MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
780 Commits
6 Branches
44 Tags
12 MiB
Commit Graph

540 Commits (e26a2b6d81a90f217bd638fefca4a76ea9f8614c)

Author SHA1 Message Date
haxpak bb9ff86b2f added MAC address to device 
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
 2019-04-14 10:53:57 +05:30
haxpak 9f3fb14ed5 changed organization meta category to misc 2019-04-13 14:57:55 +05:30
haxpak 6917beee5f reverted device to misc category 2019-04-13 14:02:26 +05:30
haxpak 63fff149f0 added requiredOneOf to device definition 2019-04-13 13:49:16 +05:30
haxpak df91c999e6 fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
haxpak 23ab735119 - added : attachment attribute to annotation 
- added : new object type device
 2019-04-13 13:32:56 +05:30
haxpak 161f72678a modified : person object "changed UI priority of the attributes" 
modified : report object "added attachment to report"
 2019-04-13 12:05:51 +05:30
haxpak 71419a999a new-object : Organization "Defines an organization" 2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy c5532621b6
chg: [ip-port] ip-src added to fix #149 2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy 006aa1d1a2
chg: [script] filename added to fix #149 2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy 4793bf33ae
chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1 
Username is often utilised alongside a credential
 2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy 302182e594
Merge pull request #159 from geekscrapy/patch-1 
Added current-directory to required field
 2019-04-02 19:55:03 +02:00
molley a50986361f
Username is often utilised alongside a credential 
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
 2019-04-02 18:26:00 +01:00
molley 490d760a4b
Added current-directory to required field 
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
 2019-04-02 17:41:07 +01:00
molley a85178255c
Added issuer as one of the required fields 
This is often a field used on it's own to identify a malicious cert
 2019-04-02 17:28:49 +01:00
Raphaël Vinot 0c6b7b4302 chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy 047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI) 2019-03-15 14:36:12 +01:00
Deborah Servili 55f5716b5d
remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
Deborah Servili 96751b2af7
remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
Deborah Servili 41dd469869
add ilr-notification-incident object 2019-02-26 15:51:20 +01:00
Deborah Servili bd9970b1c9
fix lr-impact attributes names 2019-02-26 14:26:29 +01:00
Deborah Servili bc05eca2b6
disable correlations on ilr-impact attributes 2019-02-26 14:05:01 +01:00
Deborah Servili ec2851d4eb
add ilr-impact object 2019-02-26 13:57:31 +01:00
Sascha Rommelfangen 45f6aec0f5
corrected order 2019-02-25 09:29:15 +01:00
marcnil815 03870031db
jq'ed definition.json 2019-02-21 19:36:07 +01:00
marcnil815 e26e54b54a
Create splunk object definition.json 
Adding misp-object for basic splunk search/correlation search values.
