Alexandre Dulaunoy
939a950d87
chg: [jq] all the things
2020-08-28 16:33:05 +02:00
Pauline Bourmeau
50288b806c
Update definition.json
2020-08-28 16:27:41 +02:00
Pauline Bourmeau
d76f21d8b5
Update definition.json
2020-08-28 16:15:57 +02:00
Alexandre Dulaunoy
a168037d93
chg: [jq] all the things
2020-08-28 16:10:42 +02:00
Alexandre Dulaunoy
894ab6e24b
Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main
2020-08-28 16:10:12 +02:00
Alexandre Dulaunoy
c487e73b86
chg: [jq] all the things
2020-08-28 16:08:39 +02:00
Pauline Bourmeau
794063dfe9
Update definition.json
2020-08-28 16:05:33 +02:00
Pauline Bourmeau
9fd1f78b5a
Update definition.json
2020-08-28 16:05:05 +02:00
Pauline Bourmeau
b698ccb724
Update definition.json
2020-08-28 16:04:23 +02:00
Alexandre Dulaunoy
6b6c136b9c
chg: [vulnerability] vulnerability is is now a vulnerability type
...
The vulnerability type is an official CVE number.
We might need to add in the future a new attribute in the object
for non-CVE id of a vulnerability or adding other id type in the object.
This commit fixes #234
2020-08-28 11:23:10 +02:00
rmkml
cd49fe8d97
add SHA3 Hash on definition.json
2020-08-23 19:30:17 +02:00
Alexandre Dulaunoy
842d128ef3
chg: [misp-objects] newline newline newline is the evil
2020-08-20 10:53:06 +02:00
Alexandre Dulaunoy
dc70db0204
chg: [pe] multiple is true not 1 ;-)
2020-08-20 10:44:41 +02:00
Alexandre Dulaunoy
0c863f194f
chg: [pe] richpe
2020-08-20 10:39:49 +02:00
Andras Iklody
4a671ca739
chg: [RichPE] added
2020-08-20 10:14:35 +02:00
Alexandre Dulaunoy
bfec61d8b0
chg: [file] jq
2020-08-18 07:54:42 +02:00
Alexandre Dulaunoy
7fdfbd4110
UUID must be the same
2020-08-18 07:44:12 +02:00
rmkml
5bdc6c6592
add vhash (VirusTotal Hash) on definition.json
2020-08-17 17:35:58 +02:00
Emil Henry Flakk
097ea8c76c
Add more rrtypes to dns-record
2020-08-15 14:57:53 +02:00
VVX7
7bbcf0ed78
chg: [dev] add Parler app objects
2020-07-05 22:03:16 -04:00
Marc Hörsken
58fb163312
chg: [cortex-taxonomy] sort attributes
...
Make sure the attributes are sorted like a Cortex taxonomy
would normally be displayed/summarized:
`namespace:predicate="value"` with `level` as a meta information.
2020-07-02 13:29:32 +02:00
Raphaël Vinot
b7c2562a4f
new: android-app object template
2020-06-21 21:45:46 +02:00
Jean-Louis Huynen
c1b7b93526
add: [d4] authentication failure report object
2020-06-16 15:59:02 +02:00
Alexandre Dulaunoy
bffde5446e
Merge pull request #261 from VVX7/master
...
chg: [dev] disable correlation on some attributes.
2020-06-12 09:00:07 +02:00
VVX7
bbd5a2a94d
chg: [dev] disable correlation on some attributes. fix underscore typo in account profile-image.
2020-06-11 19:35:02 -04:00
Alexandre Dulaunoy
968a7a8212
Merge pull request #260 from VVX7/master
...
chg: [dev] make Reddit attributes reflect Reddit API.
2020-06-08 17:22:27 +02:00
VVX7
7577cbe59a
chg: [dev] make Reddit attributes (mostly) reflect Reddit API.
2020-06-08 11:16:59 -04:00
Alexandre Dulaunoy
75b71d6f3b
Merge pull request #258 from VVX7/master
...
chg: [dev] add object properties from #254
2020-06-02 19:00:35 +02:00
VVX7
53d2a18811
chg: [dev] run validate_all/jq
2020-06-02 11:11:43 -04:00
VVX7
56bd29d829
chg: [dev] make twitter object attributes more consistent with twitter api
2020-06-02 11:08:30 -04:00
Jesse Hedden
42d3dda12f
fixed order
2020-06-01 16:36:58 -07:00
Jesse Hedden
8256c0ada9
extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored
2020-06-01 16:02:03 -07:00
VVX7
200ac19bad
chg: [dev] add object properties from #257
2020-05-31 09:52:49 -04:00
VVX7
b9e235a4f4
chg: [dev] fix attribute type
2020-05-30 18:36:09 -04:00
VVX7
cf5687b50d
new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image.
2020-05-29 21:10:02 -04:00
VVX7
ed7a730a79
new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit
2020-05-29 16:34:00 -04:00
VVX7
c6da4c9e66
chg: [dev] add user avatar
2020-05-28 16:40:21 -04:00
VVX7
69467c133f
new: [dev] add facebook-account
2020-05-28 16:32:20 -04:00
VVX7
5aeac12979
chg: [dev] change post-id attribute type to text
2020-05-28 15:48:18 -04:00
VVX7
ede33742aa
chg: [dev] run rq
2020-05-28 15:32:43 -04:00
VVX7
ae95dd1834
new: [dev] add facebook-post object.
