Commit Graph

1019 Commits (f762d5b2a4dc8efeb23596b33c572606fe66c9f3)

Author SHA1 Message Date
Alexandre Dulaunoy 939a950d87
chg: [jq] all the things 2020-08-28 16:33:05 +02:00
Pauline Bourmeau 50288b806c
Update definition.json 2020-08-28 16:27:41 +02:00
Pauline Bourmeau d76f21d8b5
Update definition.json 2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy a168037d93
chg: [jq] all the things 2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy 894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main 2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy c487e73b86
chg: [jq] all the things 2020-08-28 16:08:39 +02:00
Pauline Bourmeau 794063dfe9
Update definition.json 2020-08-28 16:05:33 +02:00
Pauline Bourmeau 9fd1f78b5a
Update definition.json 2020-08-28 16:05:05 +02:00
Pauline Bourmeau b698ccb724
Update definition.json 2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy 6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type
The vulnerability type is an official CVE number.

We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.

This commit fixes #234
2020-08-28 11:23:10 +02:00
rmkml cd49fe8d97 add SHA3 Hash on definition.json 2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy 842d128ef3
chg: [misp-objects] newline newline newline is the evil 2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy dc70db0204
chg: [pe] multiple is true not 1 ;-) 2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy 0c863f194f
chg: [pe] richpe 2020-08-20 10:39:49 +02:00
Andras Iklody 4a671ca739
chg: [RichPE] added 2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy bfec61d8b0
chg: [file] jq 2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy 7fdfbd4110
UUID must be the same 2020-08-18 07:44:12 +02:00
rmkml 5bdc6c6592 add vhash (VirusTotal Hash) on definition.json 2020-08-17 17:35:58 +02:00
Emil Henry Flakk 097ea8c76c Add more rrtypes to dns-record 2020-08-15 14:57:53 +02:00
VVX7 7bbcf0ed78 chg: [dev] add Parler app objects 2020-07-05 22:03:16 -04:00
Marc Hörsken 58fb163312 chg: [cortex-taxonomy] sort attributes
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:

`namespace:predicate="value"` with `level` as a meta information.
2020-07-02 13:29:32 +02:00
Raphaël Vinot b7c2562a4f new: android-app object template 2020-06-21 21:45:46 +02:00
Jean-Louis Huynen c1b7b93526 add: [d4] authentication failure report object 2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy bffde5446e
Merge pull request #261 from VVX7/master
chg: [dev] disable correlation on some attributes.
2020-06-12 09:00:07 +02:00
VVX7 bbd5a2a94d chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image. 2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy 968a7a8212
Merge pull request #260 from VVX7/master
chg: [dev] make Reddit attributes reflect Reddit API.
2020-06-08 17:22:27 +02:00
VVX7 7577cbe59a chg: [dev] make Reddit attributes (mostly) reflect Reddit API. 2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy 75b71d6f3b
Merge pull request #258 from VVX7/master
chg: [dev] add object properties from #254
2020-06-02 19:00:35 +02:00
VVX7 53d2a18811 chg: [dev] run validate_all/jq 2020-06-02 11:11:43 -04:00
VVX7 56bd29d829 chg: [dev] make twitter object attributes more consistent with twitter api 2020-06-02 11:08:30 -04:00
Jesse Hedden 42d3dda12f fixed order 2020-06-01 16:36:58 -07:00
Jesse Hedden 8256c0ada9 extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored 2020-06-01 16:02:03 -07:00
VVX7 200ac19bad chg: [dev] add object properties from #257 2020-05-31 09:52:49 -04:00
VVX7 b9e235a4f4 chg: [dev] fix attribute type 2020-05-30 18:36:09 -04:00
VVX7 cf5687b50d new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. 2020-05-29 21:10:02 -04:00
VVX7 ed7a730a79 new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit 2020-05-29 16:34:00 -04:00
VVX7 c6da4c9e66 chg: [dev] add user avatar 2020-05-28 16:40:21 -04:00
VVX7 69467c133f new: [dev] add facebook-account 2020-05-28 16:32:20 -04:00
VVX7 5aeac12979 chg: [dev] change post-id attribute type to text 2020-05-28 15:48:18 -04:00
VVX7 ede33742aa chg: [dev] run rq 2020-05-28 15:32:43 -04:00
VVX7 ae95dd1834 new: [dev] add facebook-post object. 2020-05-28 15:31:50 -04:00
VVX7 5a9a0fe5ce new: [dev] add facebook-page object. 2020-05-28 15:29:01 -04:00
VVX7 66f96da3d9 new: [dev] add facebook-group object. 2020-05-28 15:25:04 -04:00
VVX7 2164d80337 chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions. 2020-05-28 15:19:27 -04:00
Raphaël Vinot 093850f6c3 new: Preliminary version of git-vuln-finder object template 2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy 9e73449ec7
chg: [sms] format fixed 2020-05-14 18:17:09 +02:00
Carlos Borges 546cd88918
Updating template version 2020-05-13 20:44:09 -03:00
Carlos Borges 02ea8d2afc
updating a missing comma 2020-05-13 20:43:37 -03:00
Carlos Borges e5ed919e26
Adding phone company of the sending SMS number
While sharing some data using this object, we saw the need to add the phone company of the number sending the sms. 
