b396
new: [github-user] a GitHub user object template 
Based on the information seen on the web interface.

TODO: Check the GitHub API and review the information available.
 2020-09-09 07:40:03 +02:00
Alexandre Dulaunoy 31586921b2
chg: [twitter-account] incorrect description fixed 2020-09-09 07:24:03 +02:00
chrisr3d 2671039cec
fix: JSON validation 2020-09-08 12:11:50 +02:00
chrisr3d 77fc1e0d97 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2020-09-08 11:53:41 +02:00
chrisr3d 33cf33dc24
add: Added an IP address family attribute to describe the address family concerned by the BGP ranking 2020-09-08 11:52:39 +02:00
Raphaël Vinot 6c98bf536f fix: Incorrect relationships in requiredoneof field 2020-09-08 11:17:57 +02:00
chrisr3d 0ba4909549
add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time 
- We can then associate as many bgp-ranking
  objects as we need to the corresponding  ASN
  object, each one of them being the ranking of
  the ASN for a given day
 2020-09-07 23:56:10 +02:00
chrisr3d e2f062e477
fix: Validation issue fixed 2020-09-03 14:21:06 +02:00
chrisr3d e743d7d013
fix: Normalised object relations of the ilr objects 
- Using dash as separator instead of space
 2020-09-03 14:14:01 +02:00
chrisr3d 2c64f6e04a
fix: Normalised object relations of the vehicle object 
- Using dash as separator instead of space
 2020-09-03 14:12:59 +02:00
chrisr3d 3a7eb020e6
fix: Normalised object relations of the phishing objects 
- Using dash as separator instead of space
 2020-09-03 14:12:05 +02:00
chrisr3d 73ced3e75c
fix: Normalised object relations of the ip-api-address object 
- Using dash as separator instead of space
 2020-09-03 14:10:02 +02:00
chrisr3d 7865f4110d
chg: Making source port attribute multiple in the ip-port object 2020-09-03 14:08:36 +02:00
Alexandre Dulaunoy 7fe39ca8f6
chg: [keybase] newline issue 2020-09-03 12:23:13 +02:00
Alexandre Dulaunoy 3d530764b5
chg: [keybase-account] meta category updated 2020-09-03 12:19:36 +02:00
Alexandre Dulaunoy bc59103f84
chg: [jq] all the things 2020-09-03 12:11:20 +02:00
Alexandre Dulaunoy 46b6f79cfd
chg: [keybase] description updated 2020-09-03 12:08:13 +02:00
Alexandre Dulaunoy ae3158e3fa
chg: [keybase] updated 2020-09-03 12:02:37 +02:00
Alexandre Dulaunoy 1d870bf238
chg: [restore] file 2020-09-03 12:01:26 +02:00
Pauline Bourmeau 2e5d994deb Revert "added description field in attributes" 
This reverts commit 3224f78d4f.
 2020-09-03 11:55:31 +02:00
Pauline Bourmeau 496f4bd030 jq-ed file 2020-09-03 11:05:21 +02:00
Pauline Bourmeau 3224f78d4f added description field in attributes 2020-09-03 11:00:38 +02:00
Pauline Bourmeau a3fd21d39d fixed comments 2020-09-03 10:02:30 +02:00
Pauline Bourmeau 5e7152714b first addition of keybase object 2020-09-03 09:41:12 +02:00
Alexandre Dulaunoy d35cd2d47f
chg: [jq] all the things 2020-08-28 16:45:47 +02:00
Pauline Bourmeau da3c168506
Update definition.json 2020-08-28 16:41:01 +02:00
Alexandre Dulaunoy 939a950d87
chg: [jq] all the things 2020-08-28 16:33:05 +02:00
Pauline Bourmeau 50288b806c
Update definition.json 2020-08-28 16:27:41 +02:00
Pauline Bourmeau d76f21d8b5
Update definition.json 2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy a168037d93
chg: [jq] all the things 2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy 894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main 2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy c487e73b86
chg: [jq] all the things 2020-08-28 16:08:39 +02:00
Pauline Bourmeau 794063dfe9
Update definition.json 2020-08-28 16:05:33 +02:00
Pauline Bourmeau 9fd1f78b5a
Update definition.json 2020-08-28 16:05:05 +02:00
Pauline Bourmeau b698ccb724
Update definition.json 2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy 6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type 
The vulnerability type is an official CVE number.

