1713 Commits (d1653d97835eedeae47869c5113afa3d904a7571)

All Branches

Search

Author	SHA1	Message	Date
Vasileios Mavroeidis	2771e2681f	Update definition.json ... Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)	2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy	66a9b8eee7	chg: [doc] list of MISP object template updated	2022-08-03 11:48:05 +02:00
Alexandre Dulaunoy	9b9c838961	fix: [yara] add a reference link to the YARA object template	2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy	39df304924	Merge branch 'main' of github.com:MISP/misp-objects into main	2022-08-03 11:45:06 +02:00
Alexandre Dulaunoy	734d85337d	new: [sigma] a sigma attribute exists in MISP but the object was ... missing to add some additional meta information.	2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy	ec00217098	Best practices when creating MISP object templates	2022-07-28 18:50:16 +02:00
Alexandre Dulaunoy	50f61a03be	chg: [scheduled-task] disable_correlation + clarification	2022-07-08 15:03:27 +02:00
Delta-Sierra	73c2462448	Windows Scheduled Task Object - First draft	2022-07-07 15:17:34 +02:00
Alexandre Dulaunoy	58ef1729f2	Merge pull request #364 from matthijsvp/main ... New attack-step object.	2022-07-02 20:21:10 +01:00
matthijsvp	8e024f4863	chg: Fixed typo in disable_correlation	2022-07-01 16:59:03 +02:00
matthijsvp	896fb72735	Merge from master	2022-07-01 16:47:23 +02:00
Matthijs van P	29d7467de9	Merge branch 'MISP:main' into main	2022-07-01 16:43:49 +02:00
matthijsvp	593d80abd1	initial commit	2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy	db5033f385	fix: [ftm-*] Fixing missing description - #363	2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy	85dd164dbb	fix: [ftm] missing description fix #363	2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy	9b0a9cd9eb	chg: [ftm-Call] fixed missing description	2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy	91e1c8bdcd	chg: [query] add Kusto Query Language (KQL) ... Ref: https://twitter.com/castello_johnny/status/1540732973753847808	2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy	fd58bdd7b7	chg: [query] add missing SPL language (Splunk) format ... Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil	2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy	07b6883c93	new: [query] query object to describe search queries on SIEM and other tools ... MISP object template designed following requests and especially this twitter thread: https://twitter.com/castello_johnny/status/1540610057263628289 I added a list of sane default based on the ones I have seen being used: "sane_default": [ "event query language (eql)", "keyword query language (kql)", "Query DSL", "Query (Elastic Search)", "Sigma", "Lucene query", "Google search query", "Ariel Query Language (qradar)", "Grep", "Devo LINQ" ], Thanks to Gianni Castaldi and others for ideas. The object can be expanded and improved over the time and the needs to share new queries.	2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy	4badc17a84	chg: [doc] list of objects updated	2022-06-18 20:57:14 +02:00
Alexandre Dulaunoy	8fd41924dd	chg: [stock] newline fixed	2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy	7ea63899df	chg: [stock] UUID fixed	2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy	421f5f9ccc	new: [stock] a first version of a stock market object to describe stock in MISP	2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy	8215066c96	chg: [report] add Zotero item types in addition to the default type	2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy	b56d3a980b	Merge branch 'main' of github.com:MISP/misp-objects into main	2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy	cbfff75588	chg: [network-connection] add a counter following discussion with @chrisr3d	2022-06-17 10:05:09 +02:00
iglocska	b99a0e939d	chg: [domain-ip] added the multiple flag back to ports ... - as discussed with @righel, if we allow multiple IPs we should also allow multiple ports - we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses	2022-05-30 18:07:25 +02:00
Alexandre Dulaunoy	db9d79b093	Merge pull request #360 from goodlandsecurity/spearphishing-objects ... Spearphishing objects	2022-05-21 08:00:02 +02:00
Good Land Security	df5f9921df	Merge branch 'MISP:main' into spearphishing-objects	2022-05-20 20:20:10 -05:00
Alexandre Dulaunoy	52918bb373	Merge pull request #359 from matthijsvp/main ... Processed feedback for ransom-negotiation object.	2022-05-20 21:50:52 +02:00
goodlandsecurity	2b19a8099e	formatting after jq_all_the_things	2022-05-20 14:24:40 -05:00
goodlandsecurity	1c3aff42c5	added date for tracking when e-mail was sent	2022-05-20 14:20:37 -05:00
goodlandsecurity	c62a113fec	add new objects for spearphishing-link and spearphishing-attachment intel	2022-05-20 11:49:15 -05:00
matthijsvp	f04caaa2c1	Added fields	2022-05-20 15:53:29 +02:00
matthijsvp	bffed035df	Merge branch 'main' of github.com:matthijsvp/misp-objects	2022-05-20 15:50:37 +02:00
matthijsvp	dac6d57e79	Added some field from feedback	2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy	a922f29b46	Merge branch 'Vasileios-Mavroeidis-patch-1' into main	2022-05-18 22:01:41 +02:00
Alexandre Dulaunoy	ccd239bf64	chg: [security-playbook] jq all the things	2022-05-18 22:00:41 +02:00
Vasileios Mavroeidis	0c54a39d37	Update definition.json ... The PR updates the security playbook object with improved semantics based on feedback we have received. The updated template has "one-to-one" mapping with the available STIX 2.1 ad-hoc extension for the COA SDO available here: https://github.com/fovea-research/stix2.1-coa-playbook-extension This research (updated version 3) was partially supported by the research projects CyberHunt (Grant No. 303585 - funded by the Research Council of Norway) and JCOP (Grant No. INEA/CEF/ICT/A2020/2373266 - funded by the European Health and Digital Executive Agency through the Connected Europe Facility program).	2022-05-18 13:56:59 +02:00
Alexandre Dulaunoy	7c7d1fbe98	chg: [paloalto-threat-event] Hungary access to the git repository has been sanctioned	2022-05-11 15:38:24 +02:00
Andras Iklody	a5184c6746	chg: [paloalto-threat-event] version bump ... For instances that ingested it before the disable_correlation changes, they didn't take and ended up pushing a lot of correlating noise. This should resolve it for the future.	2022-05-11 13:16:36 +02:00
Alexandre Dulaunoy	4125494c84	Merge pull request #355 from matthijsvp/main ... New object template: Ransom negotations	2022-05-07 09:15:41 +02:00
matthijsvp	b8456cf80b	Ran validation	2022-05-07 08:00:38 +02:00
Matthijs van P	9e378c705f	Merge branch 'MISP:main' into main	2022-05-07 07:56:36 +02:00
Matthijs van P	109f78336b	Changed version to int.	2022-05-07 06:47:40 +02:00
Christian Studer	f762d5b2a4	add: [passive-ssh] Added `port` attribute	2022-05-06 17:01:13 +02:00
matthijsvp	3f90f65508	Fixed spelling mistakes	2022-05-06 14:09:50 +02:00
matthijsvp	bb686f24d4	Removed required field	2022-05-06 13:50:34 +02:00
matthijsvp	d04d453f47	Added sane defaults to all booleans	2022-05-06 13:48:12 +02:00
matthijsvp	dcf34a680f	bumped version number, fixed stray typo	2022-05-06 13:38:11 +02:00