MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
1,281 Commits
6 Branches
43 Tags
11 MiB
Commit Graph

891 Commits (df58f2b29fe421907b78dacf3a1e25880e68cada)

Author SHA1 Message Date
Alexandre Dulaunoy edf8b59af7
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm 
As mentioned in #84
 2019-10-05 10:05:26 +02:00
Raphaël Vinot 2cd5329b00 fix: duplicate in coin-address 2019-10-01 13:21:28 -07:00
Alexandre Dulaunoy 49e6c989d5
chg: [coin-address] DASH cryptocurrency address added 2019-10-01 20:17:44 +02:00
Alexandre Dulaunoy ffc120106c
Update definition.json 
Following discussion during MISP training - new language seen in a malware campaign.
 2019-09-25 12:15:04 +02:00
Deborah Servili 6622083a2b
rename object misc to organization + update version 2019-09-23 12:57:09 +02:00
Deborah Servili d116b7e4b2
Update version of paste object 2019-09-23 09:54:41 +02:00
Alexandre Dulaunoy 4ab14e785a
chg: [translation] double entry fixed in requiredOneOf 
Signed-off by:  By de leaduh of JavaScript and decayin' indicatawhs
 2019-09-20 09:05:49 +02:00
Alexandre Dulaunoy 52e8f9e98b
chg: [translation] list of sane default for the languages + type of translation 2019-09-20 07:30:30 +02:00
Deborah Servili 4081dc8f8f
jq 2019-09-19 16:26:41 +02:00
Deborah Servili 2721d103e5
add translation object 2019-09-19 16:14:48 +02:00
Deborah Servili a210cb0490
add hashtag attribute in microblog object 2019-09-19 13:33:45 +02:00
Deborah Servili 85f9aee365 Merge https://github.com/MISP/misp-objects 2019-09-17 15:00:51 +02:00
Deborah Servili ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post 2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy a7157678af
Merge pull request #204 from saadkadhi/patch-1 
Better wording
 2019-09-12 11:12:36 +02:00
Saad Kadhi 0f76563ffc
Better wording 2019-09-11 22:02:48 +02:00
Saad Kadhi a98631d533
Better wording 2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy 0910f0b15f
chg: [credential] adding disable correlation when required 2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy 951abf10fe
chg: [new object templates] various updates 2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master 2019-09-11 08:52:20 +02:00
Deborah Servili b9d16a38ad
draft command object 2019-09-10 16:15:40 +02:00
Deborah Servili 0d40f64815
add impersonation object 2019-09-09 16:36:16 +02:00
Christophe Vandeplas a347aa78fe fix: [virustotal] corrected typo in category 2019-08-08 14:01:09 +02:00
Christophe Vandeplas 7c3ee740fa fix: [timesketch] fix incorrect attribute type 2019-08-08 12:11:13 +02:00
Pierre-Jean Grenier 006e792829
fix: [process] change undefined attributes 
misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly
 2019-08-06 10:39:43 +02:00
Pierre-Jean Grenier fc182be371
Change undefined category to "External analysis" 2019-08-02 14:37:08 +02:00
chrisr3d 29febb2de0
fix: JQed all the things 2019-08-01 15:50:29 +02:00
chrisr3d ad83a3a56f
new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE 
- The attack-pattern object is using a new
  attribute type called weakness to describe CWE
  id, which will link to its own information as
  described in https://cve.circl.lu
 2019-08-01 14:34:30 +02:00
Raphaël Vinot e5cd4c761a chg: Rename category environment -> climate 2019-07-24 09:31:15 +02:00
Raphaël Vinot 5650664665 new: Objects for Scripps CO2 2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object 
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
 2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy fbeb34ccb7
Merge pull request #193 from kx499/master 
Adds employee object, dns-record object, and shodan object
 2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy 17f1b75973
chg: [network-connection] community-id added 2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy d504979f10
chg: [netflow] attribute community-id added in netflow object template 
Ref: https://github.com/corelight/community-id-spec

Ref: 020e67c154
 2019-07-13 10:02:15 +02:00
Steve Clement e67b937f73
chg: [process] revert back to single char in light of the new process-attribute 2019-07-13 12:28:31 +09:00
Steve Clement eaf0301fe3
chg: [process] Added sane defaults. 2019-07-12 16:04:38 +09:00
Steve Clement c1a5a52155
chg: [process] Updated process object 2019-07-12 14:33:51 +09:00
Alexandre Dulaunoy 919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects 2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field 
As requested in https://github.com/MISP/MISP/issues/4858
 2019-07-11 22:59:05 +02:00
Sascha Rommelfangen fd15381cc2
disable correlation on the text field 2019-07-11 16:01:06 +02:00
Sascha Rommelfangen e26a2b6d81
transaction number must be multiple (and text) 2019-07-11 15:51:07 +02:00
Sascha Rommelfangen 1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5 
fixed issue with requirements
 2019-07-11 15:24:50 +02:00
Sascha Rommelfangen 07987dc1dd
bumped version 2019-07-11 15:19:37 +02:00
Sascha Rommelfangen aab46e38ea
bumped version 2019-07-11 15:18:55 +02:00
Sascha Rommelfangen 139c190c6a
fixed issue with requirements 2019-07-11 14:56:38 +02:00
Sascha Rommelfangen 78e6b95465
missing parts for balance corrected 2019-07-11 14:34:44 +02:00
Sascha Rommelfangen 873b5cc5a1
removed unneeded characters 2019-07-10 16:35:07 +02:00
Sascha Rommelfangen 2ad020bf15 Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540' 2019-07-10 15:34:35 +02:00
Sascha Rommelfangen ad1300767f add: btc wallet and transaction object templates 2019-07-10 15:15:16 +02:00
kx1499 c8f6c97da0 Merge remote-tracking branch 'upstream/master' 2019-07-09 22:13:31 -04:00
chrisr3d 0caf4a9edc
chg: Added user-id attribute as one of the required ones 2019-07-09 17:05:48 +02:00
chrisr3d ddff56f52c
fix: TYPO 2019-07-08 11:38:11 +02:00
chrisr3d b96e7ed8be
new: New object describing user accounts 2019-07-08 11:18:21 +02:00
chrisr3d d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes 2019-07-05 16:11:31 +02:00
chrisr3d bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee 
- Users can then choose between "ip" when they do
  not know whever it is a source or destination IP
  address, or "ip-src" & "ip-dst" to have more
  clarity about the IP address
 2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools 
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
 2019-07-02 10:19:54 +02:00
ater49 e2f12cebd6 Adding IIN and bank_name 2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy 41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns 
Thanks to CERT.br for the contribution
 2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy e7bb12af7d
chg: [shell-commands] fix typo in object name 2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy 48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands. 2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy a1b2db8fd1
chg: [script] requiredOneOf for script or filename 
Malicious scripts can be received without having a filename.