We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.

This commit fixes #234
 2020-08-28 11:23:10 +02:00
rmkml cd49fe8d97 add SHA3 Hash on definition.json 2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy 842d128ef3
chg: [misp-objects] newline newline newline is the evil 2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy dc70db0204
chg: [pe] multiple is true not 1 ;-) 2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy 0c863f194f
chg: [pe] richpe 2020-08-20 10:39:49 +02:00
Andras Iklody 4a671ca739
chg: [RichPE] added 2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy bfec61d8b0
chg: [file] jq 2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy 7fdfbd4110
UUID must be the same 2020-08-18 07:44:12 +02:00
rmkml 5bdc6c6592 add vhash (VirusTotal Hash) on definition.json 2020-08-17 17:35:58 +02:00
Emil Henry Flakk 097ea8c76c Add more rrtypes to dns-record 2020-08-15 14:57:53 +02:00
VVX7 7bbcf0ed78 chg: [dev] add Parler app objects 2020-07-05 22:03:16 -04:00
Marc Hörsken 58fb163312 chg: [cortex-taxonomy] sort attributes 
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:

`namespace:predicate="value"` with `level` as a meta information.
 2020-07-02 13:29:32 +02:00
Raphaël Vinot b7c2562a4f new: android-app object template 2020-06-21 21:45:46 +02:00
Jean-Louis Huynen c1b7b93526 add: [d4] authentication failure report object 2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy bffde5446e
Merge pull request #261 from VVX7/master 
chg: [dev] disable correlation on some attributes.
 2020-06-12 09:00:07 +02:00
VVX7 bbd5a2a94d chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image. 2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy 968a7a8212
Merge pull request #260 from VVX7/master 
chg: [dev] make Reddit attributes reflect Reddit API.
 2020-06-08 17:22:27 +02:00
VVX7 7577cbe59a chg: [dev] make Reddit attributes (mostly) reflect Reddit API. 2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy 75b71d6f3b
Merge pull request #258 from VVX7/master 
chg: [dev] add object properties from #254
 2020-06-02 19:00:35 +02:00
VVX7 53d2a18811 chg: [dev] run validate_all/jq 2020-06-02 11:11:43 -04:00
VVX7 56bd29d829 chg: [dev] make twitter object attributes more consistent with twitter api 2020-06-02 11:08:30 -04:00
Jesse Hedden 42d3dda12f fixed order 2020-06-01 16:36:58 -07:00
Jesse Hedden 8256c0ada9 extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored 2020-06-01 16:02:03 -07:00
VVX7 200ac19bad chg: [dev] add object properties from #257 2020-05-31 09:52:49 -04:00
VVX7 b9e235a4f4 chg: [dev] fix attribute type 2020-05-30 18:36:09 -04:00
VVX7 cf5687b50d new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. 2020-05-29 21:10:02 -04:00
VVX7 ed7a730a79 new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit 2020-05-29 16:34:00 -04:00
VVX7 c6da4c9e66 chg: [dev] add user avatar 2020-05-28 16:40:21 -04:00
VVX7 69467c133f new: [dev] add facebook-account 2020-05-28 16:32:20 -04:00
VVX7 5aeac12979 chg: [dev] change post-id attribute type to text 2020-05-28 15:48:18 -04:00
VVX7 ede33742aa chg: [dev] run rq 2020-05-28 15:32:43 -04:00
VVX7 ae95dd1834 new: [dev] add facebook-post object. 2020-05-28 15:31:50 -04:00
VVX7 5a9a0fe5ce new: [dev] add facebook-page object. 2020-05-28 15:29:01 -04:00
VVX7 66f96da3d9 new: [dev] add facebook-group object. 2020-05-28 15:25:04 -04:00
VVX7 2164d80337 chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions. 2020-05-28 15:19:27 -04:00
Raphaël Vinot 093850f6c3 new: Preliminary version of git-vuln-finder object template 2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy 9e73449ec7
chg: [sms] format fixed 2020-05-14 18:17:09 +02:00
Carlos Borges 546cd88918
Updating template version 2020-05-13 20:44:09 -03:00
Carlos Borges 02ea8d2afc
updating a missing comma 2020-05-13 20:43:37 -03:00
Carlos Borges e5ed919e26
Adding phone company of the sending SMS number 
While sharing some data using this object, we saw the need to add the phone company of the number sending the sms. 
