Raphaël Vinot
5650664665
new: Objects for Scripps CO2
2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy
ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object
...
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy
fbeb34ccb7
Merge pull request #193 from kx499/master
...
Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy
17f1b75973
chg: [network-connection] community-id added
2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy
d504979f10
chg: [netflow] attribute community-id added in netflow object template
...
Ref: https://github.com/corelight/community-id-spec
Ref: 020e67c154
2019-07-13 10:02:15 +02:00
Alexandre Dulaunoy
919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects
2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy
ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field
...
As requested in https://github.com/MISP/MISP/issues/4858
2019-07-11 22:59:05 +02:00
Sascha Rommelfangen
fd15381cc2
disable correlation on the text field
2019-07-11 16:01:06 +02:00
Sascha Rommelfangen
e26a2b6d81
transaction number must be multiple (and text)
2019-07-11 15:51:07 +02:00
Sascha Rommelfangen
1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5
...
fixed issue with requirements
2019-07-11 15:24:50 +02:00
Sascha Rommelfangen
07987dc1dd
bumped version
2019-07-11 15:19:37 +02:00
Sascha Rommelfangen
aab46e38ea
bumped version
2019-07-11 15:18:55 +02:00
Sascha Rommelfangen
139c190c6a
fixed issue with requirements
2019-07-11 14:56:38 +02:00
Sascha Rommelfangen
78e6b95465
missing parts for balance corrected
2019-07-11 14:34:44 +02:00
Sascha Rommelfangen
873b5cc5a1
removed unneeded characters
2019-07-10 16:35:07 +02:00
Sascha Rommelfangen
2ad020bf15
Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540'
2019-07-10 15:34:35 +02:00
Sascha Rommelfangen
ad1300767f
add: btc wallet and transaction object templates
2019-07-10 15:15:16 +02:00
kx1499
c8f6c97da0
Merge remote-tracking branch 'upstream/master'
2019-07-09 22:13:31 -04:00
chrisr3d
0caf4a9edc
chg: Added user-id attribute as one of the required ones
2019-07-09 17:05:48 +02:00
chrisr3d
ddff56f52c
fix: TYPO
2019-07-08 11:38:11 +02:00
chrisr3d
b96e7ed8be
new: New object describing user accounts
2019-07-08 11:18:21 +02:00
chrisr3d
d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes
2019-07-05 16:11:31 +02:00
chrisr3d
bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee
...
- Users can then choose between "ip" when they do
not know whever it is a source or destination IP
address, or "ip-src" & "ip-dst" to have more
clarity about the IP address
2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy
c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools
...
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
2019-07-02 10:19:54 +02:00
ater49
e2f12cebd6
Adding IIN and bank_name
2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy
41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns
...
Thanks to CERT.br for the contribution
2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy
e7bb12af7d
chg: [shell-commands] fix typo in object name
2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy
48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy
a1b2db8fd1
chg: [script] requiredOneOf for script or filename
...
Malicious scripts can be received without having a filename.
2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy
be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized
...
keys (and do correlation for fun-and-profit(tm))
2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy
d922d3eaa5
chg: [person] Gender unknown added
...
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.
topic:enforce
2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy
e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious
...
or just OSINT.
2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy
230122493c
chg: [authenticode-signerinfo] first version
2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy
8f951e8450
chg: [jq] jq all the things(tm)
2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy
cce77727d6
chg: [x509] improve X.509 certificate description to match required ones
...
from LIEF (as discussed in #180 ).
2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy
79ab435903
Merge pull request #181 from ater49/master
...
Adding registration-date in domain-ip
2019-05-04 09:35:11 +02:00
ater49
a2bec8571b
Correcting "_" to "-" in fields name
2019-05-03 22:12:08 +02:00
ater49
424900b02d
Adding registration-date to domain-ip
2019-05-03 22:08:44 +02:00
Raphaël Vinot
f2e8195d50
new: Add offset, virtual_address and virtual_size to the pe section object
...
Related to https://github.com/MISP/PyMISP/issues/388
2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy
e76e492894
chg: [regripper] version updated
2019-05-01 21:32:14 +02:00
mday
71b4e71ab1
update the misp-attribute to specify a valid value instead of an empty string
2019-05-01 14:11:30 -05:00
mday
baae683771
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy
0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s)
2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy
1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels
2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy
b656cc532d
chg: [device] name of an object must be lowercase
2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy
3dcb1725ae
chg: [phishing-kit] small typo fixed in the description
2019-04-21 15:52:57 +02:00
Raphaël Vinot
a6ed6df86a
Merge branch 'master' of github.com:MISP/misp-objects
2019-04-18 11:15:56 +02:00
Raphaël Vinot
371ffe77fb
chg: Allow to create a file object with a non-malicious file.