With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies.
Using web services like Truecaller, it's possible to enrich an analysis with this data.
2020-05-13 20:42:55 -03:00
Raphaël Vinot 26a9d6b51f new: Objects and relations for FollowTheMoney 2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy 366a8bb121
chg: [boleto] JSON fixed 2020-05-04 13:19:59 +02:00
Carlos Borges 68fe7eed05
New object - Boleto
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code. 
This object will help institutions identify frauds sources and improve orgs protection.
2020-05-03 00:02:40 -03:00
VVX7 bb600ce627 chg: [publication] modify requiredOneOf, contributor type to text attribute 2020-04-28 18:58:59 -04:00
VVX7 738f32e27b new: [publication] jq'd the object 2020-04-28 15:46:13 -04:00
VVX7 84633dbd32 new: [publication] add object to describe academic journals, books, etc. 2020-04-28 11:57:28 -04:00
Raphaël Vinot d9f1db590a chg: Sort all the entries in the templates by default 2020-04-26 02:13:18 +02:00
Raphaël Vinot 73d710cfbc fix: Align directory names with object name 2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy 3b5451c325
chg: [legal-entity] website and logo added for legal entity
Thanks to Emmanuel MANCIET for the proposal
2020-04-24 18:24:25 +02:00
VVX7 28b4b615ed chg: [object] add new microblog attributes, change some of the descriptions to make them clearer 2020-04-17 00:11:48 -04:00
VVX7 d50a9eeb13 new: [object] add scheduled-event, add social-media-group 2020-04-15 22:57:12 -04:00
VVX7 fae74bf73c Merge branch 'master' of https://github.com/misp/misp-objects 2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name 2020-04-15 09:39:32 +02:00
VVX7 efa53e812d chg: [object] update narrative required object fields 2020-04-10 01:39:05 -04:00
VVX7 1527dedb26 chg: [object] update narrative object fields 2020-04-08 09:45:49 -04:00
Christophe Vandeplas 87e3824d99
Merge pull request #244 from Golbark/x509_enhancements
chg: [x509] using built-in types wherever possible
2020-04-08 10:51:01 +02:00
Golbark 238c44041a chg: [x509] using built-in types wherever possible 2020-04-08 01:42:12 -07:00
VVX7 a7e9fd9697 chg: [object] disable correlation on some fields. add external references. 2020-03-28 19:23:28 -04:00
VVX7 2b3e89b614 chg: [object] add narrative description/summary 2020-03-28 19:17:25 -04:00
VVX7 0518dd1aa3 chg: [object] add narrative description/summary 2020-03-28 19:16:33 -04:00
VVX7 1198f8fe68 chg: [object] change narrative version 2020-03-27 15:46:31 -04:00
VVX7 e387009bdd new: [object] add narrative. 2020-03-27 15:10:22 -04:00
Raphaël Vinot b436f9f28b Merge branch 'master' of github.com:MISP/misp-objects 2020-03-24 13:24:40 +01:00
Raphaël Vinot 9eedb854de chg: Bump CSSE COVID-19 Daily report to new version 2020-03-24 13:24:31 +01:00
chrisr3d fdfe7d2e4c
add: External references attribute for attack-pattern object 2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy 7ef9a2ba56
Merge pull request #240 from cudeso/master
Objects for data coming from the Cytomic Orion API
2020-03-10 09:40:50 +01:00
Koen Van Impe 2c58470654 JQ-all-the-things 2020-03-09 23:29:29 +01:00
Koen Van Impe ecac7ea52a Update object definition with first-|last- seen 2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project) 2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy 65a51a586f
chg: [http-request] fixed 2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy 401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request
Adding optional ip-src to http-request
2020-03-09 16:25:14 +01:00