 2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized 
keys (and do correlation for fun-and-profit(tm))
 2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy d922d3eaa5
chg: [person] Gender unknown added 
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.

topic:enforce
 2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious 
or just OSINT.
 2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy 230122493c
chg: [authenticode-signerinfo] first version 2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy 8f951e8450
chg: [jq] jq all the things(tm) 2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy cce77727d6
chg: [x509] improve X.509 certificate description to match required ones 
from LIEF (as discussed in #180).
 2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy 79ab435903
Merge pull request #181 from ater49/master 
Adding registration-date in domain-ip
 2019-05-04 09:35:11 +02:00
ater49 a2bec8571b Correcting "_" to "-" in fields name 2019-05-03 22:12:08 +02:00
ater49 424900b02d Adding registration-date to domain-ip 2019-05-03 22:08:44 +02:00
Raphaël Vinot f2e8195d50 new: Add offset, virtual_address and virtual_size to the pe section object 
Related to https://github.com/MISP/PyMISP/issues/388
 2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy e76e492894
chg: [regripper] version updated 2019-05-01 21:32:14 +02:00
mday 71b4e71ab1 update the misp-attribute to specify a valid value instead of an empty string 2019-05-01 14:11:30 -05:00
mday baae683771 update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy 0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s) 2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy 1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels 2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy b656cc532d
chg: [device] name of an object must be lowercase 2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy 3dcb1725ae
chg: [phishing-kit] small typo fixed in the description 2019-04-21 15:52:57 +02:00
Raphaël Vinot a6ed6df86a Merge branch 'master' of github.com:MISP/misp-objects 2019-04-18 11:15:56 +02:00
Raphaël Vinot 371ffe77fb chg: Allow to create a file object with a non-malicious file. 
Fix #175 #176
 2019-04-18 11:14:22 +02:00
Andras Iklody 92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device 
Haxpak/update device
 2019-04-16 07:43:01 +02:00
Andras Iklody ed271a3b7d
Merge pull request #173 from haxpak/master 
added option "Further Analysis Required" to attribute stage of object course-of-action
 2019-04-16 07:42:32 +02:00
haxpak 4066da31e4 changed device type drop down from category to sane_default 2019-04-16 08:31:43 +05:30
haxpak 89b8e10fbe added option "Further Analysis Required" to attribute stage 2019-04-15 17:41:39 +05:30
Andras Iklody a8e89e3eaa
Merge branch 'master' into haxpak/#24 2019-04-15 10:52:48 +02:00
haxpak 9f4e7737a1 added attribute DNS name to device object 
changed MAC address misp attribute to mac-address
 2019-04-15 10:33:08 +05:30
haxpak 3cef676f34 added OS, version, dns-name attribute to device 
changed misp-attribute of mac-address from text to mac-address
 2019-04-15 10:29:09 +05:30
haxpak 836bd04a75 meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category 2019-04-14 11:32:55 +05:30
haxpak 2053c17fa4 corrected typo 2019-04-14 11:27:29 +05:30
haxpak 4f1745a095 added meta category organization 2019-04-14 11:26:12 +05:30
haxpak b24336499a modified: objects/device/definition.json 
modified:   objects/phishing-kit/definition.json
 2019-04-14 11:04:57 +05:30
haxpak bb9ff86b2f added MAC address to device 
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
 2019-04-14 10:53:57 +05:30
haxpak 9f3fb14ed5 changed organization meta category to misc 2019-04-13 14:57:55 +05:30
haxpak 6917beee5f reverted device to misc category 2019-04-13 14:02:26 +05:30
haxpak 63fff149f0 added requiredOneOf to device definition 2019-04-13 13:49:16 +05:30
haxpak df91c999e6 fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
haxpak 23ab735119 - added : attachment attribute to annotation 
- added : new object type device
 2019-04-13 13:32:56 +05:30
haxpak 161f72678a modified : person object "changed UI priority of the attributes" 
modified : report object "added attachment to report"
 2019-04-13 12:05:51 +05:30
haxpak 71419a999a new-object : Organization "Defines an organization" 2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy c5532621b6
chg: [ip-port] ip-src added to fix #149 2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy 006aa1d1a2
chg: [script] filename added to fix #149 2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy 4793bf33ae
chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1 
Username is often utilised alongside a credential
 2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy 302182e594