With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies.
Using web services like Truecaller, it's possible to enrich an analysis with this data.
 2020-05-13 20:42:55 -03:00
Raphaël Vinot 26a9d6b51f new: Objects and relations for FollowTheMoney 2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy 366a8bb121
chg: [boleto] JSON fixed 2020-05-04 13:19:59 +02:00
Carlos Borges 68fe7eed05
New object - Boleto 
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code. 
This object will help institutions identify frauds sources and improve orgs protection.
 2020-05-03 00:02:40 -03:00
VVX7 bb600ce627 chg: [publication] modify requiredOneOf, contributor type to text attribute 2020-04-28 18:58:59 -04:00
VVX7 738f32e27b new: [publication] jq'd the object 2020-04-28 15:46:13 -04:00
VVX7 84633dbd32 new: [publication] add object to describe academic journals, books, etc. 2020-04-28 11:57:28 -04:00
Raphaël Vinot d9f1db590a chg: Sort all the entries in the templates by default 2020-04-26 02:13:18 +02:00
Raphaël Vinot 73d710cfbc fix: Align directory names with object name 2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy 3b5451c325
chg: [legal-entity] website and logo added for legal entity 
Thanks to Emmanuel MANCIET for the proposal
 2020-04-24 18:24:25 +02:00
VVX7 28b4b615ed chg: [object] add new microblog attributes, change some of the descriptions to make them clearer 2020-04-17 00:11:48 -04:00
VVX7 d50a9eeb13 new: [object] add scheduled-event, add social-media-group 2020-04-15 22:57:12 -04:00
VVX7 fae74bf73c Merge branch 'master' of https://github.com/misp/misp-objects 2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name 2020-04-15 09:39:32 +02:00
VVX7 efa53e812d chg: [object] update narrative required object fields 2020-04-10 01:39:05 -04:00
VVX7 1527dedb26 chg: [object] update narrative object fields 2020-04-08 09:45:49 -04:00
Christophe Vandeplas 87e3824d99
Merge pull request #244 from Golbark/x509_enhancements 
chg: [x509] using built-in types wherever possible
 2020-04-08 10:51:01 +02:00
Golbark 238c44041a chg: [x509] using built-in types wherever possible 2020-04-08 01:42:12 -07:00
VVX7 a7e9fd9697 chg: [object] disable correlation on some fields. add external references. 2020-03-28 19:23:28 -04:00
VVX7 2b3e89b614 chg: [object] add narrative description/summary 2020-03-28 19:17:25 -04:00
VVX7 0518dd1aa3 chg: [object] add narrative description/summary 2020-03-28 19:16:33 -04:00
VVX7 1198f8fe68 chg: [object] change narrative version 2020-03-27 15:46:31 -04:00
VVX7 e387009bdd new: [object] add narrative. 2020-03-27 15:10:22 -04:00
Raphaël Vinot b436f9f28b Merge branch 'master' of github.com:MISP/misp-objects 2020-03-24 13:24:40 +01:00
Raphaël Vinot 9eedb854de chg: Bump CSSE COVID-19 Daily report to new version 2020-03-24 13:24:31 +01:00
chrisr3d fdfe7d2e4c