Koen Van Impe bffae90c3d Remove -x from JSON files 2020-03-07 09:28:43 +01:00
Koen Van Impe bbac01aa1b Fix with jq_all_the_things 2020-03-07 09:24:51 +01:00
Koen Van Impe 8bb88fceaf Objects for data coming from the Cytomic Orion API 2020-03-07 09:03:01 +01:00
frpet 5fdec81530 Update definition.json
bump version
2020-03-06 14:08:20 +01:00
cbboggs fa6fe463a9
Adding optional ip-src to http-request
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src.   This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
2020-03-05 12:24:14 -06:00
frpet 2c6c44ccf8 Use more explicit misp-attribute types
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy 3d57ee4fd2
chg: [network-socket] add filename to object template
Reported-by: Belgian Defence - Tancred
2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy 1e5bb552f8
chg: [microblog] add Twitter-id reference 2020-03-04 14:08:10 +01:00
Raphaël Vinot b29a360c02 new: Add covid19 dxy live object 2020-03-02 00:12:24 +01:00
Raphaël Vinot 89db1fc34e Merge branch 'master' of github.com:MISP/misp-objects 2020-02-29 01:17:04 +01:00
Raphaël Vinot eabd0c1e55 new: CSSE COVID-19 Dataset - Daily report
Source:
  https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
2020-02-29 01:16:28 +01:00
Raphaël Vinot 416820edc0 new: [crypto-material] add generic-symmetric-key 2020-02-27 15:41:45 +01:00
Raphaël Vinot ef0c95bc9b Merge branch 'master' of github.com:MISP/misp-objects 2020-02-27 10:50:58 +01:00
Raphaël Vinot 6f5cd0d9d3 chg: [IntelMQ Event] replace non-ascii double quote by single quote 2020-02-27 10:50:47 +01:00
Raphaël Vinot 2f2315d4e2 fix: Typo in requiredOneOf 2020-02-26 14:52:06 +01:00
Raphaël Vinot d9226e0f5a fix: Typo in requiredOneOf 2020-02-26 14:49:59 +01:00
Alexandre Dulaunoy d110657604
chg: [vulnerability] remove underscore from the object 2020-02-25 10:53:17 +01:00
Alexandre Dulaunoy 8de8d85979
chg: [iot-device] reference added 2020-02-17 23:12:09 +01:00
Alexandre Dulaunoy 6ed76f4948
add: [iot-firmware] new object template to describe IoT firmware
The relationship will be often between iot-device and iot-firmware.

Ref: https://github.com/C00kie-/workshop-materials
2020-02-17 15:07:49 +01:00
Alexandre Dulaunoy 8fa25f4f47
chg: [file] imphash removed as it should be at PE level 2020-02-17 14:29:30 +01:00
Alexandre Dulaunoy 36ae20bf02
chg: [pe] imphash and impfuzzy can be as key attribute 2020-02-17 14:27:05 +01:00
Alexandre Dulaunoy 1d2bfe97ce
Merge pull request #233 from Terrtia/master
chg: [domain-crawled] domain shouldn't be a multiple
2020-02-17 10:51:35 +01:00
Terrtia 566612302f
chg: [domain-crawled] domain shouldn't be a multiple 2020-02-17 10:00:21 +01:00
Alexandre Dulaunoy 83073d8c65
chg: [iot] add SPI, Serial and JTAG status 2020-02-17 08:55:47 +01:00
Alexandre Dulaunoy cf30efabc6
chg: [iot] because reusing UUID is bad 2020-02-17 08:33:51 +01:00
Alexandre Dulaunoy 1d0065e852
new: [iot] a first version of the IoT object
Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials

The idea is to have this root object when a new IoT device is documented
and further objects will be connected such as firmware or even file object
2020-02-17 07:46:58 +01:00
Alexandre Dulaunoy 48bb38d67a
Merge pull request #232 from Terrtia/master
domain-crawled object
2020-02-16 21:04:16 +01:00
Terrtia 42df9d2e2f
chg: [crawled domain] rename object 2020-02-14 17:11:42 +01:00
Terrtia 5c46a3aad4
chg: add domain crawled object 2020-02-14 17:08:37 +01:00
Deborah Servili fdc24a8df8
update version 2020-02-13 12:30:08 +01:00
Deborah Servili 6380007b10
