Commit Graph

1858 Commits (e3288ef6e516624e3e335939a2b7fe4aef5ce510)

Author SHA1 Message Date
Alexandre Dulaunoy ec00217098
Best practices when creating MISP object templates 2022-07-28 18:50:16 +02:00
Alexandre Dulaunoy 50f61a03be
chg: [scheduled-task] disable_correlation + clarification 2022-07-08 15:03:27 +02:00
Delta-Sierra 73c2462448 Windows Scheduled Task Object - First draft 2022-07-07 15:17:34 +02:00
Alexandre Dulaunoy 58ef1729f2
Merge pull request #364 from matthijsvp/main
New attack-step object.
2022-07-02 20:21:10 +01:00
matthijsvp 8e024f4863 chg: Fixed typo in disable_correlation 2022-07-01 16:59:03 +02:00
matthijsvp 896fb72735 Merge from master 2022-07-01 16:47:23 +02:00
Matthijs van P 29d7467de9
Merge branch 'MISP:main' into main 2022-07-01 16:43:49 +02:00
matthijsvp 593d80abd1 initial commit 2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy db5033f385
fix: [ftm-*] Fixing missing description - #363 2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy 85dd164dbb
fix: [ftm] missing description fix #363 2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy 9b0a9cd9eb
chg: [ftm-Call] fixed missing description 2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy 91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy 07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
MISP object template designed following requests and especially this twitter thread:

https://twitter.com/castello_johnny/status/1540610057263628289

I added a list of sane default based on the ones I have seen being used:

      "sane_default": [
        "event query language (eql)",
        "keyword query language (kql)",
        "Query DSL",
        "Query (Elastic Search)",
        "Sigma",
        "Lucene query",
        "Google search query",
        "Ariel Query Language (qradar)",
        "Grep",
        "Devo LINQ"
      ],

Thanks to Gianni Castaldi and others for ideas.

The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy 4badc17a84
chg: [doc] list of objects updated 2022-06-18 20:57:14 +02:00
Alexandre Dulaunoy 8fd41924dd
chg: [stock] newline fixed 2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy 7ea63899df
chg: [stock] UUID fixed 2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy 421f5f9ccc
new: [stock] a first version of a stock market object to describe stock in MISP 2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy 8215066c96
chg: [report] add Zotero item types in addition to the default type 2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy b56d3a980b
Merge branch 'main' of github.com:MISP/misp-objects into main 2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy cbfff75588
chg: [network-connection] add a counter following discussion with @chrisr3d 2022-06-17 10:05:09 +02:00
iglocska b99a0e939d
chg: [domain-ip] added the multiple flag back to ports
- as discussed with @righel, if we allow multiple IPs we should also allow multiple ports
- we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses
2022-05-30 18:07:25 +02:00
Alexandre Dulaunoy db9d79b093
Merge pull request #360 from goodlandsecurity/spearphishing-objects
Spearphishing objects
2022-05-21 08:00:02 +02:00
Good Land Security df5f9921df
Merge branch 'MISP:main' into spearphishing-objects 2022-05-20 20:20:10 -05:00
Alexandre Dulaunoy 52918bb373
Merge pull request #359 from matthijsvp/main
Processed feedback for ransom-negotiation object.
2022-05-20 21:50:52 +02:00
goodlandsecurity 2b19a8099e formatting after jq_all_the_things 2022-05-20 14:24:40 -05:00
goodlandsecurity 1c3aff42c5 added date for tracking when e-mail was sent 2022-05-20 14:20:37 -05:00
goodlandsecurity c62a113fec add new objects for spearphishing-link and spearphishing-attachment intel 2022-05-20 11:49:15 -05:00
matthijsvp f04caaa2c1 Added fields 2022-05-20 15:53:29 +02:00
matthijsvp bffed035df Merge branch 'main' of github.com:matthijsvp/misp-objects 2022-05-20 15:50:37 +02:00
matthijsvp dac6d57e79 Added some field from feedback 2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy a922f29b46
Merge branch 'Vasileios-Mavroeidis-patch-1' into main 2022-05-18 22:01:41 +02:00
Alexandre Dulaunoy ccd239bf64
chg: [security-playbook] jq all the things 2022-05-18 22:00:41 +02:00
Vasileios Mavroeidis 0c54a39d37
Update definition.json
The PR updates the security playbook object with improved semantics based on feedback we have received. 

The updated template has "one-to-one" mapping with the available STIX 2.1 ad-hoc extension for the COA SDO available here: https://github.com/fovea-research/stix2.1-coa-playbook-extension

This research (updated version 3) was partially supported by the research projects CyberHunt (Grant No. 303585 - funded by the Research Council of Norway) and JCOP (Grant No. INEA/CEF/ICT/A2020/2373266 - funded by the European Health and Digital Executive Agency through the Connected Europe Facility program).
2022-05-18 13:56:59 +02:00
Alexandre Dulaunoy 7c7d1fbe98
chg: [paloalto-threat-event] Hungary access to the git repository has been sanctioned 2022-05-11 15:38:24 +02:00
Andras Iklody a5184c6746
chg: [paloalto-threat-event] version bump
For instances that ingested it before the disable_correlation changes, they didn't take and ended up pushing a lot of correlating noise. This should resolve it for the future.
2022-05-11 13:16:36 +02:00
Alexandre Dulaunoy 4125494c84
Merge pull request #355 from matthijsvp/main
New object template: Ransom negotations
2022-05-07 09:15:41 +02:00
matthijsvp b8456cf80b Ran validation 2022-05-07 08:00:38 +02:00
Matthijs van P 9e378c705f
Merge branch 'MISP:main' into main 2022-05-07 07:56:36 +02:00
Matthijs van P 109f78336b
Changed version to int. 2022-05-07 06:47:40 +02:00
Christian Studer f762d5b2a4
add: [passive-ssh] Added `port` attribute 2022-05-06 17:01:13 +02:00
matthijsvp 3f90f65508 Fixed spelling mistakes 2022-05-06 14:09:50 +02:00
matthijsvp bb686f24d4 Removed required field 2022-05-06 13:50:34 +02:00
matthijsvp d04d453f47 Added sane defaults to all booleans 2022-05-06 13:48:12 +02:00
matthijsvp dcf34a680f bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00
matthijsvp 7480c51533 Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00
Christian Studer de7792373c
add: [passive-ssh] Added `banner` & `hassh` attributes 2022-05-05 20:38:53 +02:00
matthijsvp 33458100e4 Fixed ui order, fixed screenshot type 2022-05-05 15:54:37 +02:00
matthijsvp 6ec02ff6d8 Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00
matthijsvp 1c2513caf2 Fixed email attribute type, fixed typo 2022-05-05 15:38:19 +02:00