2020-05-28 15:31:50 -04:00
VVX7
5a9a0fe5ce
new: [dev] add facebook-page object.
2020-05-28 15:29:01 -04:00
VVX7
66f96da3d9
new: [dev] add facebook-group object.
2020-05-28 15:25:04 -04:00
VVX7
2164d80337
chg: [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions.
2020-05-28 15:19:27 -04:00
Raphaël Vinot
093850f6c3
new: Preliminary version of git-vuln-finder object template
2020-05-26 12:31:45 +02:00
Alexandre Dulaunoy
9e73449ec7
chg: [sms] format fixed
2020-05-14 18:17:09 +02:00
Carlos Borges
546cd88918
Updating template version
2020-05-13 20:44:09 -03:00
Carlos Borges
02ea8d2afc
updating a missing comma
2020-05-13 20:43:37 -03:00
Carlos Borges
e5ed919e26
Adding phone company of the sending SMS number
...
While sharing some data using this object, we saw the need to add the phone company of the number sending the sms.
With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies.
Using web services like Truecaller, it's possible to enrich an analysis with this data.
2020-05-13 20:42:55 -03:00
Raphaël Vinot
26a9d6b51f
new: Objects and relations for FollowTheMoney
2020-05-05 11:02:53 +02:00
Alexandre Dulaunoy
366a8bb121
chg: [boleto] JSON fixed
2020-05-04 13:19:59 +02:00
Carlos Borges
68fe7eed05
New object - Boleto
...
Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud.
Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code.
This object will help institutions identify frauds sources and improve orgs protection.
2020-05-03 00:02:40 -03:00
VVX7
bb600ce627
chg: [publication] modify requiredOneOf, contributor type to text attribute
2020-04-28 18:58:59 -04:00
VVX7
738f32e27b
new: [publication] jq'd the object
2020-04-28 15:46:13 -04:00
VVX7
84633dbd32
new: [publication] add object to describe academic journals, books, etc.
2020-04-28 11:57:28 -04:00
Raphaël Vinot
d9f1db590a
chg: Sort all the entries in the templates by default
2020-04-26 02:13:18 +02:00
Raphaël Vinot
73d710cfbc
fix: Align directory names with object name
2020-04-26 02:07:26 +02:00
Alexandre Dulaunoy
3b5451c325
chg: [legal-entity] website and logo added for legal entity
...
Thanks to Emmanuel MANCIET for the proposal
2020-04-24 18:24:25 +02:00
VVX7
28b4b615ed
chg: [object] add new microblog attributes, change some of the descriptions to make them clearer
2020-04-17 00:11:48 -04:00
VVX7
d50a9eeb13
new: [object] add scheduled-event, add social-media-group
2020-04-15 22:57:12 -04:00
VVX7
fae74bf73c
Merge branch 'master' of https://github.com/misp/misp-objects
2020-04-15 22:24:57 -04:00
Alexandre Dulaunoy
ef01e6e37b
chg: [victim] add a domain to field to reference a victim by their Internet domain name
2020-04-15 09:39:32 +02:00
VVX7
efa53e812d
chg: [object] update narrative required object fields
2020-04-10 01:39:05 -04:00
VVX7
1527dedb26
chg: [object] update narrative object fields
2020-04-08 09:45:49 -04:00
Christophe Vandeplas
87e3824d99
Merge pull request #244 from Golbark/x509_enhancements
...
chg: [x509] using built-in types wherever possible
2020-04-08 10:51:01 +02:00
Golbark
238c44041a
chg: [x509] using built-in types wherever possible
2020-04-08 01:42:12 -07:00
VVX7
a7e9fd9697
chg: [object] disable correlation on some fields. add external references.
2020-03-28 19:23:28 -04:00
VVX7
2b3e89b614
chg: [object] add narrative description/summary
2020-03-28 19:17:25 -04:00
VVX7
0518dd1aa3
chg: [object] add narrative description/summary
2020-03-28 19:16:33 -04:00
VVX7
1198f8fe68
chg: [object] change narrative version
2020-03-27 15:46:31 -04:00
VVX7
e387009bdd
new: [object] add narrative.
2020-03-27 15:10:22 -04:00
Raphaël Vinot
b436f9f28b
Merge branch 'master' of github.com:MISP/misp-objects
2020-03-24 13:24:40 +01:00
Raphaël Vinot
9eedb854de
chg: Bump CSSE COVID-19 Daily report to new version
2020-03-24 13:24:31 +01:00
chrisr3d
fdfe7d2e4c
add: External references attribute for attack-pattern object
2020-03-17 10:03:33 +01:00
Alexandre Dulaunoy
7ef9a2ba56
Merge pull request #240 from cudeso/master
...
Objects for data coming from the Cytomic Orion API
2020-03-10 09:40:50 +01:00
Koen Van Impe
2c58470654
JQ-all-the-things
2020-03-09 23:29:29 +01:00
Koen Van Impe
ecac7ea52a
Update object definition with first-|last- seen
2020-03-09 23:26:25 +01:00
Alexandre Dulaunoy
a09f7f55a8
chg: [victim] add reference to case (as requested by law-enforcement - ENFORCE project)
2020-03-09 16:32:18 +01:00
Alexandre Dulaunoy
65a51a586f
chg: [http-request] fixed
2020-03-09 16:25:57 +01:00
Alexandre Dulaunoy
401b8a4619
Merge pull request #239 from cbboggs/cbboggs-http-request
...