allow several subjects or sender for email objects 2020-02-13 12:28:47 +01:00
ater49 2738648e81 Adding some parts from HAR format description (http://www.softwareishard.com/blog/har-12-spec/) (More to come) 2020-02-10 14:59:35 +01:00
VVX7 1a40095f1a new: [objects] add instant-message object. add instant-message-group object. 2020-02-09 11:39:36 -05:00
Alexandre Dulaunoy 3ba77c9d2c
chg: [sms] the SMS center is a phone number 2020-02-06 12:06:26 +01:00
Alexandre Dulaunoy 371788589c
chg: [rtir] disable correlation on incident state 2020-02-06 11:55:27 +01:00
Alexandre Dulaunoy c32c7f4155
chg: [sms] missing Cellebrite fields added 2020-02-06 11:36:13 +01:00
Alexandre Dulaunoy 013c2c9c22
Merge branch 'master' of github.com:MISP/misp-objects 2020-02-06 11:04:53 +01:00
Alexandre Dulaunoy 3f9aca8e27
chg: [email] ip-src added in the email object templated as requested by Norberto Chavez
Ref: https://twitter.com/NORBERTOCHAVEZ/status/1225213457429127170
2020-02-06 11:03:33 +01:00
Raphaël Vinot 0c3aa14165 fix: attachment object relation does not exists. 2020-02-06 10:57:44 +01:00
Alexandre Dulaunoy 78fe4325b7
chg: [vehicule] image + type of vehicle added 2020-02-05 15:15:23 +01:00
Alexandre Dulaunoy ab6d7c3885
chg: [organization] typo fixed + description added 2020-02-05 15:06:37 +01:00
Alexandre Dulaunoy ccc0f4dd1f
chg: [phone] add brand and model 2020-02-05 15:04:10 +01:00
Andras Iklody 195fc46a13
fix: added iban as an alternative to bank account for the requirements
- fixes https://github.com/MISP/MISP/issues/5358
2020-02-04 11:46:24 +01:00
Alexandre Dulaunoy 5897fa7c37
Merge pull request #227 from Terrtia/master
chg: [new object pgp-meta]
2020-02-03 18:47:37 +01:00
Terrtia ae11730a82
fix: [new object pgp-meta] remove first seen/last seen + fix description 2020-02-03 16:45:28 +01:00
Terrtia b036b52e36
chg: [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature 2020-02-03 16:03:34 +01:00
VVX7 bde68265e3 chg: [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media. 2020-02-02 20:08:44 -05:00
VVX7 bc052e17f4 chg: [object field] add profile picture to user-account 2020-01-31 18:27:42 -05:00
VVX7 ed8e72bdb4 chg: [object field] enable multiple URL/link in microblog 2020-01-31 17:11:29 -05:00
VVX7 3bb42c766f chg: [object field] add title to microblog 2020-01-31 17:01:57 -05:00
VVX7 e4d217172e chg: [object field] add link for user-account page 2020-01-30 21:51:56 -05:00
VVX7 329d92162c chg: [object fields] add forged-document types, add microblog state 2020-01-30 21:31:06 -05:00
VVX7 4c4a3aabe5 new: [objects] news-agency, news-media 2020-01-30 19:57:39 -05:00
VVX7 8fa0166b24 chg: [microblog] allow multiple attachments per the enhancement request 2020-01-30 16:41:40 -05:00
VVX7 804e2116ce chg: [microblog] add attachment field for issue #186 2020-01-30 16:36:56 -05:00
VVX7 ce20ea05fe chg: [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description 2020-01-30 14:08:19 -05:00
VVX7 0b5c9bde29 chg: [blog] add title field to object 2020-01-29 21:55:26 -05:00
VVX7 acf22d496c chg: [meme-image] uuid and name duplicate 2020-01-28 22:08:45 -05:00
VVX7 79026cb1d6 Merge remote-tracking branch 'upstream/master' 2020-01-28 21:49:12 -05:00
VVX7 84909f1ff2 new: [objects] blog, forged-document, leaked-document, meme-image 2020-01-28 21:24:04 -05:00
Raphaël Vinot fb878a6901 fix: Wrong name in requiredOneOf 2020-01-28 10:47:18 +01:00
Alexandre Dulaunoy cdc463ef1a
chg: [domain-ip] port added (required by AIL crawling) 2020-01-24 15:46:06 +01:00
Raphaël Vinot e6659c7c7e new: TruStar report object 2020-01-24 12:58:28 +01:00
Alexandre Dulaunoy 1a3d6392f3