add: External references attribute for attack-pattern object 2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy 7ef9a2ba56
Merge pull request #240 from cudeso/master 
Objects for data coming from the Cytomic Orion API
 2020-03-10 09:40:50 +01:00
Koen Van Impe 2c58470654 JQ-all-the-things 2020-03-09 23:29:29 +01:00
Koen Van Impe ecac7ea52a Update object definition with first-|last- seen 2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project) 2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy 65a51a586f
chg: [http-request] fixed 2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy 401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request 
Adding optional ip-src to http-request
 2020-03-09 16:25:14 +01:00
Koen Van Impe bffae90c3d Remove -x from JSON files 2020-03-07 09:28:43 +01:00
Koen Van Impe bbac01aa1b Fix with jq_all_the_things 2020-03-07 09:24:51 +01:00
Koen Van Impe 8bb88fceaf Objects for data coming from the Cytomic Orion API 2020-03-07 09:03:01 +01:00
frpet 5fdec81530 Update definition.json 
bump version
 2020-03-06 14:08:20 +01:00
cbboggs fa6fe463a9
Adding optional ip-src to http-request 
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src.   This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
 2020-03-05 12:24:14 -06:00
frpet 2c6c44ccf8 Use more explicit misp-attribute types 
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
 2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy 3d57ee4fd2
chg: [network-socket] add filename to object template 
Reported-by: Belgian Defence - Tancred
 2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy 1e5bb552f8
chg: [microblog] add Twitter-id reference 2020-03-04 14:08:10 +01:00
Raphaël Vinot b29a360c02 new: Add covid19 dxy live object 2020-03-02 00:12:24 +01:00
Raphaël Vinot 89db1fc34e Merge branch 'master' of github.com:MISP/misp-objects 2020-02-29 01:17:04 +01:00
Raphaël Vinot eabd0c1e55 new: CSSE COVID-19 Dataset - Daily report 
Source:
  https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
 2020-02-29 01:16:28 +01:00
Raphaël Vinot 416820edc0 new: [crypto-material] add generic-symmetric-key 2020-02-27 15:41:45 +01:00
Raphaël Vinot ef0c95bc9b Merge branch 'master' of github.com:MISP/misp-objects 2020-02-27 10:50:58 +01:00
Raphaël Vinot 6f5cd0d9d3 chg: [IntelMQ Event] replace non-ascii double quote by single quote 2020-02-27 10:50:47 +01:00
Raphaël Vinot 2f2315d4e2 fix: Typo in requiredOneOf 2020-02-26 14:52:06 +01:00
Raphaël Vinot d9226e0f5a fix: Typo in requiredOneOf 2020-02-26 14:49:59 +01:00
Alexandre Dulaunoy d110657604
chg: [vulnerability] remove underscore from the object 2020-02-25 10:53:17 +01:00
Alexandre Dulaunoy 8de8d85979
chg: [iot-device] reference added 2020-02-17 23:12:09 +01:00
Alexandre Dulaunoy 6ed76f4948
add: [iot-firmware] new object template to describe IoT firmware 
The relationship will be often between iot-device and iot-firmware.