Adding optional ip-src to http-request
2020-03-09 16:25:14 +01:00
Koen Van Impe
bffae90c3d
Remove -x from JSON files
2020-03-07 09:28:43 +01:00
Koen Van Impe
bbac01aa1b
Fix with jq_all_the_things
2020-03-07 09:24:51 +01:00
Koen Van Impe
8bb88fceaf
Objects for data coming from the Cytomic Orion API
2020-03-07 09:03:01 +01:00
frpet
5fdec81530
Update definition.json
...
bump version
2020-03-06 14:08:20 +01:00
cbboggs
fa6fe463a9
Adding optional ip-src to http-request
...
modified existing "ip" attribute to "ip-dst", and added attribute for ip-src. This allows http-request to be used in scenarios where observed connections are source specific, not destination specific.
2020-03-05 12:24:14 -06:00
frpet
2c6c44ccf8
Use more explicit misp-attribute types
...
Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
2020-03-05 18:55:29 +01:00
Alexandre Dulaunoy
3d57ee4fd2
chg: [network-socket] add filename to object template
...
Reported-by: Belgian Defence - Tancred
2020-03-04 14:25:26 +01:00
Alexandre Dulaunoy
1e5bb552f8
chg: [microblog] add Twitter-id reference
2020-03-04 14:08:10 +01:00
Raphaël Vinot
b29a360c02
new: Add covid19 dxy live object
2020-03-02 00:12:24 +01:00
Raphaël Vinot
89db1fc34e
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-29 01:17:04 +01:00
Raphaël Vinot
eabd0c1e55
new: CSSE COVID-19 Dataset - Daily report
...
Source:
https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data
2020-02-29 01:16:28 +01:00
Raphaël Vinot
416820edc0
new: [crypto-material] add generic-symmetric-key
2020-02-27 15:41:45 +01:00
Raphaël Vinot
ef0c95bc9b
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-27 10:50:58 +01:00
Raphaël Vinot
6f5cd0d9d3
chg: [IntelMQ Event] replace non-ascii double quote by single quote
2020-02-27 10:50:47 +01:00
Raphaël Vinot
2f2315d4e2
fix: Typo in requiredOneOf
2020-02-26 14:52:06 +01:00
Raphaël Vinot
d9226e0f5a
fix: Typo in requiredOneOf
2020-02-26 14:49:59 +01:00
Alexandre Dulaunoy
d110657604
chg: [vulnerability] remove underscore from the object
2020-02-25 10:53:17 +01:00
Alexandre Dulaunoy
8de8d85979
chg: [iot-device] reference added
2020-02-17 23:12:09 +01:00
Alexandre Dulaunoy
6ed76f4948
add: [iot-firmware] new object template to describe IoT firmware
...
The relationship will be often between iot-device and iot-firmware.
Ref: https://github.com/C00kie-/workshop-materials
2020-02-17 15:07:49 +01:00
Alexandre Dulaunoy
8fa25f4f47
chg: [file] imphash removed as it should be at PE level
2020-02-17 14:29:30 +01:00
Alexandre Dulaunoy
36ae20bf02
chg: [pe] imphash and impfuzzy can be as key attribute
2020-02-17 14:27:05 +01:00
Alexandre Dulaunoy
1d2bfe97ce
Merge pull request #233 from Terrtia/master
...
chg: [domain-crawled] domain shouldn't be a multiple
2020-02-17 10:51:35 +01:00
Terrtia
566612302f
chg: [domain-crawled] domain shouldn't be a multiple
2020-02-17 10:00:21 +01:00
Alexandre Dulaunoy
83073d8c65
chg: [iot] add SPI, Serial and JTAG status
2020-02-17 08:55:47 +01:00
Alexandre Dulaunoy
cf30efabc6
chg: [iot] because reusing UUID is bad
2020-02-17 08:33:51 +01:00
Alexandre Dulaunoy
1d0065e852
new: [iot] a first version of the IoT object
...
Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials
The idea is to have this root object when a new IoT device is documented
and further objects will be connected such as firmware or even file object
2020-02-17 07:46:58 +01:00
Alexandre Dulaunoy
48bb38d67a
Merge pull request #232 from Terrtia/master
...
domain-crawled object
2020-02-16 21:04:16 +01:00
Terrtia
42df9d2e2f
chg: [crawled domain] rename object
2020-02-14 17:11:42 +01:00
Terrtia
5c46a3aad4
chg: add domain crawled object
2020-02-14 17:08:37 +01:00
Deborah Servili
fdc24a8df8
update version
2020-02-13 12:30:08 +01:00
Deborah Servili
6380007b10
allow several subjects or sender for email objects
2020-02-13 12:28:47 +01:00
ater49
2738648e81
Adding some parts from HAR format description ( http://www.softwareishard.com/blog/har-12-spec/ ) (More to come)
2020-02-10 14:59:35 +01:00
VVX7
1a40095f1a
new: [objects] add instant-message object. add instant-message-group object.