Merge pull request #159 from geekscrapy/patch-1 
Added current-directory to required field
 2019-04-02 19:55:03 +02:00
molley a50986361f
Username is often utilised alongside a credential 
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
 2019-04-02 18:26:00 +01:00
molley 490d760a4b
Added current-directory to required field 
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
 2019-04-02 17:41:07 +01:00
molley a85178255c
Added issuer as one of the required fields 
This is often a field used on it's own to identify a malicious cert
 2019-04-02 17:28:49 +01:00
Raphaël Vinot 0c6b7b4302 chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy 047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI) 2019-03-15 14:36:12 +01:00
kx1499 e61344c981 Merge remote-tracking branch 'upstream/master' 2019-03-14 21:42:12 -04:00
Deborah Servili 55f5716b5d
remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
Deborah Servili 96751b2af7
remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
Deborah Servili 41dd469869
add ilr-notification-incident object 2019-02-26 15:51:20 +01:00
Deborah Servili bd9970b1c9
fix lr-impact attributes names 2019-02-26 14:26:29 +01:00
Deborah Servili bc05eca2b6
disable correlations on ilr-impact attributes 2019-02-26 14:05:01 +01:00
Deborah Servili ec2851d4eb
add ilr-impact object 2019-02-26 13:57:31 +01:00
Sascha Rommelfangen 45f6aec0f5
corrected order 2019-02-25 09:29:15 +01:00
marcnil815 03870031db
jq'ed definition.json 2019-02-21 19:36:07 +01:00
marcnil815 e26e54b54a
Create splunk object definition.json 
Adding misp-object for basic splunk search/correlation search values.
 2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy b0f07156ae
Merge pull request #147 from Delta-Sierra/master 
Person object - Add a (or several) role to a person
 2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy 18042c0749
chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
Deborah Servili 0173504050
Person object - Add a (several) role to a person 2019-02-15 09:46:29 +01:00
Alexandre Dulaunoy 08798f1262
chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
Alexandre Dulaunoy 8a4f2c96b8
chg: [file] preferred charset used by the file (if decoded from mime-type parsing) 2019-02-14 14:16:01 +01:00
Alexandre Dulaunoy f9bb8bfa9b
chg: [phishing] removed the IDS flag on the email used for takedown - and change attribute type 2019-02-11 06:45:18 +01:00
Sascha Rommelfangen f09a392d49
added hostname attribute to the phishing object 2019-02-07 14:58:40 +01:00
Alexandre Dulaunoy 75ae30f44d
Merge pull request #143 from rommelfs/master 
added values valuable to operators
 2019-02-02 09:27:38 +01:00
Alexandre Dulaunoy 36dc6efab3
chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
Sascha Rommelfangen 732476d7ca
added values valuable to operators 2019-02-01 09:37:31 +01:00
Alexandre Dulaunoy f5c7530e0b
chg: [anonymisation] algo list fixed 2019-01-31 23:01:08 +01:00
Andras Iklody 86a116770b
Update definition.json 2019-01-31 22:57:49 +01:00
Alexandre Dulaunoy b141dce581
add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. 2019-01-31 22:41:23 +01:00
Deborah Servili db6297131f Merge https://github.com/MISP/misp-objects 2019-01-28 15:44:31 +01:00
Deborah Servili 0f6f7de384
fix required field for interpol notice 2019-01-28 15:40:07 +01:00
Deborah Servili 1533703894
add interpol notice object 2019-01-28 15:26:49 +01:00
Alexandre Dulaunoy beb0ec8bb7
chg: [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet) 
- I sense a new stackoverflow survey category

Signed-off: 5c45721d-de08-4fff-b9b0-168a02de0b81
 2019-01-24 13:36:09 +01:00
kx1499 a5ca2e1189 Merge remote-tracking branch 'upstream/master' 2019-01-15 21:19:19 -05:00
Alexandre Dulaunoy b25388c406
Merge pull request #139 from Delta-Sierra/master 
Person object - add alias as a requiredOneof attribute
 2019-01-11 20:31:03 +01:00
chrisr3d b94abc9182 Merge branch 'master' of github.com:MISP/misp-objects 2019-01-11 16:51:18 +01:00
chrisr3d cf8c50b72e
fix: Disabled correlation for original imported samples 2019-01-11 16:50:29 +01:00
Deborah Servili d6299e6542
update person object version 2019-01-11 15:03:11 +01:00
Deborah Servili b0d8e91f0f
add alias as a requiredOneof attribute 2019-01-11 15:02:06 +01:00
Christophe Vandeplas ae32e23fbf chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00
Stefan Kelm d98cfd6d16 New object: Information related to known scanning activity (e.g. from research projects) 2019-01-02 16:19:08 +01:00
eCrimeLabs 68ca8b0a92 Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version 2018-12-30 12:31:17 +01:00
Alexandre Dulaunoy 9b84576442
add: [facial-composite] new facial composite object 2018-12-21 20:41:45 +01:00
Alexandre Dulaunoy 5a9800ab6a
chg: [person] portrait added #133 2018-12-21 20:28:24 +01:00
Deborah Servili 7dfa69a743
Object Victim - Extended requiredOneof 2018-12-21 12:27:11 +01:00
