misp-objects

History

Alexandre Dulaunoy 07b6883c93 new: [query] query object to describe search queries on SIEM and other tools MISP object template designed following requests and especially this twitter thread: https://twitter.com/castello_johnny/status/1540610057263628289 I added a list of sane default based on the ones I have seen being used: "sane_default": [ "event query language (eql)", "keyword query language (kql)", "Query DSL", "Query (Elastic Search)", "Sigma", "Lucene query", "Google search query", "Ariel Query Language (qradar)", "Grep", "Devo LINQ" ], Thanks to Gianni Castaldi and others for ideas. The object can be expanded and improved over the time and the needs to share new queries.	2022-06-25 11:37:41 +02:00
..
definition.json	new: [query] query object to describe search queries on SIEM and other tools	2022-06-25 11:37:41 +02:00

new: [query] query object to describe search queries on SIEM and other tools

MISP object template designed following requests and especially this twitter thread:

https://twitter.com/castello_johnny/status/1540610057263628289

I added a list of sane default based on the ones I have seen being used:

      "sane_default": [
        "event query language (eql)",
        "keyword query language (kql)",
        "Query DSL",
        "Query (Elastic Search)",
        "Sigma",
        "Lucene query",
        "Google search query",
        "Ariel Query Language (qradar)",
        "Grep",
        "Devo LINQ"
      ],

Thanks to Gianni Castaldi and others for ideas.

The object can be expanded and improved over the time and the needs
to share new queries.

2022-06-25 11:37:41 +02:00

definition.json

new: [query] query object to describe search queries on SIEM and other tools

2022-06-25 11:37:41 +02:00