2020-02-09 11:39:36 -05:00
Alexandre Dulaunoy
3ba77c9d2c
chg: [sms] the SMS center is a phone number
2020-02-06 12:06:26 +01:00
Alexandre Dulaunoy
371788589c
chg: [rtir] disable correlation on incident state
2020-02-06 11:55:27 +01:00
Alexandre Dulaunoy
c32c7f4155
chg: [sms] missing Cellebrite fields added
2020-02-06 11:36:13 +01:00
Alexandre Dulaunoy
013c2c9c22
Merge branch 'master' of github.com:MISP/misp-objects
2020-02-06 11:04:53 +01:00
Alexandre Dulaunoy
3f9aca8e27
chg: [email] ip-src added in the email object templated as requested by Norberto Chavez
...
Ref: https://twitter.com/NORBERTOCHAVEZ/status/1225213457429127170
2020-02-06 11:03:33 +01:00
Raphaël Vinot
0c3aa14165
fix: attachment object relation does not exists.
2020-02-06 10:57:44 +01:00
Alexandre Dulaunoy
78fe4325b7
chg: [vehicule] image + type of vehicle added
2020-02-05 15:15:23 +01:00
Alexandre Dulaunoy
ab6d7c3885
chg: [organization] typo fixed + description added
2020-02-05 15:06:37 +01:00
Alexandre Dulaunoy
ccc0f4dd1f
chg: [phone] add brand and model
2020-02-05 15:04:10 +01:00
Andras Iklody
195fc46a13
fix: added iban as an alternative to bank account for the requirements
...
- fixes https://github.com/MISP/MISP/issues/5358
2020-02-04 11:46:24 +01:00
Alexandre Dulaunoy
5897fa7c37
Merge pull request #227 from Terrtia/master
...
chg: [new object pgp-meta]
2020-02-03 18:47:37 +01:00
Terrtia
ae11730a82
fix: [new object pgp-meta] remove first seen/last seen + fix description
2020-02-03 16:45:28 +01:00
Terrtia
b036b52e36
chg: [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature
2020-02-03 16:03:34 +01:00
VVX7
bde68265e3
chg: [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media.
2020-02-02 20:08:44 -05:00
VVX7
bc052e17f4
chg: [object field] add profile picture to user-account
2020-01-31 18:27:42 -05:00
VVX7
ed8e72bdb4
chg: [object field] enable multiple URL/link in microblog
2020-01-31 17:11:29 -05:00
VVX7
3bb42c766f
chg: [object field] add title to microblog
2020-01-31 17:01:57 -05:00
VVX7
e4d217172e
chg: [object field] add link for user-account page
2020-01-30 21:51:56 -05:00
VVX7
329d92162c
chg: [object fields] add forged-document types, add microblog state
2020-01-30 21:31:06 -05:00
VVX7
4c4a3aabe5
new: [objects] news-agency, news-media
2020-01-30 19:57:39 -05:00
VVX7
8fa0166b24
chg: [microblog] allow multiple attachments per the enhancement request
2020-01-30 16:41:40 -05:00
VVX7
804e2116ce
chg: [microblog] add attachment field for issue #186
2020-01-30 16:36:56 -05:00
VVX7
ce20ea05fe
chg: [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description
2020-01-30 14:08:19 -05:00
VVX7
0b5c9bde29
chg: [blog] add title field to object
2020-01-29 21:55:26 -05:00
VVX7
acf22d496c
chg: [meme-image] uuid and name duplicate
2020-01-28 22:08:45 -05:00
VVX7
79026cb1d6
Merge remote-tracking branch 'upstream/master'
2020-01-28 21:49:12 -05:00
VVX7
84909f1ff2
new: [objects] blog, forged-document, leaked-document, meme-image
2020-01-28 21:24:04 -05:00
Raphaël Vinot
fb878a6901
fix: Wrong name in requiredOneOf
2020-01-28 10:47:18 +01:00
Alexandre Dulaunoy
cdc463ef1a
chg: [domain-ip] port added (required by AIL crawling)
2020-01-24 15:46:06 +01:00
Raphaël Vinot
e6659c7c7e
new: TruStar report object
2020-01-24 12:58:28 +01:00
Alexandre Dulaunoy
1a3d6392f3
Merge pull request #219 from N1col4s5742/master
...
Add vehicle state
2020-01-24 11:23:28 +01:00
Nicolas
e8583c5e13
change definition.json for vehicle and geolocation with verification sponge
2020-01-24 10:40:50 +01:00
Nicolas
6fd7dfc896
change definition.json for vehicle and geolocation
2020-01-24 10:30:22 +01:00
Nicolas
6cc3f4a51c
change definition.json for vehicle
2020-01-24 10:25:32 +01:00
Raphaël Vinot
fa63480391
fix: to_ids must be a bool
2020-01-16 13:46:53 +01:00
Andras Iklody
92ebb542c2
fix: [microblog] to_ids changes
2020-01-16 10:44:51 +01:00
Steve Clement
003391bab1
Merge remote-tracking branch 'upstream/master' into process
2020-01-14 09:47:45 +09:00
StefanKelm
1e096535ef
Update definition.json
...