Alexandre Dulaunoy 11a462e79b
chg: [person] OFAC fields - Office of Foreign Assets Control 2018-12-04 15:39:51 +01:00
Alexandre Dulaunoy 6cc29aad3d
chg: [microblog] a small clarification about the username to avoid the @ 2018-11-26 22:21:51 +01:00
Alexander J e44dd16b18
new misp object for a timesketch message 
to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
 2018-11-23 15:40:57 +01:00
Alexandre Dulaunoy 7808850ce2
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with 
relationships from this object
 2018-11-18 10:29:42 +01:00
Alexandre Dulaunoy 39dd150e2a
add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF) 2018-11-18 10:28:18 +01:00
Alexandre Dulaunoy 3ec98a8a65
chg: [cortex-taxonomy] aka mini-report 2018-11-18 10:11:25 +01:00
Alexandre Dulaunoy 0f1f23fbb5
fix: [cortex-taxonomy] jq all the things(tm) 2018-11-09 14:21:10 +01:00
Hendrik d61a1f3390 Added cortex taxonomy object definition 2018-11-09 12:37:34 +01:00
Alexandre Dulaunoy 78bfd806e7
Merge pull request #127 from thomaspatzke/process-extension 
Extension of process object
 2018-11-02 08:56:14 +01:00
Thomas Patzke e12f15d5da Fixed misp-attribute in link attribute of paste object 2018-11-02 00:40:55 +01:00
Thomas Patzke d41b642bc4 Extension of process object 2018-11-02 00:35:28 +01:00
Steve Clement e132ea8e03 fix: [definition] Fixed current balance type, is float. 2018-10-30 22:58:54 +09:00
Steve Clement 6560a53b80 chg: [definition] Extended crypto coin object to be able to enrich with interesting data 2018-10-30 21:30:09 +09:00
Alexandre Dulaunoy a4207d1f36
chg: [mactime-timeline-analysis] disable some correlations 2018-10-29 20:43:36 +01:00
Alexandre Dulaunoy ccab94e1b7
chg: [ip-api-adress] updated to ensure correlation disabled 2018-10-28 15:07:35 +01:00
Raphaël Vinot decd49b6fc fix: JQ things 2018-10-25 17:45:47 -04:00
Raphaël Vinot e3d5d636e4 chg: Add type of internal reference 2018-10-25 15:47:04 -04:00
Raphaël Vinot 1a0d055caa new: Internal reference object 2018-10-25 13:47:20 -04:00
Alexandre Dulaunoy 2f1ed1ee0c
chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
Alexandre Dulaunoy 5e952a4bf7
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
Alexandre Dulaunoy 38a3718693
typo fixed 2018-10-25 17:42:57 +02:00
Alexandre Dulaunoy 7a70a1ece3
fix: various typos 2018-10-25 17:38:26 +02:00
Alexandre Dulaunoy 26fcbcd3bf
fix typo 2018-10-25 17:35:50 +02:00
Alexandre Dulaunoy 172b5551ba
Merge branch 'master' of github.com:MISP/misp-objects 2018-10-25 17:32:47 +02:00
Alexandre Dulaunoy b93ad7969f
fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
Alexandre Dulaunoy 38a006b05b
Merge branch 'master' of https://github.com/Aks6193/misp-objects 2018-10-25 17:30:30 +02:00
aksha bb119724ba fix: Changed TSK object names to lower case 2018-10-25 13:21:08 +01:00
aksha 1cedea6506 Chg: Jq'ed all the objects 2018-10-25 12:39:48 +01:00
Alexandre Dulaunoy 15539c5e25
Merge pull request #123 from neok0/sandbox-file-attribute 
added sandbox-file type as attribute for storing e.g. sandbox results…
 2018-10-24 14:39:25 +02:00
Alexandre Dulaunoy 7bffd599ab
Merge pull request #122 from neok0/master 
enable multiple summary attribute in report object
 2018-10-24 14:37:33 +02:00
Tobias Mainka 8b861df876 fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00
Tobias Mainka 675b60703b added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00
Alexandre Dulaunoy a2ce46ecad
chg: [pcap-metadata] linktype added in the sane default 2018-10-24 07:35:31 +02:00
Alexandre Dulaunoy 3bf8c938aa
fix the required part of the url 2018-10-23 20:03:58 +02:00
Alexandre Dulaunoy 1a1972003d
add: [pcap-metadata] new object template for pcap file metadata (WiP) 2018-10-23 16:35:08 +02:00
Alexandre Dulaunoy ae103f6080
chg: [person] add attributes to whois-related information which can be associated to a person 2018-10-23 08:43:35 +02:00
Tobias Mainka 332cf5475c enable multiple summary attribute in report object 2018-10-22 14:55:27 +02:00
aksha 478dc899f2 Add: Web artefacts objects 2018-10-22 09:35:21 +01:00
chrisr3d de3acf865d
fix: Disabled correlation of imported files format attribute 2018-10-22 10:13:48 +02:00
aksha 711abb094a Add: python-etvx object 2018-10-15 11:08:09 +01:00
chrisr3d 141a0c8d41
fix: JQed ip-api-address template 2018-10-11 09:14:08 +02:00
chrisr3d 8137a58f48 fix: Fixed ip-api-address object template filename 2018-10-11 07:11:28 +02:00
Alexandre Dulaunoy 09495c3f2a
chg: [network-connection] disable correlation 2018-10-06 20:27:51 +02:00
Alexandre Dulaunoy 6ea337654a
Merge branch 'master' of github.com:MISP/misp-objects 2018-10-06 09:35:58 +02:00
Alexandre Dulaunoy 9735995ba1
chg: [process] disable correlation where it's not required 2018-10-06 07:42:34 +02:00
DigitalLeukocyte afb1d28b2b
Added ip-api-address object 
Object useful for IP data from http://ip-api.com.
