Commit Graph

1791 Commits (f247f045485c4ee5091e49d1311290e000268599)

Author SHA1 Message Date
Christian Studer d1d97fde08 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2023-06-15 11:55:46 +02:00
Christian Studer f0223f2b66 Merge branch 'main' of github.com:MISP/misp-objects 2023-06-15 11:55:27 +02:00
Alexandre Dulaunoy e26541e89e
Merge branch 'main' of github.com:MISP/misp-objects into main 2023-06-14 19:21:37 +02:00
Alexandre Dulaunoy 5d307f7c30
chg: [cookie] cookie can be also only a key or a value
This change is required for the AIL project export
2023-06-14 17:36:22 +02:00
Alexandre Dulaunoy e088768946
Merge pull request #394 from MichaelTrenker/new-Diamond-object
new:added Diamond Object
2023-06-14 08:13:52 -04:00
Michael Trenker 241f4455ac ran jq_all_the_things.sh 2023-06-14 11:54:46 +00:00
Michael Trewen 25e1790e74 jq 2023-06-13 19:15:23 +02:00
Michael Trewen 71cc235a5d new:added Diamond Object 2023-06-13 10:47:28 +02:00
Christian Studer 3568bc0e6a Merge branch 'main' of github.com:MISP/misp-objects 2023-05-26 14:29:42 +02:00
Alexandre Dulaunoy 2ca2667d76
Merge pull request #393 from MISP/chrisr3d_patch
add: [crowdsec-ip-context] `classifications` & `false-positive` attributes
2023-05-26 14:25:27 +02:00
Christian Studer ec8645f421
add: [crowdsec-ip-context] Added the `false-positives` attribute that comes alongside with the `classifications` 2023-05-26 14:17:10 +02:00
Christian Studer 35285505a1
add: [crowdsec-ip-context] Added the classifications multiple attribute 2023-05-24 16:29:06 +02:00
Christian Studer 37e43490c0 Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch 2023-05-24 16:20:27 +02:00
Alexandre Dulaunoy 61608e5d44
chg: [scan-result] updated list of potential scanning tool
Source: https://gist.github.com/SteveClement/baf3a9ae0ba030283ecc30acd6f7c2ae
2023-05-24 11:03:47 +02:00
Alexandre Dulaunoy 20f567757d
chg: [scan-result] jq all the things 2023-05-22 14:08:34 +02:00
Alexandre Dulaunoy 8b0276f3b4
Merge branch 'main' of github.com:MISP/misp-objects into main 2023-05-22 14:06:01 +02:00
Alexandre Dulaunoy e33e893b44
new: [scan-result] object for scanning result
This is the metadata of a scanning result including the raw output of
the scan result.

This objects can be used for tools like Nessus or even source code
scanner to share the details about a scan.

For additional information such IP address or alike, other objects will
be used with the proper relationship added.
2023-05-22 14:04:48 +02:00
Alexandre Dulaunoy dec2cbb917
new: [scan-result] object for scanning result
This is the metadata of a scanning result including the raw output of
the scan result.

This objects can be used for tools like Nessus or even source code
scanner to share the details about a scan.

For additional information such IP address or alike, other objects will
be used with the proper relationship added.
2023-05-22 13:59:57 +02:00
Alexandre Dulaunoy f61702d030
Merge pull request #391 from tmbc-nl/fix-typo
chg: [relationships] Fixed a typo.
2023-05-20 00:28:57 +02:00
Alexandre Dulaunoy 9cfb239776
Merge pull request #392 from goodlandsecurity/cobaltstrike-beacon-config
adding cobalt strike beacon config object
2023-05-20 00:27:16 +02:00
goodlandsecurity 4e5719f29a
adding cobalt strike beacon config object 2023-05-19 14:07:24 -05:00
tmbc-nl f1b5e54683 chg: [relationships] Fixed a typo. 2023-05-17 14:37:53 +02:00
Alexandre Dulaunoy f7e6cab1bf
chg: [relationships] jq all the things 2023-05-16 21:18:28 +02:00
Alexandre Dulaunoy 48dd455196
chg: [relationships] `serves` added in relationships
Additional verb as an alternative to `hosts`
2023-05-16 09:25:57 +02:00
Alexandre Dulaunoy a605792844
chg: [crowdsec] jq all the things 2023-05-12 10:34:19 +02:00
Alexandre Dulaunoy b0e5f39f26
Update definition.json 2023-05-12 10:31:33 +02:00
Alexandre Dulaunoy 65f4be51d5
chg: [crowdsec] updated 2023-05-12 08:52:19 +02:00
Alexandre Dulaunoy 3d736c427c
new: [crowdsec-ip-context] new initial object for crowdsec expansion 2023-05-11 16:52:24 +02:00
Alexandre Dulaunoy 45bb7539a0
chg: [doc] misp object template list updated 2023-04-16 17:33:33 +02:00
Alexandre Dulaunoy fd12a1bcd7
fix: [ai-chat-prompt] improved ai-chat-prompt template 2023-04-16 10:50:30 +02:00
Alexandre Dulaunoy 302697e045
chg: [ai-chat-prompt] ui-priority fixed 2023-04-15 16:38:13 +02:00
Alexandre Dulaunoy b81698ae10
new: [ai-chat-prompt] new object template for AI chat prompt such as ChatGPT
Following a discussion with @aaronkaplan in Vienna, this object is a
first version to describe an AI chat prompt. The template can describe
the model used, the actual quality of results and also what's the actor
context.