Merge pull request #219 from N1col4s5742/master
Add vehicle state
2020-01-24 11:23:28 +01:00
Nicolas e8583c5e13 change definition.json for vehicle and geolocation with verification sponge 2020-01-24 10:40:50 +01:00
Nicolas 6fd7dfc896 change definition.json for vehicle and geolocation 2020-01-24 10:30:22 +01:00
Nicolas 6cc3f4a51c change definition.json for vehicle 2020-01-24 10:25:32 +01:00
Raphaël Vinot fa63480391 fix: to_ids must be a bool 2020-01-16 13:46:53 +01:00
Andras Iklody 92ebb542c2
fix: [microblog] to_ids changes 2020-01-16 10:44:51 +01:00
Steve Clement 003391bab1
Merge remote-tracking branch 'upstream/master' into process 2020-01-14 09:47:45 +09:00
StefanKelm 1e096535ef
Update definition.json
Add compilation timestamp (similar to pe object)
2020-01-10 15:00:19 +01:00
Alexandre Dulaunoy ce80fb6384
chg: [microblog] disable correlation for the verified-username state 2019-12-27 11:27:53 +01:00
Alexandre Dulaunoy faf2b07599
chg: [annotation] 'full report' type added 2019-12-26 18:29:57 +01:00
N1col4s5742 c611736e35
Vehicle state 2019-12-20 14:20:08 +01:00
N1col4s5742 59027ddc6a
Bump version 2019-12-20 14:18:10 +01:00
N1col4s5742 5f1e6c5fec
Add vehicle state 2019-12-20 14:14:49 +01:00
Alexandre Dulaunoy bce1018325
Merge branch 'master' of github.com:MISP/misp-objects 2019-12-17 14:59:50 +01:00
Alexandre Dulaunoy e832f5ce64
chg: [organization] VAT - TAX-ID added in the template 2019-12-17 14:59:00 +01:00
Deborah Servili 33a7d6b574
Merge pull request #217 from Delta-Sierra/master
add imphash in file object
2019-12-10 12:26:08 +01:00
Deborah Servili c0877cfd7c
add imphash in file object 2019-12-10 12:19:29 +01:00
Alexandre Dulaunoy ab484998ff
chg: [microblog] add the ability to have non-malicious links
Fix #215
2019-12-06 14:59:12 +01:00
Jean-Louis Huynen 0fd9ff6670
chg: [dark-pattern] typos 2019-12-04 16:17:45 +01:00
Alexandre Dulaunoy 4185e2b8e2
chg: [script] attachment field added 2019-12-04 13:41:08 +01:00
Jean-Louis Huynen b69657b7b1
add: [dark-pattern] new object to share dark-patterns 2019-12-03 16:23:54 +01:00
Alexandre Dulaunoy 5e9aeadc7a
Merge branch 'master' of github.com:MISP/misp-objects 2019-12-03 08:07:50 +01:00
Alexandre Dulaunoy 34ac927065
new: [virustotal-graph] VirusTotal graph object added
Based on the discussion with VT, virustotal-graph object has been added which will
be used with the expansion modules and also to trigger the specific
quick-tab in MISP to display the VT graph result in an iframe if this
object is present.
2019-12-03 07:39:28 +01:00
m4tze 33a75fe4f2
updated "version" to 4 2019-11-29 09:09:30 +01:00
m4tze cd08dc32a0
added "type" to "requiredOneOf" 2019-11-29 08:56:55 +01:00
Raphaël Vinot 68d61d25d9 fix: Type asn -> AS 2019-11-25 16:23:42 +01:00
Raphaël Vinot 2ce8794528 fix: ui-priority is required in the object template 2019-11-25 16:21:19 +01:00
Raphaël Vinot 185fae4a61 fix: Make jq happy 2019-11-25 14:48:51 +01:00
Raphaël Vinot 2fe41c1c46 new: IntelQM objects 2019-11-25 14:43:28 +01:00
Raphaël Vinot 3d7b09e9c4 chg: Update crypto-material and url 2019-11-18 18:03:01 +01:00
Alexandre Dulaunoy 4b76b30061
chg: [microblog] verified field added to add the state of the username 2019-11-16 21:13:10 +01:00
Deborah Servili bdad48d587
switch requiredOneOf list to required since it contains only one element 2019-11-08 15:35:14 +01:00
Jean-Louis Huynen 7b2e5061bb chg: [x509, crypto-material] several changes:
- enables correlation on n, p, q;
- allows for only providing modulus for crypto material;
- specifies the expected data format of several fields.