Add compilation timestamp (similar to pe object)
2020-01-10 15:00:19 +01:00
Alexandre Dulaunoy
ce80fb6384
chg: [microblog] disable correlation for the verified-username state
2019-12-27 11:27:53 +01:00
Alexandre Dulaunoy
faf2b07599
chg: [annotation] 'full report' type added
2019-12-26 18:29:57 +01:00
N1col4s5742
c611736e35
Vehicle state
2019-12-20 14:20:08 +01:00
N1col4s5742
59027ddc6a
Bump version
2019-12-20 14:18:10 +01:00
N1col4s5742
5f1e6c5fec
Add vehicle state
2019-12-20 14:14:49 +01:00
Alexandre Dulaunoy
bce1018325
Merge branch 'master' of github.com:MISP/misp-objects
2019-12-17 14:59:50 +01:00
Alexandre Dulaunoy
e832f5ce64
chg: [organization] VAT - TAX-ID added in the template
2019-12-17 14:59:00 +01:00
Deborah Servili
33a7d6b574
Merge pull request #217 from Delta-Sierra/master
...
add imphash in file object
2019-12-10 12:26:08 +01:00
Deborah Servili
c0877cfd7c
add imphash in file object
2019-12-10 12:19:29 +01:00
Alexandre Dulaunoy
ab484998ff
chg: [microblog] add the ability to have non-malicious links
...
Fix #215
2019-12-06 14:59:12 +01:00
Jean-Louis Huynen
0fd9ff6670
chg: [dark-pattern] typos
2019-12-04 16:17:45 +01:00
Alexandre Dulaunoy
4185e2b8e2
chg: [script] attachment field added
2019-12-04 13:41:08 +01:00
Jean-Louis Huynen
b69657b7b1
add: [dark-pattern] new object to share dark-patterns
2019-12-03 16:23:54 +01:00
Alexandre Dulaunoy
5e9aeadc7a
Merge branch 'master' of github.com:MISP/misp-objects
2019-12-03 08:07:50 +01:00
Alexandre Dulaunoy
34ac927065
new: [virustotal-graph] VirusTotal graph object added
...
Based on the discussion with VT, virustotal-graph object has been added which will
be used with the expansion modules and also to trigger the specific
quick-tab in MISP to display the VT graph result in an iframe if this
object is present.
2019-12-03 07:39:28 +01:00
m4tze
33a75fe4f2
updated "version" to 4
2019-11-29 09:09:30 +01:00
m4tze
cd08dc32a0
added "type" to "requiredOneOf"
2019-11-29 08:56:55 +01:00
Raphaël Vinot
68d61d25d9
fix: Type asn -> AS
2019-11-25 16:23:42 +01:00
Raphaël Vinot
2ce8794528
fix: ui-priority is required in the object template
2019-11-25 16:21:19 +01:00
Raphaël Vinot
185fae4a61
fix: Make jq happy
2019-11-25 14:48:51 +01:00
Raphaël Vinot
2fe41c1c46
new: IntelQM objects
2019-11-25 14:43:28 +01:00
Raphaël Vinot
3d7b09e9c4
chg: Update crypto-material and url
2019-11-18 18:03:01 +01:00
Alexandre Dulaunoy
4b76b30061
chg: [microblog] verified field added to add the state of the username
2019-11-16 21:13:10 +01:00
Deborah Servili
bdad48d587
switch requiredOneOf list to required since it contains only one element
2019-11-08 15:35:14 +01:00
Jean-Louis Huynen
7b2e5061bb
chg: [x509, crypto-material] several changes:
...
- enables correlation on n, p, q;
- allows for only providing modulus for crypto material;
- specifies the expected data format of several fields.
2019-10-31 10:09:40 +01:00
Alexandre Dulaunoy
58d6722f5e
chg: [crypto-material] new object to described key materials (public and private)
2019-10-17 15:41:01 +02:00
Alexandre Dulaunoy
0859a97535
chg: [x509] to map with D4 project snakeoil database
2019-10-17 14:48:21 +02:00
Alexandre Dulaunoy
edf8b59af7
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm
...
As mentioned in #84
2019-10-05 10:05:26 +02:00
Raphaël Vinot
2cd5329b00
fix: duplicate in coin-address
2019-10-01 13:21:28 -07:00
Alexandre Dulaunoy
49e6c989d5
chg: [coin-address] DASH cryptocurrency address added
2019-10-01 20:17:44 +02:00
Alexandre Dulaunoy
ffc120106c
Update definition.json
...
Following discussion during MISP training - new language seen in a malware campaign.
2019-09-25 12:15:04 +02:00
Deborah Servili
6622083a2b
rename object misc to organization + update version
2019-09-23 12:57:09 +02:00
Deborah Servili
d116b7e4b2
Update version of paste object
2019-09-23 09:54:41 +02:00
Alexandre Dulaunoy
4ab14e785a
chg: [translation] double entry fixed in requiredOneOf
...