Ref: https://github.com/C00kie-/workshop-materials
 2020-02-17 15:07:49 +01:00
Alexandre Dulaunoy 8fa25f4f47
chg: [file] imphash removed as it should be at PE level 2020-02-17 14:29:30 +01:00
Alexandre Dulaunoy 36ae20bf02
chg: [pe] imphash and impfuzzy can be as key attribute 2020-02-17 14:27:05 +01:00
Alexandre Dulaunoy 1d2bfe97ce
Merge pull request #233 from Terrtia/master 
chg: [domain-crawled] domain shouldn't be a multiple
 2020-02-17 10:51:35 +01:00
Terrtia 566612302f
chg: [domain-crawled] domain shouldn't be a multiple 2020-02-17 10:00:21 +01:00
Alexandre Dulaunoy 83073d8c65
chg: [iot] add SPI, Serial and JTAG status 2020-02-17 08:55:47 +01:00
Alexandre Dulaunoy cf30efabc6
chg: [iot] because reusing UUID is bad 2020-02-17 08:33:51 +01:00
Alexandre Dulaunoy 1d0065e852
new: [iot] a first version of the IoT object 
Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials

The idea is to have this root object when a new IoT device is documented
and further objects will be connected such as firmware or even file object
 2020-02-17 07:46:58 +01:00
Alexandre Dulaunoy 48bb38d67a
Merge pull request #232 from Terrtia/master 
domain-crawled object
 2020-02-16 21:04:16 +01:00
Terrtia 42df9d2e2f
chg: [crawled domain] rename object 2020-02-14 17:11:42 +01:00
Terrtia 5c46a3aad4
chg: add domain crawled object 2020-02-14 17:08:37 +01:00
Deborah Servili fdc24a8df8
update version 2020-02-13 12:30:08 +01:00
Deborah Servili 6380007b10
allow several subjects or sender for email objects 2020-02-13 12:28:47 +01:00
ater49 2738648e81 Adding some parts from HAR format description (http://www.softwareishard.com/blog/har-12-spec/) (More to come) 2020-02-10 14:59:35 +01:00
VVX7 1a40095f1a new: [objects] add instant-message object. add instant-message-group object. 2020-02-09 11:39:36 -05:00
Alexandre Dulaunoy 3ba77c9d2c
chg: [sms] the SMS center is a phone number 2020-02-06 12:06:26 +01:00
Alexandre Dulaunoy 371788589c
chg: [rtir] disable correlation on incident state 2020-02-06 11:55:27 +01:00
Alexandre Dulaunoy c32c7f4155
chg: [sms] missing Cellebrite fields added 2020-02-06 11:36:13 +01:00
Alexandre Dulaunoy 013c2c9c22
Merge branch 'master' of github.com:MISP/misp-objects 2020-02-06 11:04:53 +01:00
Alexandre Dulaunoy 3f9aca8e27
chg: [email] ip-src added in the email object templated as requested by Norberto Chavez 
Ref: https://twitter.com/NORBERTOCHAVEZ/status/1225213457429127170
 2020-02-06 11:03:33 +01:00
Raphaël Vinot 0c3aa14165 fix: attachment object relation does not exists. 2020-02-06 10:57:44 +01:00
Alexandre Dulaunoy 78fe4325b7
chg: [vehicule] image + type of vehicle added 2020-02-05 15:15:23 +01:00
Alexandre Dulaunoy ab6d7c3885
chg: [organization] typo fixed + description added 2020-02-05 15:06:37 +01:00
Alexandre Dulaunoy ccc0f4dd1f
chg: [phone] add brand and model 2020-02-05 15:04:10 +01:00
Andras Iklody 195fc46a13
fix: added iban as an alternative to bank account for the requirements 
- fixes https://github.com/MISP/MISP/issues/5358
 2020-02-04 11:46:24 +01:00
Alexandre Dulaunoy 5897fa7c37
Merge pull request #227 from Terrtia/master 
chg: [new object pgp-meta]
 2020-02-03 18:47:37 +01:00
Terrtia ae11730a82
fix: [new object pgp-meta] remove first seen/last seen + fix description 2020-02-03 16:45:28 +01:00
Terrtia b036b52e36
chg: [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature 2020-02-03 16:03:34 +01:00