2019-10-31 10:09:40 +01:00
Alexandre Dulaunoy 58d6722f5e
chg: [crypto-material] new object to described key materials (public and private) 2019-10-17 15:41:01 +02:00
Alexandre Dulaunoy 0859a97535
chg: [x509] to map with D4 project snakeoil database 2019-10-17 14:48:21 +02:00
Alexandre Dulaunoy edf8b59af7
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm
As mentioned in #84
2019-10-05 10:05:26 +02:00
Raphaël Vinot 2cd5329b00 fix: duplicate in coin-address 2019-10-01 13:21:28 -07:00
Alexandre Dulaunoy 49e6c989d5
chg: [coin-address] DASH cryptocurrency address added 2019-10-01 20:17:44 +02:00
Alexandre Dulaunoy ffc120106c
Update definition.json
Following discussion during MISP training - new language seen in a malware campaign.
2019-09-25 12:15:04 +02:00
Deborah Servili 6622083a2b
rename object misc to organization + update version 2019-09-23 12:57:09 +02:00
Deborah Servili d116b7e4b2
Update version of paste object 2019-09-23 09:54:41 +02:00
Alexandre Dulaunoy 4ab14e785a
chg: [translation] double entry fixed in requiredOneOf
Signed-off by:  By de leaduh of JavaScript and decayin' indicatawhs
2019-09-20 09:05:49 +02:00
Alexandre Dulaunoy 52e8f9e98b
chg: [translation] list of sane default for the languages + type of translation 2019-09-20 07:30:30 +02:00
Deborah Servili 4081dc8f8f
jq 2019-09-19 16:26:41 +02:00
Deborah Servili 2721d103e5
add translation object 2019-09-19 16:14:48 +02:00
Deborah Servili a210cb0490
add hashtag attribute in microblog object 2019-09-19 13:33:45 +02:00
Deborah Servili 85f9aee365 Merge https://github.com/MISP/misp-objects 2019-09-17 15:00:51 +02:00
Deborah Servili ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post 2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy a7157678af
Merge pull request #204 from saadkadhi/patch-1
Better wording
2019-09-12 11:12:36 +02:00
Saad Kadhi 0f76563ffc
Better wording 2019-09-11 22:02:48 +02:00
Saad Kadhi a98631d533
Better wording 2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy 0910f0b15f
chg: [credential] adding disable correlation when required 2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy 951abf10fe
chg: [new object templates] various updates 2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master 2019-09-11 08:52:20 +02:00
Deborah Servili b9d16a38ad
draft command object 2019-09-10 16:15:40 +02:00
Deborah Servili 0d40f64815
add impersonation object 2019-09-09 16:36:16 +02:00
Christophe Vandeplas a347aa78fe fix: [virustotal] corrected typo in category 2019-08-08 14:01:09 +02:00
Christophe Vandeplas 7c3ee740fa fix: [timesketch] fix incorrect attribute type 2019-08-08 12:11:13 +02:00
Pierre-Jean Grenier 006e792829
fix: [process] change undefined attributes
misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly
2019-08-06 10:39:43 +02:00
Pierre-Jean Grenier fc182be371
Change undefined category to "External analysis" 2019-08-02 14:37:08 +02:00
chrisr3d 29febb2de0
fix: JQed all the things 2019-08-01 15:50:29 +02:00
chrisr3d ad83a3a56f
new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE
- The attack-pattern object is using a new
  attribute type called weakness to describe CWE
  id, which will link to its own information as
  described in https://cve.circl.lu
2019-08-01 14:34:30 +02:00
Raphaël Vinot e5cd4c761a chg: Rename category environment -> climate 2019-07-24 09:31:15 +02:00
Raphaël Vinot 5650664665 new: Objects for Scripps CO2 2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy fbeb34ccb7
Merge pull request #193 from kx499/master
Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy 17f1b75973
chg: [network-connection] community-id added 2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy d504979f10
chg: [netflow] attribute community-id added in netflow object template
Ref: https://github.com/corelight/community-id-spec

Ref: 020e67c154
2019-07-13 10:02:15 +02:00
Steve Clement e67b937f73
chg: [process] revert back to single char in light of the new process-attribute 2019-07-13 12:28:31 +09:00
Steve Clement eaf0301fe3
chg: [process] Added sane defaults. 2019-07-12 16:04:38 +09:00
Steve Clement c1a5a52155
chg: [process] Updated process object 2019-07-12 14:33:51 +09:00
Alexandre Dulaunoy 919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects 2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field
As requested in https://github.com/MISP/MISP/issues/4858
2019-07-11 22:59:05 +02:00
Sascha Rommelfangen fd15381cc2
disable correlation on the text field 2019-07-11 16:01:06 +02:00