Signed-off by: By de leaduh of JavaScript and decayin' indicatawhs
2019-09-20 09:05:49 +02:00
Alexandre Dulaunoy
52e8f9e98b
chg: [translation] list of sane default for the languages + type of translation
2019-09-20 07:30:30 +02:00
Deborah Servili
4081dc8f8f
jq
2019-09-19 16:26:41 +02:00
Deborah Servili
2721d103e5
add translation object
2019-09-19 16:14:48 +02:00
Deborah Servili
a210cb0490
add hashtag attribute in microblog object
2019-09-19 13:33:45 +02:00
Deborah Servili
85f9aee365
Merge https://github.com/MISP/misp-objects
2019-09-17 15:00:51 +02:00
Deborah Servili
ca70c9ca9b
update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post
2019-09-17 14:59:34 +02:00
Alexandre Dulaunoy
a7157678af
Merge pull request #204 from saadkadhi/patch-1
...
Better wording
2019-09-12 11:12:36 +02:00
Saad Kadhi
0f76563ffc
Better wording
2019-09-11 22:02:48 +02:00
Saad Kadhi
a98631d533
Better wording
2019-09-11 21:59:37 +02:00
Alexandre Dulaunoy
0910f0b15f
chg: [credential] adding disable correlation when required
2019-09-11 10:27:27 +02:00
Alexandre Dulaunoy
951abf10fe
chg: [new object templates] various updates
2019-09-11 09:11:28 +02:00
Alexandre Dulaunoy
ebcb886037
Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master
2019-09-11 08:52:20 +02:00
Deborah Servili
b9d16a38ad
draft command object
2019-09-10 16:15:40 +02:00
Deborah Servili
0d40f64815
add impersonation object
2019-09-09 16:36:16 +02:00
Christophe Vandeplas
a347aa78fe
fix: [virustotal] corrected typo in category
2019-08-08 14:01:09 +02:00
Christophe Vandeplas
7c3ee740fa
fix: [timesketch] fix incorrect attribute type
2019-08-08 12:11:13 +02:00
Pierre-Jean Grenier
006e792829
fix: [process] change undefined attributes
...
misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly
2019-08-06 10:39:43 +02:00
Pierre-Jean Grenier
fc182be371
Change undefined category to "External analysis"
2019-08-02 14:37:08 +02:00
chrisr3d
29febb2de0
fix: JQed all the things
2019-08-01 15:50:29 +02:00
chrisr3d
ad83a3a56f
new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE
...
- The attack-pattern object is using a new
attribute type called weakness to describe CWE
id, which will link to its own information as
described in https://cve.circl.lu
2019-08-01 14:34:30 +02:00
Raphaël Vinot
e5cd4c761a
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
Raphaël Vinot
5650664665
new: Objects for Scripps CO2
2019-07-23 16:36:18 +02:00
Alexandre Dulaunoy
ab9c1e4cd6
chg: [process] updated following the "mess" of representation in process object
...
Ref: https://twitter.com/cyb3rops/status/1150315962501095424
2019-07-15 15:58:55 +02:00
Alexandre Dulaunoy
fbeb34ccb7
Merge pull request #193 from kx499/master
...
Adds employee object, dns-record object, and shodan object
2019-07-14 07:59:30 +02:00
Alexandre Dulaunoy
17f1b75973
chg: [network-connection] community-id added
2019-07-13 10:22:18 +02:00
Alexandre Dulaunoy
d504979f10
chg: [netflow] attribute community-id added in netflow object template
...
Ref: https://github.com/corelight/community-id-spec
Ref: 020e67c154
2019-07-13 10:02:15 +02:00
Steve Clement
e67b937f73
chg: [process] revert back to single char in light of the new process-attribute
2019-07-13 12:28:31 +09:00
Steve Clement
eaf0301fe3
chg: [process] Added sane defaults.
2019-07-12 16:04:38 +09:00
Steve Clement
c1a5a52155
chg: [process] Updated process object
2019-07-12 14:33:51 +09:00
Alexandre Dulaunoy
919f6638e1
Merge branch 'master' of github.com:MISP/misp-objects
2019-07-11 23:00:29 +02:00
Alexandre Dulaunoy
ce8d6a93c3
chg: [yara] add a yara-rule-name field which can be optional or the only field
...
As requested in https://github.com/MISP/MISP/issues/4858
2019-07-11 22:59:05 +02:00
Sascha Rommelfangen
fd15381cc2
disable correlation on the text field
2019-07-11 16:01:06 +02:00
Sascha Rommelfangen
e26a2b6d81
transaction number must be multiple (and text)
2019-07-11 15:51:07 +02:00
Sascha Rommelfangen
1459302dd1
Merge pull request #191 from MISP/rommelfs-patch-5
...
fixed issue with requirements
2019-07-11 15:24:50 +02:00
Sascha Rommelfangen
07987dc1dd
bumped version
2019-07-11 15:19:37 +02:00
Sascha Rommelfangen
aab46e38ea
bumped version
2019-07-11 15:18:55 +02:00
Sascha Rommelfangen
139c190c6a
fixed issue with requirements
2019-07-11 14:56:38 +02:00
Sascha Rommelfangen
78e6b95465
missing parts for balance corrected
2019-07-11 14:34:44 +02:00
Sascha Rommelfangen
873b5cc5a1
removed unneeded characters
2019-07-10 16:35:07 +02:00
Sascha Rommelfangen
2ad020bf15
Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540'
2019-07-10 15:34:35 +02:00
Sascha Rommelfangen
ad1300767f
add: btc wallet and transaction object templates
2019-07-10 15:15:16 +02:00
kx1499
c8f6c97da0
Merge remote-tracking branch 'upstream/master'
2019-07-09 22:13:31 -04:00
chrisr3d
0caf4a9edc
chg: Added user-id attribute as one of the required ones
2019-07-09 17:05:48 +02:00
chrisr3d
ddff56f52c
fix: TYPO
2019-07-08 11:38:11 +02:00
chrisr3d
b96e7ed8be
new: New object describing user accounts
2019-07-08 11:18:21 +02:00
chrisr3d
d502c254cc
add: [ip-port] Added ip-dst as one of the required attributes
2019-07-05 16:11:31 +02:00
chrisr3d
bfb325b907
add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee
...