...
Fix #175 #176
2019-04-18 11:14:22 +02:00
Andras Iklody
92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device
...
Haxpak/update device
2019-04-16 07:43:01 +02:00
Andras Iklody
ed271a3b7d
Merge pull request #173 from haxpak/master
...
added option "Further Analysis Required" to attribute stage of object course-of-action
2019-04-16 07:42:32 +02:00
haxpak
4066da31e4
changed device type drop down from category to sane_default
2019-04-16 08:31:43 +05:30
haxpak
89b8e10fbe
added option "Further Analysis Required" to attribute stage
2019-04-15 17:41:39 +05:30
Andras Iklody
a8e89e3eaa
Merge branch 'master' into haxpak/#24
2019-04-15 10:52:48 +02:00
haxpak
9f4e7737a1
added attribute DNS name to device object
...
changed MAC address misp attribute to mac-address
2019-04-15 10:33:08 +05:30
haxpak
3cef676f34
added OS, version, dns-name attribute to device
...
changed misp-attribute of mac-address from text to mac-address
2019-04-15 10:29:09 +05:30
haxpak
836bd04a75
meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category
2019-04-14 11:32:55 +05:30
haxpak
2053c17fa4
corrected typo
2019-04-14 11:27:29 +05:30
haxpak
4f1745a095
added meta category organization
2019-04-14 11:26:12 +05:30
haxpak
b24336499a
modified: objects/device/definition.json
...
modified: objects/phishing-kit/definition.json
2019-04-14 11:04:57 +05:30
haxpak
bb9ff86b2f
added MAC address to device
...
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
2019-04-14 10:53:57 +05:30
haxpak
9f3fb14ed5
changed organization meta category to misc
2019-04-13 14:57:55 +05:30
haxpak
6917beee5f
reverted device to misc category
2019-04-13 14:02:26 +05:30
haxpak
63fff149f0
added requiredOneOf to device definition
2019-04-13 13:49:16 +05:30
haxpak
df91c999e6
fixed typos and ran jq_all_things
2019-04-13 13:45:05 +05:30
haxpak
23ab735119
- added : attachment attribute to annotation
...
- added : new object type device
2019-04-13 13:32:56 +05:30
haxpak
161f72678a
modified : person object "changed UI priority of the attributes"
...
modified : report object "added attachment to report"
2019-04-13 12:05:51 +05:30
haxpak
71419a999a
new-object : Organization "Defines an organization"
2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy
c5532621b6
chg: [ip-port] ip-src added to fix #149
2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy
006aa1d1a2
chg: [script] filename added to fix #149
2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy
b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service
2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy
aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut)
2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy
4793bf33ae
chg: [process] fix the type - fix #160
2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy
ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1
...
Username is often utilised alongside a credential
2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy
302182e594
Merge pull request #159 from geekscrapy/patch-1
...
Added current-directory to required field
2019-04-02 19:55:03 +02:00
molley
a50986361f
Username is often utilised alongside a credential
...
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
2019-04-02 18:26:00 +01:00
molley
490d760a4b
Added current-directory to required field
...
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
2019-04-02 17:41:07 +01:00
molley
a85178255c
Added issuer as one of the required fields
...
This is often a field used on it's own to identify a malicious cert
2019-04-02 17:28:49 +01:00
Raphaël Vinot
0c6b7b4302
chg: Bump vehicle object
2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy
047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI)
2019-03-15 14:36:12 +01:00
kx1499
e61344c981
Merge remote-tracking branch 'upstream/master'
2019-03-14 21:42:12 -04:00
Deborah Servili
55f5716b5d
remove accent from ilr objects - bis
2019-02-26 16:00:23 +01:00
Deborah Servili
96751b2af7
remove accent from ilrobjects
2019-02-26 15:57:58 +01:00
Deborah Servili
41dd469869
add ilr-notification-incident object
2019-02-26 15:51:20 +01:00
Deborah Servili
bd9970b1c9
fix lr-impact attributes names
2019-02-26 14:26:29 +01:00
Deborah Servili
bc05eca2b6
disable correlations on ilr-impact attributes
2019-02-26 14:05:01 +01:00
Deborah Servili
ec2851d4eb
add ilr-impact object
2019-02-26 13:57:31 +01:00
Sascha Rommelfangen
45f6aec0f5
corrected order
2019-02-25 09:29:15 +01:00
marcnil815
03870031db
jq'ed definition.json
2019-02-21 19:36:07 +01:00
marcnil815
e26e54b54a
Create splunk object definition.json
...