Sascha Rommelfangen e26a2b6d81
transaction number must be multiple (and text) 2019-07-11 15:51:07 +02:00
Sascha Rommelfangen 1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5
fixed issue with requirements
2019-07-11 15:24:50 +02:00
Sascha Rommelfangen 07987dc1dd
bumped version 2019-07-11 15:19:37 +02:00
Sascha Rommelfangen aab46e38ea
bumped version 2019-07-11 15:18:55 +02:00
Sascha Rommelfangen 139c190c6a
fixed issue with requirements 2019-07-11 14:56:38 +02:00
Sascha Rommelfangen 78e6b95465
missing parts for balance corrected 2019-07-11 14:34:44 +02:00
Sascha Rommelfangen 873b5cc5a1
removed unneeded characters 2019-07-10 16:35:07 +02:00
Sascha Rommelfangen 2ad020bf15 Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540' 2019-07-10 15:34:35 +02:00
Sascha Rommelfangen ad1300767f add: btc wallet and transaction object templates 2019-07-10 15:15:16 +02:00
kx1499 c8f6c97da0 Merge remote-tracking branch 'upstream/master' 2019-07-09 22:13:31 -04:00
chrisr3d 0caf4a9edc
chg: Added user-id attribute as one of the required ones 2019-07-09 17:05:48 +02:00
chrisr3d ddff56f52c
fix: TYPO 2019-07-08 11:38:11 +02:00
chrisr3d b96e7ed8be
new: New object describing user accounts 2019-07-08 11:18:21 +02:00
chrisr3d d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes 2019-07-05 16:11:31 +02:00
chrisr3d bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee
- Users can then choose between "ip" when they do
  not know whever it is a source or destination IP
  address, or "ip-src" & "ip-dst" to have more
  clarity about the IP address
2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
2019-07-02 10:19:54 +02:00
ater49 e2f12cebd6 Adding IIN and bank_name 2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy 41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns
Thanks to CERT.br for the contribution
2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy e7bb12af7d
chg: [shell-commands] fix typo in object name 2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy 48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands. 2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy a1b2db8fd1
chg: [script] requiredOneOf for script or filename
Malicious scripts can be received without having a filename.
2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized
keys (and do correlation for fun-and-profit(tm))
2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy d922d3eaa5
chg: [person] Gender unknown added
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.

topic:enforce
2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious
or just OSINT.
2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy 230122493c
chg: [authenticode-signerinfo] first version 2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy 8f951e8450
chg: [jq] jq all the things(tm) 2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy cce77727d6
chg: [x509] improve X.509 certificate description to match required ones
from LIEF (as discussed in #180).
2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy 79ab435903
Merge pull request #181 from ater49/master
Adding registration-date in domain-ip
2019-05-04 09:35:11 +02:00
ater49 a2bec8571b Correcting "_" to "-" in fields name 2019-05-03 22:12:08 +02:00
ater49 424900b02d Adding registration-date to domain-ip 2019-05-03 22:08:44 +02:00
Raphaël Vinot f2e8195d50 new: Add offset, virtual_address and virtual_size to the pe section object
Related to https://github.com/MISP/PyMISP/issues/388
2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy e76e492894
chg: [regripper] version updated 2019-05-01 21:32:14 +02:00
mday 71b4e71ab1 update the misp-attribute to specify a valid value instead of an empty string 2019-05-01 14:11:30 -05:00
mday baae683771 update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy 0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s) 2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy 1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels 2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy b656cc532d
chg: [device] name of an object must be lowercase 2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy 3dcb1725ae
chg: [phishing-kit] small typo fixed in the description 2019-04-21 15:52:57 +02:00
Raphaël Vinot a6ed6df86a Merge branch 'master' of github.com:MISP/misp-objects 2019-04-18 11:15:56 +02:00
Raphaël Vinot 371ffe77fb chg: Allow to create a file object with a non-malicious file.