- Users can then choose between "ip" when they do
not know whever it is a source or destination IP
address, or "ip-src" & "ip-dst" to have more
clarity about the IP address
2019-07-05 15:57:11 +02:00
Alexandre Dulaunoy
c3618fcf52
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools
...
The object has been created to show the flexibility of the object
template during the PassTheSalt 2019 conference and the D4 presentation.
2019-07-02 10:19:54 +02:00
ater49
e2f12cebd6
Adding IIN and bank_name
2019-06-18 21:45:42 +02:00
Alexandre Dulaunoy
41a6d596ff
chg: [rogue-dns] new object template expressing rogue dns
...
Thanks to CERT.br for the contribution
2019-06-18 17:39:47 +02:00
Alexandre Dulaunoy
e7bb12af7d
chg: [shell-commands] fix typo in object name
2019-06-01 10:13:06 +02:00
Alexandre Dulaunoy
48c64c52fc
new: [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands.
2019-06-01 10:04:46 +02:00
Alexandre Dulaunoy
a1b2db8fd1
chg: [script] requiredOneOf for script or filename
...
Malicious scripts can be received without having a filename.
2019-05-23 11:24:05 +02:00
Alexandre Dulaunoy
be7e37200a
add: [ssh-authorized-keys] object to add elements from SSH authorized
...
keys (and do correlation for fun-and-profit(tm))
2019-05-19 17:47:51 +02:00
Alexandre Dulaunoy
d922d3eaa5
chg: [person] Gender unknown added
...
This has been added when investigation is ongoing and
alias is know but gender is unknown discovered during
Enforce training.
topic:enforce
2019-05-16 15:08:43 +02:00
Alexandre Dulaunoy
e066df4e6d
chg: [microblog] state field added to describe if the tweet is malicious
...
or just OSINT.
2019-05-09 17:35:14 +02:00
Alexandre Dulaunoy
230122493c
chg: [authenticode-signerinfo] first version
2019-05-06 07:10:33 +02:00
Alexandre Dulaunoy
8f951e8450
chg: [jq] jq all the things(tm)
2019-05-05 12:33:59 +02:00
Alexandre Dulaunoy
cce77727d6
chg: [x509] improve X.509 certificate description to match required ones
...
from LIEF (as discussed in #180 ).
2019-05-05 12:31:41 +02:00
Alexandre Dulaunoy
79ab435903
Merge pull request #181 from ater49/master
...
Adding registration-date in domain-ip
2019-05-04 09:35:11 +02:00
ater49
a2bec8571b
Correcting "_" to "-" in fields name
2019-05-03 22:12:08 +02:00
ater49
424900b02d
Adding registration-date to domain-ip
2019-05-03 22:08:44 +02:00
Raphaël Vinot
f2e8195d50
new: Add offset, virtual_address and virtual_size to the pe section object
...
Related to https://github.com/MISP/PyMISP/issues/388
2019-05-03 11:19:42 +02:00
Alexandre Dulaunoy
e76e492894
chg: [regripper] version updated
2019-05-01 21:32:14 +02:00
mday
71b4e71ab1
update the misp-attribute to specify a valid value instead of an empty string
2019-05-01 14:11:30 -05:00
mday
baae683771
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
Alexandre Dulaunoy
0f6fdee7f3
chg: [irc] add nickname used for associated IRC server and channel(s)
2019-04-27 10:32:10 +02:00
Alexandre Dulaunoy
1966d4d5f0
add: [irc] IRC object to describe an IRC server with associated IRC channels
2019-04-27 10:28:50 +02:00
Alexandre Dulaunoy
b656cc532d
chg: [device] name of an object must be lowercase
2019-04-21 15:57:07 +02:00
Alexandre Dulaunoy
3dcb1725ae
chg: [phishing-kit] small typo fixed in the description
2019-04-21 15:52:57 +02:00
Raphaël Vinot
a6ed6df86a
Merge branch 'master' of github.com:MISP/misp-objects
2019-04-18 11:15:56 +02:00
Raphaël Vinot
371ffe77fb
chg: Allow to create a file object with a non-malicious file.
...
Fix #175 #176
2019-04-18 11:14:22 +02:00
Andras Iklody
92d15c5efe
Merge pull request #177 from haxpak/haxpak/update-device
...