Adding misp-object for basic splunk search/correlation search values.
2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy
b0f07156ae
Merge pull request #147 from Delta-Sierra/master
...
Person object - Add a (or several) role to a person
2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy
18042c0749
chg: [elf] disable correlation on file type
2019-02-20 10:43:38 +01:00
Deborah Servili
0173504050
Person object - Add a (several) role to a person
2019-02-15 09:46:29 +01:00
Alexandre Dulaunoy
08798f1262
chg: [email] IP and hostname fields from extracted headers
2019-02-14 14:33:39 +01:00
Alexandre Dulaunoy
8a4f2c96b8
chg: [file] preferred charset used by the file (if decoded from mime-type parsing)
2019-02-14 14:16:01 +01:00
Alexandre Dulaunoy
f9bb8bfa9b
chg: [phishing] removed the IDS flag on the email used for takedown - and change attribute type
2019-02-11 06:45:18 +01:00
Sascha Rommelfangen
f09a392d49
added hostname attribute to the phishing object
2019-02-07 14:58:40 +01:00
Alexandre Dulaunoy
75ae30f44d
Merge pull request #143 from rommelfs/master
...
added values valuable to operators
2019-02-02 09:27:38 +01:00
Alexandre Dulaunoy
36dc6efab3
chg: [anonymisation] add level-of-knowledge to request for more information if needed
2019-02-01 10:19:25 +01:00
Sascha Rommelfangen
732476d7ca
added values valuable to operators
2019-02-01 09:37:31 +01:00
Alexandre Dulaunoy
f5c7530e0b
chg: [anonymisation] algo list fixed
2019-01-31 23:01:08 +01:00
Andras Iklody
86a116770b
Update definition.json
2019-01-31 22:57:49 +01:00
Alexandre Dulaunoy
b141dce581
add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes.
2019-01-31 22:41:23 +01:00
Deborah Servili
db6297131f
Merge https://github.com/MISP/misp-objects
2019-01-28 15:44:31 +01:00
Deborah Servili
0f6f7de384
fix required field for interpol notice
2019-01-28 15:40:07 +01:00
Deborah Servili
1533703894
add interpol notice object
2019-01-28 15:26:49 +01:00
Alexandre Dulaunoy
beb0ec8bb7
chg: [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet)
...
- I sense a new stackoverflow survey category
Signed-off: 5c45721d-de08-4fff-b9b0-168a02de0b81
2019-01-24 13:36:09 +01:00
kx1499
a5ca2e1189
Merge remote-tracking branch 'upstream/master'
2019-01-15 21:19:19 -05:00
Alexandre Dulaunoy
b25388c406
Merge pull request #139 from Delta-Sierra/master
...
Person object - add alias as a requiredOneof attribute
2019-01-11 20:31:03 +01:00
chrisr3d
b94abc9182
Merge branch 'master' of github.com:MISP/misp-objects
2019-01-11 16:51:18 +01:00
chrisr3d
cf8c50b72e
fix: Disabled correlation for original imported samples
2019-01-11 16:50:29 +01:00
Deborah Servili
d6299e6542
update person object version
2019-01-11 15:03:11 +01:00
Deborah Servili
b0d8e91f0f
add alias as a requiredOneof attribute
2019-01-11 15:02:06 +01:00
Christophe Vandeplas
ae32e23fbf
chg: [http-request] IP as allowed type
2019-01-03 15:07:08 +01:00
Stefan Kelm
d98cfd6d16
New object: Information related to known scanning activity (e.g. from research projects)
2019-01-02 16:19:08 +01:00
eCrimeLabs
68ca8b0a92
Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version
2018-12-30 12:31:17 +01:00
Alexandre Dulaunoy
9b84576442
add: [facial-composite] new facial composite object
2018-12-21 20:41:45 +01:00
Alexandre Dulaunoy
5a9800ab6a
chg: [person] portrait added #133
2018-12-21 20:28:24 +01:00
Deborah Servili
7dfa69a743
Object Victim - Extended requiredOneof
2018-12-21 12:27:11 +01:00
Alexandre Dulaunoy
11a462e79b
chg: [person] OFAC fields - Office of Foreign Assets Control
2018-12-04 15:39:51 +01:00
Alexandre Dulaunoy
6cc29aad3d
chg: [microblog] a small clarification about the username to avoid the @
2018-11-26 22:21:51 +01:00
Alexander J
e44dd16b18
new misp object for a timesketch message
...
to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it.