 2018-10-04 13:45:22 -07:00
DigitalLeukocyte 237b5a364b
Delete IP_API_IP_Address.json 2018-10-04 13:42:07 -07:00
DigitalLeukocyte c39ff94f41
Deleted IP_API single file 2018-10-04 13:15:55 -07:00
DigitalLeukocyte 04aea7b596
Uploaded IP_API Object in folder 2018-10-04 13:14:42 -07:00
DigitalLeukocyte 59b1dda754
Updated to match more of ip-api.com 2018-10-04 12:41:52 -07:00
DigitalLeukocyte ec75268f5c
Created for data from ip-api.com 2018-10-02 13:02:49 -07:00
DigitalLeukocyte 60f559f6da
Create IP_API.JSON 2018-10-02 13:01:29 -07:00
aksha f8226fc200 Fix: Regripper object templates fixed 2018-10-02 10:14:19 +01:00
aksha 44d92e95be Add: Regripper objects (System + Software Hive) 2018-10-01 12:18:55 +01:00
aksha 58f39ff62d Add: regripper objects for system hive 2018-09-30 21:35:38 +01:00
Alexandre Dulaunoy 25e9f5d51a
chg: [phishing] new template object (first draft) based on the phishtank format 2018-09-28 15:14:51 +02:00
aksha 58ab539825 Fix: NTUser template 2018-09-28 12:15:21 +01:00
aksha 98459432a2 Add: Regripper 3 object templates including SAM hive and NTUSer.dat. 2018-09-28 12:13:31 +01:00
Alexandre Dulaunoy 5acaa3498f
chg: jq all the things ;-) 2018-09-27 13:19:33 +02:00
Alexandre Dulaunoy 96f234884a
Merge branch 'master' of https://github.com/Aks6193/misp-objects into Aks6193-master 2018-09-27 13:19:04 +02:00
aksha 10acf6289e add: Misp object for Mactime-timeline-analysis 2018-09-27 11:46:32 +01:00
Alexandre Dulaunoy 01ea4c3097
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded 
ref: fix https://github.com/MISP/MISP/issues/3679
 2018-09-21 07:11:38 +02:00
Alexandre Dulaunoy 4d6e0d7580
chg: [file] fullpath can be part of a single file object 2018-09-16 17:13:30 +02:00
Stefan Kelm 00184b6fc0 bgp-hijack 2018-09-13 14:13:33 +02:00
Stefan Kelm 8b5b5df77c bgp-hijack 2018-09-13 14:05:45 +02:00
Alexandre Dulaunoy 243396a34d
chg: [ail] version of the template updated 2018-09-12 22:11:46 +02:00
Terrtia 76b3086356
fix: [ail-leak] disable correlation 2018-09-12 16:49:28 +02:00
Alexandre Dulaunoy bb2b8d810f
chg: [tracking-id] add the tracker origin such as the vendor or software 2018-09-09 12:39:22 +02:00
Alexandre Dulaunoy 37a4a93326
chg: [original-import-file] list of "sane" default format. 2018-09-09 12:34:06 +02:00
Alexandre Dulaunoy 755dbe5837
Merge branch 'master' of github.com:MISP/misp-objects 2018-09-09 12:30:26 +02:00
Alexandre Dulaunoy c8ecf75fdc
new: [tracking-id] Analytics and tracking ID such as used in Google Analytics or other analytic platform. 2018-09-09 12:29:58 +02:00
chrisr3d 5f74fe8fa8 Merge branch 'master' of github.com:MISP/misp-objects into chrisr3d_patch 2018-09-07 11:33:45 +02:00
chrisr3d 344b8f002e
fix: Changed 'type' attribute that is more relevant as being called 'format' 2018-09-07 11:32:47 +02:00
Alexandre Dulaunoy 767b461429
chg: [file] following some CyBOX import adding a fullpath field which includes filename and path request 2018-09-07 11:26:37 +02:00
kx1499 46c244ad08 Merge branch 'master' of https://github.com/kx499/misp-objects 2018-09-06 13:20:52 -04:00
kx1499 4ffac9da5e updated disabling correlation for userid 2018-09-06 13:20:20 -04:00
chrisr3d 1a02c6879e
chg: Deleted filename attribute since it is already contained in attachment 2018-09-06 14:54:39 +02:00
chrisr3d 0890420856
new: New Object describing original files usedd to import data in MISP 2018-09-06 11:20:26 +02:00
Alexandre Dulaunoy 38071f4bd9
chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields 2018-09-04 20:48:51 +02:00
Alexandre Dulaunoy 3a81765d8f
jq all the things (tm) 2018-09-04 20:40:16 +02:00
aksha d2550dffb6 update: Forensic-evidence object 2018-09-04 14:18:30 +01:00
aksha 4e66e692d4 fixed intendation 2018-09-04 12:46:00 +01:00
aksha 7ee2ff1901 Add: Object template for digital evidence 2018-09-04 12:31:13 +01:00
Aks6193 d92e482a96
Merge pull request #1 from MISP/master 
chg: [forensic-case] object added based on the original one from @Aks…
 2018-09-03 20:01:41 +01:00
Alexandre Dulaunoy 0c98a925f3
chg: [forensic-case] object added based on the original one from @Aks6193 
The idea is to separate the evidences from the case itself as you can
have multiple acquisitions for a specific case. Another object template
is required such as [forensic-evidence] to be able to link between the
forensic-case object and one or more evidences.