Haxpak/update device
2019-04-16 07:43:01 +02:00
Andras Iklody
ed271a3b7d
Merge pull request #173 from haxpak/master
...
added option "Further Analysis Required" to attribute stage of object course-of-action
2019-04-16 07:42:32 +02:00
haxpak
4066da31e4
changed device type drop down from category to sane_default
2019-04-16 08:31:43 +05:30
haxpak
89b8e10fbe
added option "Further Analysis Required" to attribute stage
2019-04-15 17:41:39 +05:30
Andras Iklody
a8e89e3eaa
Merge branch 'master' into haxpak/#24
2019-04-15 10:52:48 +02:00
haxpak
9f4e7737a1
added attribute DNS name to device object
...
changed MAC address misp attribute to mac-address
2019-04-15 10:33:08 +05:30
haxpak
3cef676f34
added OS, version, dns-name attribute to device
...
changed misp-attribute of mac-address from text to mac-address
2019-04-15 10:29:09 +05:30
haxpak
836bd04a75
meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category
2019-04-14 11:32:55 +05:30
haxpak
2053c17fa4
corrected typo
2019-04-14 11:27:29 +05:30
haxpak
4f1745a095
added meta category organization
2019-04-14 11:26:12 +05:30
haxpak
b24336499a
modified: objects/device/definition.json
...
modified: objects/phishing-kit/definition.json
2019-04-14 11:04:57 +05:30
haxpak
bb9ff86b2f
added MAC address to device
...
meta category of organization changed to organization
meta category of person object changed to organization
new object phishing-kit
2019-04-14 10:53:57 +05:30
haxpak
9f3fb14ed5
changed organization meta category to misc
2019-04-13 14:57:55 +05:30
haxpak
6917beee5f
reverted device to misc category
2019-04-13 14:02:26 +05:30
haxpak
63fff149f0
added requiredOneOf to device definition
2019-04-13 13:49:16 +05:30
haxpak
df91c999e6
fixed typos and ran jq_all_things
2019-04-13 13:45:05 +05:30
haxpak
23ab735119
- added : attachment attribute to annotation
...
- added : new object type device
2019-04-13 13:32:56 +05:30
haxpak
161f72678a
modified : person object "changed UI priority of the attributes"
...
modified : report object "added attachment to report"
2019-04-13 12:05:51 +05:30
haxpak
71419a999a
new-object : Organization "Defines an organization"
2019-04-13 11:55:38 +05:30
Alexandre Dulaunoy
c5532621b6
chg: [ip-port] ip-src added to fix #149
2019-04-07 22:28:36 +02:00
Alexandre Dulaunoy
006aa1d1a2
chg: [script] filename added to fix #149
2019-04-07 22:24:58 +02:00
Alexandre Dulaunoy
b4478a6c2b
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service
2019-04-05 11:22:22 +02:00
Alexandre Dulaunoy
aca06cec1f
chg: [lnk] new LNK object (Windows Shortcut)
2019-04-03 14:05:39 +02:00
Alexandre Dulaunoy
4793bf33ae
chg: [process] fix the type - fix #160
2019-04-02 19:56:59 +02:00
Alexandre Dulaunoy
ba31488e5a
Merge pull request #161 from geekscrapy/geekscrapy-patch-1
...
Username is often utilised alongside a credential
2019-04-02 19:55:59 +02:00
Alexandre Dulaunoy
302182e594
Merge pull request #159 from geekscrapy/patch-1
...
Added current-directory to required field
2019-04-02 19:55:03 +02:00
molley
a50986361f
Username is often utilised alongside a credential
...
Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key
2019-04-02 18:26:00 +01:00
molley
490d760a4b
Added current-directory to required field
...
This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
2019-04-02 17:41:07 +01:00
molley
a85178255c
Added issuer as one of the required fields
...
This is often a field used on it's own to identify a malicious cert
2019-04-02 17:28:49 +01:00
Raphaël Vinot
0c6b7b4302
chg: Bump vehicle object
2019-04-02 17:09:02 +02:00
Alexandre Dulaunoy
047595ddeb
chg: [person] Spanish IDs added (NIE, NIF and DNI)
2019-03-15 14:36:12 +01:00
kx1499
e61344c981
Merge remote-tracking branch 'upstream/master'
2019-03-14 21:42:12 -04:00
Deborah Servili
55f5716b5d
remove accent from ilr objects - bis
2019-02-26 16:00:23 +01:00
Deborah Servili
96751b2af7
remove accent from ilrobjects
2019-02-26 15:57:58 +01:00
Deborah Servili
41dd469869
add ilr-notification-incident object
2019-02-26 15:51:20 +01:00
Deborah Servili
bd9970b1c9
fix lr-impact attributes names
2019-02-26 14:26:29 +01:00
Deborah Servili
bc05eca2b6
disable correlations on ilr-impact attributes
2019-02-26 14:05:01 +01:00
Deborah Servili
ec2851d4eb
add ilr-impact object
2019-02-26 13:57:31 +01:00
Sascha Rommelfangen
45f6aec0f5
corrected order
2019-02-25 09:29:15 +01:00
marcnil815
03870031db
jq'ed definition.json
2019-02-21 19:36:07 +01:00
marcnil815
e26e54b54a
Create splunk object definition.json
...
Adding misp-object for basic splunk search/correlation search values.
2019-02-21 16:12:54 +01:00
Alexandre Dulaunoy
b0f07156ae
Merge pull request #147 from Delta-Sierra/master
...
Person object - Add a (or several) role to a person
2019-02-21 07:20:40 +01:00
Alexandre Dulaunoy
18042c0749
chg: [elf] disable correlation on file type
2019-02-20 10:43:38 +01:00