2018-11-23 15:40:57 +01:00
Alexandre Dulaunoy
7808850ce2
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with
...
relationships from this object
2018-11-18 10:29:42 +01:00
Alexandre Dulaunoy
39dd150e2a
add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF)
2018-11-18 10:28:18 +01:00
Alexandre Dulaunoy
3ec98a8a65
chg: [cortex-taxonomy] aka mini-report
2018-11-18 10:11:25 +01:00
Alexandre Dulaunoy
0f1f23fbb5
fix: [cortex-taxonomy] jq all the things(tm)
2018-11-09 14:21:10 +01:00
Hendrik
d61a1f3390
Added cortex taxonomy object definition
2018-11-09 12:37:34 +01:00
Alexandre Dulaunoy
78bfd806e7
Merge pull request #127 from thomaspatzke/process-extension
...
Extension of process object
2018-11-02 08:56:14 +01:00
Thomas Patzke
e12f15d5da
Fixed misp-attribute in link attribute of paste object
2018-11-02 00:40:55 +01:00
Thomas Patzke
d41b642bc4
Extension of process object
2018-11-02 00:35:28 +01:00
Steve Clement
e132ea8e03
fix: [definition] Fixed current balance type, is float.
2018-10-30 22:58:54 +09:00
Steve Clement
6560a53b80
chg: [definition] Extended crypto coin object to be able to enrich with interesting data
2018-10-30 21:30:09 +09:00
Alexandre Dulaunoy
a4207d1f36
chg: [mactime-timeline-analysis] disable some correlations
2018-10-29 20:43:36 +01:00
Alexandre Dulaunoy
ccab94e1b7
chg: [ip-api-adress] updated to ensure correlation disabled
2018-10-28 15:07:35 +01:00
Raphaël Vinot
decd49b6fc
fix: JQ things
2018-10-25 17:45:47 -04:00
Raphaël Vinot
e3d5d636e4
chg: Add type of internal reference
2018-10-25 15:47:04 -04:00
Raphaël Vinot
1a0d055caa
new: Internal reference object
2018-10-25 13:47:20 -04:00
Alexandre Dulaunoy
2f1ed1ee0c
chg: [regripper-sam-hive-single-user] uuid fixed
2018-10-25 17:49:20 +02:00
Alexandre Dulaunoy
5e952a4bf7
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
2018-10-25 17:45:58 +02:00
Alexandre Dulaunoy
38a3718693
typo fixed
2018-10-25 17:42:57 +02:00
Alexandre Dulaunoy
7a70a1ece3
fix: various typos
2018-10-25 17:38:26 +02:00
Alexandre Dulaunoy
26fcbcd3bf
fix typo
2018-10-25 17:35:50 +02:00
Alexandre Dulaunoy
172b5551ba
Merge branch 'master' of github.com:MISP/misp-objects
2018-10-25 17:32:47 +02:00
Alexandre Dulaunoy
b93ad7969f
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
Alexandre Dulaunoy
38a006b05b
Merge branch 'master' of https://github.com/Aks6193/misp-objects
2018-10-25 17:30:30 +02:00
aksha
bb119724ba
fix: Changed TSK object names to lower case
2018-10-25 13:21:08 +01:00
aksha
1cedea6506
Chg: Jq'ed all the objects
2018-10-25 12:39:48 +01:00
Alexandre Dulaunoy
15539c5e25
Merge pull request #123 from neok0/sandbox-file-attribute
...
added sandbox-file type as attribute for storing e.g. sandbox results…
2018-10-24 14:39:25 +02:00
Alexandre Dulaunoy
7bffd599ab
Merge pull request #122 from neok0/master
...
enable multiple summary attribute in report object
2018-10-24 14:37:33 +02:00
Tobias Mainka
8b861df876
fix failing check via running .jq_all_the_things.sh
2018-10-24 14:14:32 +02:00
Tobias Mainka
675b60703b
added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object
2018-10-24 13:58:38 +02:00