 2018-09-03 13:54:59 +02:00
aksha b83e98bbd4 Add: Misp object for Digital Forensic - Case metadata 2018-09-03 11:28:40 +01:00
Alexandre Dulaunoy e90b1ce457
chg: [ja3] categories removed (default attributes categories will be used) 
Fix MISP/MISP/issues/3593
 2018-08-28 14:30:29 +02:00
Alexandre Dulaunoy ab58f01666
chg: [geolocation] disable correlation on specific attributes 2018-08-15 18:34:35 +02:00
Alexandre Dulaunoy 487ff53afe
fix: [geolocation] to include accuracy-radius as described by maxmind geoip2 API 2018-08-15 18:26:10 +02:00
Alexandre Dulaunoy 0b164141af
chg: [vehicle] Vehicle object template to describe a vehicle information and registration 2018-08-04 15:39:38 +02:00
Deborah Servili 60010ce556
fix file object version 2018-07-27 15:19:15 +02:00
Deborah Servili 4e23159cb0
fix RequiredOneOf list in fle object 2018-07-27 15:15:47 +02:00
Deborah Servili c1f5e7342b
url is not a field of email object, then not one of the requiredOneOf 2018-07-26 15:49:44 +02:00
Alexandre Dulaunoy 3aa3247b09
chg: [paste object] add a link attribute when the paste reference is not malicious 2018-07-26 14:06:39 +02:00
Alexandre Dulaunoy 51d8e83b1f
Merge branch 'master' of github.com:MISP/misp-objects 2018-07-20 10:18:33 +02:00
Alexandre Dulaunoy 9a72b53923
chg: allow multiple domains too fix #108 2018-07-20 10:12:09 +02:00
Andras Iklody 5af0d31c49
Allow multiple "pattern-in-file" in file object, fixes #109 2018-07-20 07:03:22 +02:00
kx1499 bf64122d32 Merge remote-tracking branch 'upstream/master' 2018-07-18 15:57:56 -04:00
Alexandre Dulaunoy 6bfa279701
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added 2018-07-18 09:52:31 +02:00
Raphaël Vinot 0244bce6ef new: threatgrid-report object template 2018-07-16 13:48:56 +02:00
Alexandre Dulaunoy 9918cc393d
chg: [coin-address] ETN symbol added 2018-07-13 17:07:35 +02:00
Alexandre Dulaunoy 88819d6fa3
chg: [exploit-poc] a same context can contains multiple PoC samples 2018-07-10 09:32:12 +02:00
Alexandre Dulaunoy 021b06bacd
new: exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. 2018-07-10 07:41:09 +02:00
Alexandre Dulaunoy 856cec8d09
chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00
Alexandre Dulaunoy 9eb578d747
chg: [vulnerability] updated following NATO and CIRCL feedback 
- CVSS score added
- CVSS string added
- credit attribute added
- text -> description
- vulnerability attribute can now be any format (not only the CVE
format)
 2018-07-10 07:21:36 +02:00
Alexandre Dulaunoy 2b5592cfa6
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format 
Fix #106
 2018-07-09 21:50:44 +02:00
Alexandre Dulaunoy 6c36a1df69
chg: [coin-address] XMR type address added in addition to the default Bitcoin address format 2018-07-04 11:10:50 +02:00
Alexandre Dulaunoy 3b21125acd
add: missing timesketch-timeline object template 2018-06-22 07:44:20 +02:00
Alexandre Dulaunoy d9a616095a
Chg: jq all the things 2018-06-19 21:11:24 +02:00
AH 7d1e3747d0 STIX AIS Information source 2018-06-18 19:24:31 -04:00
Thirion Aurélien d2c9ae007a
modify ail-leak object for the tagging system 2018-06-12 11:47:44 +02:00
Alexandre Dulaunoy b6f12a9f46
chg: new script template object 
Object describing a computer program written to be run in a special run-time environment. The script or shell
script can be used for malicious activities but also as support tools for threat analysts.