 2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy b0f07156ae
Merge pull request #147 from Delta-Sierra/master 
Person object - Add a (or several) role to a person
 2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy 18042c0749
chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
Deborah Servili 0173504050
Person object - Add a (several) role to a person 2019-02-15 09:46:29 +01:00
Alexandre Dulaunoy 08798f1262
chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
Alexandre Dulaunoy 8a4f2c96b8
chg: [file] preferred charset used by the file (if decoded from mime-type parsing) 2019-02-14 14:16:01 +01:00
Alexandre Dulaunoy f9bb8bfa9b
chg: [phishing] removed the IDS flag on the email used for takedown - and change attribute type 2019-02-11 06:45:18 +01:00
Sascha Rommelfangen f09a392d49
added hostname attribute to the phishing object 2019-02-07 14:58:40 +01:00
Alexandre Dulaunoy 75ae30f44d
Merge pull request #143 from rommelfs/master 
added values valuable to operators
 2019-02-02 09:27:38 +01:00
Alexandre Dulaunoy 36dc6efab3
chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
Sascha Rommelfangen 732476d7ca
added values valuable to operators 2019-02-01 09:37:31 +01:00
Alexandre Dulaunoy f5c7530e0b
chg: [anonymisation] algo list fixed 2019-01-31 23:01:08 +01:00
Andras Iklody 86a116770b
Update definition.json 2019-01-31 22:57:49 +01:00
Alexandre Dulaunoy b141dce581
add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. 2019-01-31 22:41:23 +01:00
Deborah Servili db6297131f Merge https://github.com/MISP/misp-objects 2019-01-28 15:44:31 +01:00
Deborah Servili 0f6f7de384
fix required field for interpol notice 2019-01-28 15:40:07 +01:00
Deborah Servili 1533703894
add interpol notice object 2019-01-28 15:26:49 +01:00
Alexandre Dulaunoy beb0ec8bb7
chg: [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet) 
- I sense a new stackoverflow survey category

Signed-off: 5c45721d-de08-4fff-b9b0-168a02de0b81
 2019-01-24 13:36:09 +01:00
Alexandre Dulaunoy b25388c406
Merge pull request #139 from Delta-Sierra/master 
Person object - add alias as a requiredOneof attribute
 2019-01-11 20:31:03 +01:00
chrisr3d b94abc9182 Merge branch 'master' of github.com:MISP/misp-objects 2019-01-11 16:51:18 +01:00
chrisr3d cf8c50b72e
fix: Disabled correlation for original imported samples 2019-01-11 16:50:29 +01:00
Deborah Servili d6299e6542
update person object version 2019-01-11 15:03:11 +01:00
Deborah Servili b0d8e91f0f
add alias as a requiredOneof attribute 2019-01-11 15:02:06 +01:00
Christophe Vandeplas ae32e23fbf chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00
Stefan Kelm d98cfd6d16 New object: Information related to known scanning activity (e.g. from research projects) 2019-01-02 16:19:08 +01:00
eCrimeLabs 68ca8b0a92 Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version 2018-12-30 12:31:17 +01:00
Alexandre Dulaunoy 9b84576442
add: [facial-composite] new facial composite object 2018-12-21 20:41:45 +01:00
Alexandre Dulaunoy 5a9800ab6a
chg: [person] portrait added #133 2018-12-21 20:28:24 +01:00
Deborah Servili 7dfa69a743
Object Victim - Extended requiredOneof 2018-12-21 12:27:11 +01:00
Alexandre Dulaunoy 11a462e79b
chg: [person] OFAC fields - Office of Foreign Assets Control 2018-12-04 15:39:51 +01:00
Alexandre Dulaunoy 6cc29aad3d
chg: [microblog] a small clarification about the username to avoid the @ 2018-11-26 22:21:51 +01:00
Alexander J e44dd16b18
new misp object for a timesketch message 
to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
 2018-11-23 15:40:57 +01:00
Alexandre Dulaunoy 7808850ce2
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with 
relationships from this object
 2018-11-18 10:29:42 +01:00
Alexandre Dulaunoy 39dd150e2a
add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF) 2018-11-18 10:28:18 +01:00
