Delta-Sierra
e7b9a8e7cf
add username field in telegram-bot object
2022-10-13 13:45:52 +02:00
Alexandre Dulaunoy
82c699cc5f
new: [telegram-bot] new object to describe Telegram bots
2022-10-13 10:32:58 +02:00
Alexandre Dulaunoy
06df368890
new: [intrusion-set] based on the STIX 2.1 definition
...
TODO - "Open Vocabularies" - value versus description.
2022-09-29 07:32:52 +02:00
Alexandre Dulaunoy
35df5bad01
new: [exploit] Exploit object template to describe code or program used
...
to exploit specific vulnerabilities. The objet can be linked to
`vulnerability` objects but also device, iot, firmware or alike.
2022-09-26 07:40:11 +02:00
Alexandre Dulaunoy
3cf9307b24
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-09-09 07:26:37 +02:00
Alexandre Dulaunoy
fa26cdf15e
fix: [facebook-group] add an optional ID reference to the facebook id
2022-09-09 07:24:05 +02:00
Alexandre Dulaunoy
fc51889b42
new: [facebook-reaction] new object to link reaction with facebook posts or alike
2022-09-09 07:21:59 +02:00
Alexandre Dulaunoy
3abfb19982
Merge pull request #370 from goodlandsecurity/spearphishing-objects-v2
...
spearphishing-objects-v2
2022-08-26 08:53:49 +02:00
goodlandsecurity
b258786935
jq_all_the_things
2022-08-25 16:03:59 -05:00
goodlandsecurity
26c2767228
allow multiple of certain types. bump version
2022-08-25 15:56:36 -05:00
Alexandre Dulaunoy
5e2b455123
Merge branch 'Vasileios-Mavroeidis-patch-4' into main
2022-08-25 10:18:33 +02:00
Alexandre Dulaunoy
ec351176f9
chg: [security-playbook] JSON fixed
2022-08-25 10:17:48 +02:00
Vasileios Mavroeidis
2771e2681f
Update definition.json
...
Found the issue and updated the playbook-id attribute. It is not required anymore. We should not dictate producers generating this property since it can be used to correlate playbooks. The use case is: If we have a cacao playbook attached then we could have the UUIDV4 extracted from the "attachment" and put at the MISP security-playbook object attribute "playbook-id". Correlation is enabled if another security playbook object follows the same process while attaching the same CACAO playbook. If the attached playbook is a png then there is no way to associate it again with another security playbook object that has the same png as an attachment as we cannot know that. That would be possible only if the attachment had a machine-readable identifier. Another use case is to generate a hash and attach it to a property, but let's leave that for the future and if it is never needed or appears as a use case. Long story short the pull request improves the semantics of the object and correlations of different security playbook objects :)
2022-08-24 18:44:11 +02:00
Alexandre Dulaunoy
66a9b8eee7
chg: [doc] list of MISP object template updated
2022-08-03 11:48:05 +02:00
Alexandre Dulaunoy
9b9c838961
fix: [yara] add a reference link to the YARA object template
2022-08-03 11:46:30 +02:00
Alexandre Dulaunoy
39df304924
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-08-03 11:45:06 +02:00
Alexandre Dulaunoy
734d85337d
new: [sigma] a sigma attribute exists in MISP but the object was
...
missing to add some additional meta information.
2022-08-03 11:44:37 +02:00
Alexandre Dulaunoy
ec00217098
Best practices when creating MISP object templates
2022-07-28 18:50:16 +02:00
Alexandre Dulaunoy
50f61a03be
chg: [scheduled-task] disable_correlation + clarification
2022-07-08 15:03:27 +02:00
Delta-Sierra
73c2462448
Windows Scheduled Task Object - First draft
2022-07-07 15:17:34 +02:00
Alexandre Dulaunoy
58ef1729f2
Merge pull request #364 from matthijsvp/main
...
New attack-step object.