Fix #101
 2018-06-09 11:36:58 +02:00
Alexandre Dulaunoy 1ca25a39ad
fix: missing ui-priority 2018-06-09 10:59:01 +02:00
Alexandre Dulaunoy 07f41b0444
chg: EPSG and spacial-reference add fix #102 
Following feedback during the last ENISA Cyber Europe 2018, we updated
the geolocation object to the following:

 - Fixing ui-priority to ensure lat,long in order
 - Adding the ability to specify an EPSG value instead of coordinates
 (handy if you want to quickly express a known location/area)
 - Set a default spacial-reference to avoid confusion between reported
 value from GPS versus values projected into a specific spacial
 projection. default is WGS-84.
 2018-06-09 10:46:12 +02:00
Corsin Camichel 85901f995a
renamed url attributed, versioning date based 2018-06-05 14:39:12 +02:00
Corsin Camichel 69ed89cef0
updated definition, removed some attributes 2018-06-05 14:35:42 +02:00
Corsin Camichel 19f7c90d1a
Shortened link and its redirect target 2018-06-05 11:04:15 +02:00
Alexandre Dulaunoy d17d11df1a
chg: username of the author added + disable correlation for origin 2018-06-04 19:46:58 +02:00
Alexandre Dulaunoy fe3a91b8d9
chg: change version of the SS7 template object 2018-05-29 16:07:50 +02:00
chrisr3d 00bf1999fc Merge branch 'master' of github.com:MISP/misp-objects 2018-05-25 09:13:44 +02:00
chrisr3d e754719c00
Attribute typo 2018-05-25 09:13:14 +02:00
Alexandre Dulaunoy 52e1316717
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. 2018-05-21 10:19:54 +02:00
kx499 b5da300852 Merge remote-tracking branch 'upstream/master' 2018-05-08 14:42:00 -04:00
chrisr3d b5f352e8c2
add: Added protocol attribute in the network socket object 2018-05-08 09:26:24 +02:00
chrisr3d 536f647135
add: Added hostname (src & dst) attributes 2018-05-08 09:03:57 +02:00
Alexandre Dulaunoy 4d47c41f5e
Network socket connection template object added 2018-05-08 07:53:58 +02:00
Alexandre De Oliveira 13ec601820
Update definition.json 
To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack.
 2018-05-04 19:09:54 +02:00
chrisr3d 6faf42cbd2
First version of process object 
- Potentially more attributes to come
 2018-05-04 16:34:35 +02:00
Raphaël Vinot 956e649315 chg: Update email template 2018-05-03 20:49:48 +02:00
chrisr3d 4cdfd7b0a0
fix: RequiredOneOf field 
Sorry, ate too much ananas in my pizza
 2018-05-03 14:28:46 +02:00
chrisr3d 3a78d64644 Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:21:56 +02:00
chrisr3d 554cfe29fe
Added definition 2018-05-03 14:21:36 +02:00
Alexandre Dulaunoy 453fd31797
fix: jq all 2018-05-03 14:18:15 +02:00
chrisr3d d221a5e68e Merge branch 'master' of github.com:MISP/misp-objects 2018-05-03 14:11:39 +02:00
chrisr3d e07f2d5c62
Network connection object 2018-05-03 14:11:14 +02:00
Alexandre Dulaunoy e9e1bdd56c
add: Context where the YARA rule can be applied 2018-05-01 11:21:05 +02:00
Alexandre Dulaunoy 3382e18393
add: new timestamp object 2018-04-30 16:27:17 +02:00
Raphaël Vinot 2da5eabbd0 Merge branch 'master' of github.com:MISP/misp-objects 2018-04-27 14:21:23 +02:00
Raphaël Vinot 1fe1f12026 new: Add EML to the email template 2018-04-27 14:20:39 +02:00
StefanKelm f7b17ab62a
Update definition.json 2018-04-26 16:53:24 +02:00
StefanKelm ef1bcc7067
Allow multiple domains and/or IP addresses per object 2018-04-26 16:50:25 +02:00
Raphaël Vinot 196991c73f fix: Bump email template version 2018-04-26 15:07:12 +02:00
Raphaël Vinot 3d75d48051 chg: [email] add email-body in requiredOneOf 2018-04-26 15:05:19 +02:00
ater49 2991d58b0b Adding ui-priority fields 2018-04-23 11:22:39 +02:00
ater49 df38573a3e Correction for multiple parameter 2018-04-23 11:17:41 +02:00
ater49 24c4a68acd Modifying version number 2018-04-23 11:11:29 +02:00
ater49 da216650d7 dding comment fields in VT report objects 2018-04-23 11:09:43 +02:00
Deborah Servili a3f8b1a0ba regexp object - change version 2018-04-13 10:56:56 +02:00
Deborah Servili 55a5508a76 regexp object - disable correlation on type 2018-04-13 10:54:28 +02:00
chrisr3d 05873aefaf
Course of Action object 2018-04-11 16:48:05 +02:00
Dennis Rand 8744ff50a3 moved object into internal 2018-04-10 16:08:04 +00:00
Dennis Rand c8e7cea45b Added target-system as object 2018-04-10 16:03:05 +00:00
Alexandre Dulaunoy c8e9155a3e
fix: add hostname to ip-port template and make attributes multiple 2018-04-10 14:46:36 +02:00
Alexandre Dulaunoy bd89d1cd01
fix: file path added in file object 2018-04-09 15:56:39 +02:00
Alexandre Dulaunoy 1ff6cbf67a
fix: Feedback from @sheidan 2018-03-28 15:26:35 +02:00
Alexandre Dulaunoy 62e782b589