Alexandre Dulaunoy 3ec98a8a65
chg: [cortex-taxonomy] aka mini-report 2018-11-18 10:11:25 +01:00
Alexandre Dulaunoy 0f1f23fbb5
fix: [cortex-taxonomy] jq all the things(tm) 2018-11-09 14:21:10 +01:00
Hendrik d61a1f3390 Added cortex taxonomy object definition 2018-11-09 12:37:34 +01:00
Alexandre Dulaunoy 78bfd806e7
Merge pull request #127 from thomaspatzke/process-extension 
Extension of process object
 2018-11-02 08:56:14 +01:00
Thomas Patzke e12f15d5da Fixed misp-attribute in link attribute of paste object 2018-11-02 00:40:55 +01:00
Thomas Patzke d41b642bc4 Extension of process object 2018-11-02 00:35:28 +01:00
Steve Clement e132ea8e03 fix: [definition] Fixed current balance type, is float. 2018-10-30 22:58:54 +09:00
Steve Clement 6560a53b80 chg: [definition] Extended crypto coin object to be able to enrich with interesting data 2018-10-30 21:30:09 +09:00
Alexandre Dulaunoy a4207d1f36
chg: [mactime-timeline-analysis] disable some correlations 2018-10-29 20:43:36 +01:00
Alexandre Dulaunoy ccab94e1b7
chg: [ip-api-adress] updated to ensure correlation disabled 2018-10-28 15:07:35 +01:00
Raphaël Vinot decd49b6fc fix: JQ things 2018-10-25 17:45:47 -04:00
Raphaël Vinot e3d5d636e4 chg: Add type of internal reference 2018-10-25 15:47:04 -04:00
Raphaël Vinot 1a0d055caa new: Internal reference object 2018-10-25 13:47:20 -04:00
Alexandre Dulaunoy 2f1ed1ee0c
chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
Alexandre Dulaunoy 5e952a4bf7
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
Alexandre Dulaunoy 38a3718693
typo fixed 2018-10-25 17:42:57 +02:00
Alexandre Dulaunoy 7a70a1ece3
fix: various typos 2018-10-25 17:38:26 +02:00
Alexandre Dulaunoy 26fcbcd3bf
fix typo 2018-10-25 17:35:50 +02:00
Alexandre Dulaunoy 172b5551ba
Merge branch 'master' of github.com:MISP/misp-objects 2018-10-25 17:32:47 +02:00
Alexandre Dulaunoy b93ad7969f
fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
Alexandre Dulaunoy 38a006b05b
Merge branch 'master' of https://github.com/Aks6193/misp-objects 2018-10-25 17:30:30 +02:00
aksha bb119724ba fix: Changed TSK object names to lower case 2018-10-25 13:21:08 +01:00
aksha 1cedea6506 Chg: Jq'ed all the objects 2018-10-25 12:39:48 +01:00
Alexandre Dulaunoy 15539c5e25
Merge pull request #123 from neok0/sandbox-file-attribute 
added sandbox-file type as attribute for storing e.g. sandbox results…
 2018-10-24 14:39:25 +02:00
Alexandre Dulaunoy 7bffd599ab
Merge pull request #122 from neok0/master 
enable multiple summary attribute in report object
 2018-10-24 14:37:33 +02:00
Tobias Mainka 8b861df876 fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00
Tobias Mainka 675b60703b added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00
Alexandre Dulaunoy a2ce46ecad
chg: [pcap-metadata] linktype added in the sane default 2018-10-24 07:35:31 +02:00
Alexandre Dulaunoy 3bf8c938aa
fix the required part of the url 2018-10-23 20:03:58 +02:00
Alexandre Dulaunoy 1a1972003d
add: [pcap-metadata] new object template for pcap file metadata (WiP) 2018-10-23 16:35:08 +02:00
Alexandre Dulaunoy ae103f6080
chg: [person] add attributes to whois-related information which can be associated to a person 2018-10-23 08:43:35 +02:00
Tobias Mainka 332cf5475c enable multiple summary attribute in report object 2018-10-22 14:55:27 +02:00
aksha 478dc899f2 Add: Web artefacts objects 2018-10-22 09:35:21 +01:00
chrisr3d de3acf865d
fix: Disabled correlation of imported files format attribute 2018-10-22 10:13:48 +02:00
aksha 711abb094a Add: python-etvx object 2018-10-15 11:08:09 +01:00
chrisr3d 141a0c8d41
fix: JQed ip-api-address template 2018-10-11 09:14:08 +02:00
chrisr3d 8137a58f48 fix: Fixed ip-api-address object template filename 2018-10-11 07:11:28 +02:00
Alexandre Dulaunoy 09495c3f2a
chg: [network-connection] disable correlation 2018-10-06 20:27:51 +02:00