Commit Graph

786 Commits (e67b937f7323e01a36b99959a17bcbe2f523b4fd)

Author SHA1 Message Date
molley a50986361f
Username is often utilised alongside a credential
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
2019-04-02 18:26:00 +01:00
molley 490d760a4b
Added current-directory to required field
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
2019-04-02 17:41:07 +01:00
molley a85178255c
Added issuer as one of the required fields
This is often a field used on it's own to identify a malicious cert
2019-04-02 17:28:49 +01:00
Raphaël Vinot 0c6b7b4302 chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy 047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI) 2019-03-15 14:36:12 +01:00
chrisr3d 59f8621fe2
add: New relationship "retrieved-from" 2019-03-12 17:21:52 +01:00
Alexandre Dulaunoy d0886ba6af
Merge pull request #155 from Delta-Sierra/master
remove accent from ilr objects
2019-02-27 07:14:02 +01:00
Deborah Servili 55f5716b5d
remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
Deborah Servili 96751b2af7
remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
Alexandre Dulaunoy 0f10d25558
Merge pull request #154 from Delta-Sierra/master
add ilr-notification-incident object
2019-02-26 15:54:24 +01:00
Deborah Servili 41dd469869
add ilr-notification-incident object 2019-02-26 15:51:20 +01:00
Alexandre Dulaunoy 8580eb2080
Merge pull request #153 from Delta-Sierra/master
fix ilr-impact attributes names
2019-02-26 14:56:34 +01:00
Deborah Servili bd9970b1c9
fix lr-impact attributes names 2019-02-26 14:26:29 +01:00
Alexandre Dulaunoy f172d47381
Merge pull request #152 from Delta-Sierra/master
add ilr-impact object
2019-02-26 14:13:56 +01:00
Deborah Servili bc05eca2b6
disable correlations on ilr-impact attributes 2019-02-26 14:05:01 +01:00
Deborah Servili ec2851d4eb
add ilr-impact object 2019-02-26 13:57:31 +01:00
Alexandre Dulaunoy c84ee804db
Merge pull request #151 from MISP/rommelfs-patch-3
corrected order
2019-02-25 09:34:20 +01:00
Sascha Rommelfangen 45f6aec0f5
corrected order 2019-02-25 09:29:15 +01:00
Alexandre Dulaunoy 140cdeb088
Merge pull request #148 from marcnil815/master
Create splunk object definition.json
2019-02-21 23:03:53 +01:00
marcnil815 03870031db
jq'ed definition.json 2019-02-21 19:36:07 +01:00
marcnil815 e26e54b54a
Create splunk object definition.json
Adding misp-object for basic splunk search/correlation search values.
2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy b0f07156ae
Merge pull request #147 from Delta-Sierra/master
Person object - Add a (or several) role to a person
2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy 18042c0749
chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
Deborah Servili 0173504050
Person object - Add a (several) role to a person 2019-02-15 09:46:29 +01:00
Alexandre Dulaunoy 08798f1262
chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
Alexandre Dulaunoy 8a4f2c96b8
chg: [file] preferred charset used by the file (if decoded from mime-type parsing) 2019-02-14 14:16:01 +01:00
Alexandre Dulaunoy be9ea96c2a
chg: [doc] to_ids flag was missing in the README 2019-02-11 06:58:27 +01:00
Alexandre Dulaunoy f9bb8bfa9b
chg: [phishing] removed the IDS flag on the email used for takedown - and change attribute type 2019-02-11 06:45:18 +01:00
Alexandre Dulaunoy 3e965a5ee2
Merge pull request #144 from MISP/rommelfs-patch-1
added hostname attribute to the phishing object
2019-02-07 16:46:39 +01:00
Sascha Rommelfangen f09a392d49
added hostname attribute to the phishing object 2019-02-07 14:58:40 +01:00
Alexandre Dulaunoy 75ae30f44d
Merge pull request #143 from rommelfs/master
added values valuable to operators
2019-02-02 09:27:38 +01:00
Alexandre Dulaunoy 36dc6efab3
chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
Sascha Rommelfangen 732476d7ca
added values valuable to operators 2019-02-01 09:37:31 +01:00
Alexandre Dulaunoy f5c7530e0b
chg: [anonymisation] algo list fixed 2019-01-31 23:01:08 +01:00
Andras Iklody 86a116770b
Update definition.json 2019-01-31 22:57:49 +01:00
Alexandre Dulaunoy b141dce581
add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. 2019-01-31 22:41:23 +01:00
Alexandre Dulaunoy aec965086f
Merge pull request #141 from Delta-Sierra/master
fix jq_all_the_things script
2019-01-29 21:24:27 +01:00
Deborah Servili b4c2de001c
fix jq_all_the_things script 2019-01-28 16:06:05 +01:00
Alexandre Dulaunoy b6a7ccd2dc
Merge pull request #140 from Delta-Sierra/master
add interpol notice object
2019-01-28 15:59:54 +01:00
Deborah Servili db6297131f Merge https://github.com/MISP/misp-objects 2019-01-28 15:44:31 +01:00
Deborah Servili 0f6f7de384
fix required field for interpol notice 2019-01-28 15:40:07 +01:00
Deborah Servili 1533703894
add interpol notice object 2019-01-28 15:26:49 +01:00
Alexandre Dulaunoy beb0ec8bb7
chg: [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet)
- I sense a new stackoverflow survey category

Signed-off: 5c45721d-de08-4fff-b9b0-168a02de0b81
2019-01-24 13:36:09 +01:00
Alexandre Dulaunoy b25388c406
Merge pull request #139 from Delta-Sierra/master
Person object - add alias as a requiredOneof attribute
2019-01-11 20:31:03 +01:00
chrisr3d b94abc9182 Merge branch 'master' of github.com:MISP/misp-objects 2019-01-11 16:51:18 +01:00
chrisr3d cf8c50b72e
fix: Disabled correlation for original imported samples 2019-01-11 16:50:29 +01:00
Deborah Servili d6299e6542
update person object version 2019-01-11 15:03:11 +01:00
Deborah Servili b0d8e91f0f
add alias as a requiredOneof attribute 2019-01-11 15:02:06 +01:00
Alexandre Dulaunoy 7d7031a5e4
Merge pull request #138 from cvandeplas/master
chg: [http-request] IP as allowed type
2019-01-03 15:21:29 +01:00
Christophe Vandeplas ae32e23fbf chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00