Reference #388
2023-04-15 16:31:22 +02:00
Alexandre Dulaunoy e1327d02bb
new: [risk-assessment-report] New object template Risk assessment report
To be used to share risk assessment report from risk assessment platform
such as [MONARC](https://github.com/monarc-project/).

This extension is done in the scope of the [NISDUC project](https://www.nisduc.eu/).

TODO: Maybe add a field for machine-readable version of the report
2023-04-13 10:41:39 +02:00
Alexandre Dulaunoy 059b669d9a
chg: [relationships] fix newline 2023-04-04 07:58:18 +02:00
Alexandre Dulaunoy 27df249584
chg: [relationships] `rewrite` relationship type added
Ref: https://github.com/MISP/misp-galaxy/pull/833

Following an idea from @jloehel - a new relationship has been added
2023-04-04 07:56:32 +02:00
Christian Studer 9e4afdfb7a
add: [network-socket] Added MAC address attributes
- Even though they are not exactly part of the
  socket fields, it could be interesting to have
  them to have the information about them like
  they are described within the packets that are
  sent using the socket
2023-03-31 11:30:33 +02:00
Christian Studer b1b7981854 Merge branch 'main' of github.com:MISP/misp-objects 2023-03-31 10:50:57 +02:00
Alexandre Dulaunoy 402d7ad649
chg: [doc] updated 2023-03-10 15:40:48 +01:00
Alexandre Dulaunoy 05a642ec88
Merge branch 'GreyNoise-Intelligence-add_greynoise_ip_object' into main 2023-03-10 15:34:57 +01:00
Alexandre Dulaunoy b49c6824ba
chg: [greynoise-intelligence] JSON fixed 2023-03-10 15:34:32 +01:00
Brad Chiappetta 9b74873fe5 add greynoise-ip object 2023-03-10 09:16:49 -05:00
Christian Studer 1da4760dcc
fix: [network-connection, network-socket] Bytes count if also better with an S 2023-03-07 23:26:51 +01:00
Christian Studer 437808339e
fix: [network-connection, network-socket] Packets count is better with an S 2023-03-07 23:19:08 +01:00
Christian Studer 1cab455a56
fix: [network-socket] Typo 2023-03-07 16:54:30 +01:00
Christian Studer d71cdf367d
add: [network-socket] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:49:06 +01:00
Christian Studer 1651281d0b
add: [network-socket] Added the first & last packet seen object relation and made the protocol attribute multiple 2023-03-07 16:48:00 +01:00
Christian Studer 57beac3bc7
add: [network-connection] Added bytes & packets count object relations for both the source and destination 2023-03-07 16:45:51 +01:00
Christian Studer 0e9ae98b49
add: [network-connection] Added a `last-packet-seen` attribute 2023-03-06 12:02:24 +01:00
Christian Studer 9c51feb43b
add: [network-connection] Added MAC address attributes 2023-03-03 14:55:09 +01:00
Christian Studer 4b5faf196b
add: [registry-key-value] New template to describe registry key values
- The `registry-key` object template includes
  already the `data`, `data-type` & `name` fields
  of a registry key value, but there is a
  limitation in the case of multiple registry key
  values
- In order to describe multiple registry key
  values, instead of adding a simple `multiple`
  field to the related and above mentioned fields,
  it is better to use the `registry-key-value`
  template so we know which data, data type and
  name values are related to a given registry key
  value
- It is then possible to have a reference between
  the registry key object and the related values
2023-03-01 20:50:30 +01:00