add: Suricata object added with context 2018-03-28 14:32:53 +02:00
Alexandre Dulaunoy 405d4e6bff
fix: name of the object template was incorrect 2018-03-28 14:31:32 +02:00
Raphaël Vinot 7c9e0420e1 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-27 10:26:21 +02:00
Raphaël Vinot 206da3b100 new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
Alexandre Dulaunoy d87336b5c9
version fixed for X509 object 2018-03-27 08:55:02 +02:00
Sheidan b3c348f4ab x509-add-required-one-of-serial-number 2018-03-26 18:16:29 +02:00
Raphaël Vinot 4708caffb5 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 17:28:03 +02:00
Raphaël Vinot 3d0540a671 chg: disable correlations in fail2ban 2018-03-26 17:27:55 +02:00
Alexandre Dulaunoy 0a0778bb86
add: new yara object added with a version number 2018-03-26 14:26:15 +02:00
Raphaël Vinot 7c2e07a50b fix: wrong attribute name 2018-03-26 12:05:17 +02:00
Raphaël Vinot d51c3712b9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 11:41:12 +02:00
Raphaël Vinot 1f8fd57d69 chg: Fix&update fail2ban def 2018-03-26 11:41:00 +02:00
Alexandre Dulaunoy b0755e3ca8
jq all 2018-03-26 11:37:38 +02:00
Alexandre Dulaunoy aa30a49796
fix: attribute type fixed 2018-03-26 11:28:32 +02:00
Raphaël Vinot 61fd6728d9 Merge branch 'master' of github.com:MISP/misp-objects 2018-03-26 10:54:52 +02:00
Raphaël Vinot 1f8a26fa3e new: Fail2ban object 2018-03-26 10:54:44 +02:00
Alexandre Dulaunoy c92ee2e461
fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
Alexandre Dulaunoy e7e3878042
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00
Alexandre Dulaunoy 982e2d8b75
fix: raw whois is also accepted as single attribute in whois object 
Required for importing STIX CybOX 1.1 object where just a raw whois
entry is added in remarks.
 2018-03-16 13:13:35 +01:00
Alexandre Dulaunoy f7f0a88838
fix: some parts of the URL can be repeated such as resource path, anchor... 
multiple flag added to the potential part to be repeated.

following a discussion in Gitter with @makflwana
 2018-03-15 09:38:53 +01:00
Alexandre Dulaunoy 4ed961f5e6
fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
Alexandre Dulaunoy a93a285132
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00
Sami Mokaddem 73aa339ddd typo: passsword -> password 2018-03-01 16:20:58 +01:00
Alexandre Dulaunoy 1fe3e79a05
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00
Alexandre Dulaunoy bdaee9e1c7
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00
Alexandre Dulaunoy 73a2b41103
fix: jq all the things 2018-02-23 08:25:35 +01:00
zoomequipd 0d31f27efc
correct rbn --> rtn 2018-02-22 16:37:12 -06:00
zoomequipd 8b1aff8135
add aba-rtn to bank-account object 2018-02-22 16:36:19 -06:00
chrisr3d 271c789f97
fix: Fixed somme bank-account fields 2018-02-22 01:18:15 +01:00
chrisr3d 4cccea8828
Fixed the bank-account meta-category 
... which is actually "financial"
 2018-02-20 15:44:02 +01:00
chrisr3d 71fa0f66fa
Added default values of funds code 2018-02-14 14:11:42 +01:00
chrisr3d 0367068f92
Added attributes to describe some origin and target fields of a transaction 2018-02-14 11:33:37 +01:00
chrisr3d 594bf5dcc0
Added attributes for the teller and the authorizer of a transaction 2018-02-13 17:53:37 +01:00
Andras Iklody eef4aab989
Changed http request object template 
require either uri or url, http method is no longer required.
 2018-02-09 09:43:39 +01:00
Alexandre Dulaunoy 3d2091b33c
fix: use new attribute type mime-type instead of text 2018-02-09 07:34:58 +01:00
Alexandre Dulaunoy 1c8a5031f7
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 11:55:19 +01:00
Alexandre Dulaunoy b4d433a845
add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
Alexandre Dulaunoy 64f9c60ae6
Merge pull request #78 from chrisr3d/master 
Transaction Object definition and readme file updated
 2018-02-08 08:06:35 +01:00
Alexandre Dulaunoy 857065e0e8
Merge branch 'master' of github.com:MISP/misp-objects 2018-02-08 08:05:53 +01:00
Alexandre Dulaunoy 49f78f067d
add: Common Alerting Protocol Version (CAP) info object 2018-02-08 07:45:41 +01:00
chrisr3d 9ad2b50895
Updated description and readme 2018-02-07 17:26:09 +01:00
chrisr3d 416c91fd5d Merge branch 'master' of github.com:MISP/misp-objects 2018-02-07 15:43:40 +01:00
chrisr3d ad8e01d4c5
Transaction object 2018-02-07 15:36:37 +01:00
Alexandre Dulaunoy 3161533692
fix: trailing dot removed 2018-02-07 14:54:15 +01:00
Alexandre Dulaunoy e1258cd2f7
Common Alerting Protocol Version (CAP) alert object 2018-02-07 14:46:09 +01:00
chrisr3d fd74fac62b
Fixed disable_correlation variable type 2018-02-06 15:36:57 +01:00