VVX7 bde68265e3 chg: [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media. 2020-02-02 20:08:44 -05:00
VVX7 bc052e17f4 chg: [object field] add profile picture to user-account 2020-01-31 18:27:42 -05:00
VVX7 ed8e72bdb4 chg: [object field] enable multiple URL/link in microblog 2020-01-31 17:11:29 -05:00
VVX7 3bb42c766f chg: [object field] add title to microblog 2020-01-31 17:01:57 -05:00
VVX7 e4d217172e chg: [object field] add link for user-account page 2020-01-30 21:51:56 -05:00
VVX7 329d92162c chg: [object fields] add forged-document types, add microblog state 2020-01-30 21:31:06 -05:00
VVX7 4c4a3aabe5 new: [objects] news-agency, news-media 2020-01-30 19:57:39 -05:00
VVX7 8fa0166b24 chg: [microblog] allow multiple attachments per the enhancement request 2020-01-30 16:41:40 -05:00
VVX7 804e2116ce chg: [microblog] add attachment field for issue #186 2020-01-30 16:36:56 -05:00
VVX7 ce20ea05fe chg: [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description 2020-01-30 14:08:19 -05:00
VVX7 0b5c9bde29 chg: [blog] add title field to object 2020-01-29 21:55:26 -05:00
VVX7 acf22d496c chg: [meme-image] uuid and name duplicate 2020-01-28 22:08:45 -05:00
VVX7 79026cb1d6 Merge remote-tracking branch 'upstream/master' 2020-01-28 21:49:12 -05:00
VVX7 84909f1ff2 new: [objects] blog, forged-document, leaked-document, meme-image 2020-01-28 21:24:04 -05:00
Raphaël Vinot fb878a6901 fix: Wrong name in requiredOneOf 2020-01-28 10:47:18 +01:00
Alexandre Dulaunoy cdc463ef1a
chg: [domain-ip] port added (required by AIL crawling) 2020-01-24 15:46:06 +01:00
Raphaël Vinot e6659c7c7e new: TruStar report object 2020-01-24 12:58:28 +01:00
Alexandre Dulaunoy 1a3d6392f3
Merge pull request #219 from N1col4s5742/master 
Add vehicle state
 2020-01-24 11:23:28 +01:00
Nicolas e8583c5e13 change definition.json for vehicle and geolocation with verification sponge 2020-01-24 10:40:50 +01:00
Nicolas 6fd7dfc896 change definition.json for vehicle and geolocation 2020-01-24 10:30:22 +01:00
Nicolas 6cc3f4a51c change definition.json for vehicle 2020-01-24 10:25:32 +01:00
Raphaël Vinot fa63480391 fix: to_ids must be a bool 2020-01-16 13:46:53 +01:00
Andras Iklody 92ebb542c2
fix: [microblog] to_ids changes 2020-01-16 10:44:51 +01:00
Steve Clement 003391bab1
Merge remote-tracking branch 'upstream/master' into process 2020-01-14 09:47:45 +09:00
StefanKelm 1e096535ef
Update definition.json 
Add compilation timestamp (similar to pe object)
 2020-01-10 15:00:19 +01:00
Alexandre Dulaunoy ce80fb6384
chg: [microblog] disable correlation for the verified-username state 2019-12-27 11:27:53 +01:00
Alexandre Dulaunoy faf2b07599
chg: [annotation] 'full report' type added 2019-12-26 18:29:57 +01:00
N1col4s5742 c611736e35
Vehicle state 2019-12-20 14:20:08 +01:00
N1col4s5742 59027ddc6a
Bump version 2019-12-20 14:18:10 +01:00
N1col4s5742 5f1e6c5fec
Add vehicle state 2019-12-20 14:14:49 +01:00
Alexandre Dulaunoy bce1018325
Merge branch 'master' of github.com:MISP/misp-objects 2019-12-17 14:59:50 +01:00
Alexandre Dulaunoy e832f5ce64
chg: [organization] VAT - TAX-ID added in the template 2019-12-17 14:59:00 +01:00
Deborah Servili 33a7d6b574
Merge pull request #217 from Delta-Sierra/master 
add imphash in file object
 2019-12-10 12:26:08 +01:00
Deborah Servili c0877cfd7c
add imphash in file object 2019-12-10 12:19:29 +01:00
Alexandre Dulaunoy ab484998ff
chg: [microblog] add the ability to have non-malicious links 
Fix #215
 2019-12-06 14:59:12 +01:00