Fix #175 #176
2019-04-18 11:14:22 +02:00
Andras Iklody 92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device
Haxpak/update device
2019-04-16 07:43:01 +02:00
Andras Iklody ed271a3b7d
Merge pull request #173 from haxpak/master
added option "Further Analysis Required" to attribute stage of object course-of-action
2019-04-16 07:42:32 +02:00
haxpak 4066da31e4 changed device type drop down from category to sane_default 2019-04-16 08:31:43 +05:30
haxpak 89b8e10fbe added option "Further Analysis Required" to attribute stage 2019-04-15 17:41:39 +05:30
Andras Iklody a8e89e3eaa
Merge branch 'master' into haxpak/#24 2019-04-15 10:52:48 +02:00
haxpak 9f4e7737a1 added attribute DNS name to device object
changed MAC address misp attribute to mac-address
2019-04-15 10:33:08 +05:30
haxpak 3cef676f34 added OS, version, dns-name attribute to device
changed misp-attribute of mac-address from text to mac-address
2019-04-15 10:29:09 +05:30
haxpak 836bd04a75 meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category 2019-04-14 11:32:55 +05:30
haxpak 2053c17fa4 corrected typo 2019-04-14 11:27:29 +05:30
haxpak 4f1745a095 added meta category organization 2019-04-14 11:26:12 +05:30
haxpak b24336499a modified: objects/device/definition.json
modified:   objects/phishing-kit/definition.json
2019-04-14 11:04:57 +05:30
haxpak bb9ff86b2f added MAC address to device
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
2019-04-14 10:53:57 +05:30
haxpak 9f3fb14ed5 changed organization meta category to misc 2019-04-13 14:57:55 +05:30
haxpak 6917beee5f reverted device to misc category 2019-04-13 14:02:26 +05:30
haxpak 63fff149f0 added requiredOneOf to device definition 2019-04-13 13:49:16 +05:30
haxpak df91c999e6 fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
haxpak 23ab735119 - added : attachment attribute to annotation
- added : new object type device
2019-04-13 13:32:56 +05:30
haxpak 161f72678a modified : person object "changed UI priority of the attributes"
modified : report object "added attachment to report"
2019-04-13 12:05:51 +05:30
haxpak 71419a999a new-object : Organization "Defines an organization" 2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy c5532621b6
chg: [ip-port] ip-src added to fix #149 2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy 006aa1d1a2
chg: [script] filename added to fix #149 2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy 4793bf33ae
chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1
Username is often utilised alongside a credential
2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy 302182e594
Merge pull request #159 from geekscrapy/patch-1
Added current-directory to required field
2019-04-02 19:55:03 +02:00
molley a50986361f
Username is often utilised alongside a credential
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
2019-04-02 18:26:00 +01:00
molley 490d760a4b
Added current-directory to required field
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
2019-04-02 17:41:07 +01:00
molley a85178255c
Added issuer as one of the required fields
This is often a field used on it's own to identify a malicious cert
2019-04-02 17:28:49 +01:00
Raphaël Vinot 0c6b7b4302 chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy 047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI) 2019-03-15 14:36:12 +01:00
kx1499 e61344c981 Merge remote-tracking branch 'upstream/master' 2019-03-14 21:42:12 -04:00
Deborah Servili 55f5716b5d
remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
Deborah Servili 96751b2af7
remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
Deborah Servili 41dd469869
add ilr-notification-incident object 2019-02-26 15:51:20 +01:00
Deborah Servili bd9970b1c9
fix lr-impact attributes names 2019-02-26 14:26:29 +01:00
Deborah Servili bc05eca2b6
disable correlations on ilr-impact attributes 2019-02-26 14:05:01 +01:00
Deborah Servili ec2851d4eb
add ilr-impact object 2019-02-26 13:57:31 +01:00
Sascha Rommelfangen 45f6aec0f5
corrected order 2019-02-25 09:29:15 +01:00
marcnil815 03870031db
jq'ed definition.json 2019-02-21 19:36:07 +01:00
marcnil815 e26e54b54a
Create splunk object definition.json
Adding misp-object for basic splunk search/correlation search values.
2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy b0f07156ae
Merge pull request #147 from Delta-Sierra/master
Person object - Add a (or several) role to a person
2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy 18042c0749
chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00