2022-07-02 20:21:10 +01:00
matthijsvp
8e024f4863
chg: Fixed typo in disable_correlation
2022-07-01 16:59:03 +02:00
matthijsvp
896fb72735
Merge from master
2022-07-01 16:47:23 +02:00
Matthijs van P
29d7467de9
Merge branch 'MISP:main' into main
2022-07-01 16:43:49 +02:00
matthijsvp
593d80abd1
initial commit
2022-07-01 16:43:22 +02:00
Alexandre Dulaunoy
db5033f385
fix: [ftm-*] Fixing missing description - #363
2022-06-30 17:43:44 +02:00
Alexandre Dulaunoy
85dd164dbb
fix: [ftm] missing description fix #363
2022-06-30 17:19:33 +02:00
Alexandre Dulaunoy
9b0a9cd9eb
chg: [ftm-Call] fixed missing description
2022-06-30 17:12:25 +02:00
Alexandre Dulaunoy
91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
...
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy
fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
...
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy
07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
...
MISP object template designed following requests and especially this twitter thread:
https://twitter.com/castello_johnny/status/1540610057263628289
I added a list of sane default based on the ones I have seen being used:
"sane_default": [
"event query language (eql)",
"keyword query language (kql)",
"Query DSL",
"Query (Elastic Search)",
"Sigma",
"Lucene query",
"Google search query",
"Ariel Query Language (qradar)",
"Grep",
"Devo LINQ"
],
Thanks to Gianni Castaldi and others for ideas.
The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00
Alexandre Dulaunoy
4badc17a84
chg: [doc] list of objects updated
2022-06-18 20:57:14 +02:00
Alexandre Dulaunoy
8fd41924dd
chg: [stock] newline fixed
2022-06-18 17:00:13 +02:00
Alexandre Dulaunoy
7ea63899df
chg: [stock] UUID fixed
2022-06-18 16:58:49 +02:00
Alexandre Dulaunoy
421f5f9ccc
new: [stock] a first version of a stock market object to describe stock in MISP
2022-06-18 16:55:13 +02:00
Alexandre Dulaunoy
8215066c96
chg: [report] add Zotero item types in addition to the default type
2022-06-18 16:10:41 +02:00
Alexandre Dulaunoy
b56d3a980b
Merge branch 'main' of github.com:MISP/misp-objects into main
2022-06-17 10:27:22 +02:00
Alexandre Dulaunoy
cbfff75588
chg: [network-connection] add a counter following discussion with @chrisr3d
2022-06-17 10:05:09 +02:00
iglocska
b99a0e939d
chg: [domain-ip] added the multiple flag back to ports
...
- as discussed with @righel, if we allow multiple IPs we should also allow multiple ports
- we might revise this in the future if it causes issues, however, then we should also restrict the use of multiple IP addresses
2022-05-30 18:07:25 +02:00
Alexandre Dulaunoy
db9d79b093
Merge pull request #360 from goodlandsecurity/spearphishing-objects
...
Spearphishing objects
2022-05-21 08:00:02 +02:00
Good Land Security
df5f9921df
Merge branch 'MISP:main' into spearphishing-objects
2022-05-20 20:20:10 -05:00
Alexandre Dulaunoy
52918bb373
Merge pull request #359 from matthijsvp/main
...
Processed feedback for ransom-negotiation object.
2022-05-20 21:50:52 +02:00
goodlandsecurity
2b19a8099e
formatting after jq_all_the_things
2022-05-20 14:24:40 -05:00
goodlandsecurity
1c3aff42c5
added date for tracking when e-mail was sent
2022-05-20 14:20:37 -05:00
goodlandsecurity
c62a113fec
add new objects for spearphishing-link and spearphishing-attachment intel
2022-05-20 11:49:15 -05:00
matthijsvp
f04caaa2c1
Added fields
2022-05-20 15:53:29 +02:00
matthijsvp
bffed035df
Merge branch 'main' of github.com:matthijsvp/misp-objects
2022-05-20 15:50:37 +02:00
matthijsvp
dac6d57e79
Added some field from feedback
2022-05-20 15:50:31 +02:00
Alexandre Dulaunoy
a922f29b46
Merge branch 'Vasileios-Mavroeidis-patch-1' into main
2022-05-18 22:01:41 +02:00
Alexandre Dulaunoy
ccd239bf64
chg: [security-playbook] jq all the things
2022-05-18 22:00:41 +02:00