misp-objects/objects
chrisr3d 0caf4a9edc
chg: Added user-id attribute as one of the required ones
2019-07-09 17:05:48 +02:00
..
TSK-Chats fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Bookmark fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Cookie fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Downloads chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
TSK-Web-History fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Search-Query fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
ail-leak chg: [ail] version of the template updated 2018-09-12 22:11:46 +02:00
ais-info Chg: jq all the things 2018-06-19 21:11:24 +02:00
android-permission
annotation fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
anonymisation chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
asn
authenticode-signerinfo chg: [authenticode-signerinfo] first version 2019-05-06 07:10:33 +02:00
av-signature
bank-account fix: jq all the things 2018-02-23 08:25:35 +01:00
bgp-hijack bgp-hijack 2018-09-13 14:13:33 +02:00
cap-alert
cap-info
cap-resource add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
coin-address fix: [definition] Fixed current balance type, is float. 2018-10-30 22:58:54 +09:00
cookie
cortex chg: [cortex] description updated as TheHive/Cortex observables will be attributes with 2018-11-18 10:29:42 +01:00
cortex-taxonomy chg: [cortex-taxonomy] aka mini-report 2018-11-18 10:11:25 +01:00
course-of-action added option "Further Analysis Required" to attribute stage 2019-04-15 17:41:39 +05:30
cowrie fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
credential Username is often utilised alongside a credential 2019-04-02 18:26:00 +01:00
credit-card Adding IIN and bank_name 2019-06-18 21:45:42 +02:00
ddos
device chg: [device] name of an object must be lowercase 2019-04-21 15:57:07 +02:00
diameter-attack
domain-ip Merge pull request #181 from ater49/master 2019-05-04 09:35:11 +02:00
elf chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
elf-section
email chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
exploit-poc chg: [exploit-poc] a same context can contains multiple PoC samples 2018-07-10 09:32:12 +02:00
facial-composite add: [facial-composite] new facial composite object 2018-12-21 20:41:45 +01:00
fail2ban new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
file update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
forensic-case chg: [forensic-case] object added based on the original one from @Aks6193 2018-09-03 13:54:59 +02:00
forensic-evidence chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields 2018-09-04 20:48:51 +02:00
geolocation chg: [geolocation] disable correlation on specific attributes 2018-08-15 18:34:35 +02:00
gtp-attack
http-request chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00
ilr-impact remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
ilr-notification-incident remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
imsi-catcher new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools 2019-07-02 10:19:54 +02:00
internal-reference fix: JQ things 2018-10-25 17:45:47 -04:00
interpol-notice fix required field for interpol notice 2019-01-28 15:40:07 +01:00
ip-api-address chg: [ip-api-adress] updated to ensure correlation disabled 2018-10-28 15:07:35 +01:00
ip-port add: [ip-port] Added ip-dst as one of the required attributes 2019-07-05 16:11:31 +02:00
irc chg: [irc] add nickname used for associated IRC server and channel(s) 2019-04-27 10:32:10 +02:00
ja3 Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version 2018-12-30 12:31:17 +01:00
legal-entity
lnk chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
macho
macho-section
mactime-timeline-analysis update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
malware-config chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded 2018-09-21 07:11:38 +02:00
microblog chg: [microblog] state field added to describe if the tweet is malicious 2019-05-09 17:35:14 +02:00
mutex
netflow
network-connection chg: [network-connection] disable correlation 2018-10-06 20:27:51 +02:00
network-socket add: Added protocol attribute in the network socket object 2018-05-08 09:26:24 +02:00
organization meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category 2019-04-14 11:32:55 +05:30
original-imported-file update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
passive-dns
paste Fixed misp-attribute in link attribute of paste object 2018-11-02 00:40:55 +01:00
pcap-metadata chg: [pcap-metadata] linktype added in the sane default 2018-10-24 07:35:31 +02:00
pe
pe-section new: Add offset, virtual_address and virtual_size to the pe section object 2019-05-03 11:19:42 +02:00
person chg: [person] Gender unknown added 2019-05-16 15:08:43 +02:00
phishing corrected order 2019-02-25 09:29:15 +01:00
phishing-kit update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
phone
process chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
python-etvx-event-log update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. 2019-04-30 12:32:22 -05:00
r2graphity
regexp regexp object - change version 2018-04-13 10:56:56 +02:00
registry-key
regripper-NTUser fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-sam-hive-single-user chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
regripper-sam-hive-user-group fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-BHO fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-appInit-DLLS fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-application-paths fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-applications-installed fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-command-shell fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-general-windows-info fix: various typos 2018-10-25 17:38:26 +02:00
regripper-software-hive-software-run fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-userprofile-winlogon fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-firewall-configuration typo fixed 2018-10-25 17:42:57 +02:00
regripper-system-hive-general-configuration chg: [regripper] version updated 2019-05-01 21:32:14 +02:00
regripper-system-hive-network-information fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-service-drivers chg: [regripper] version updated 2019-05-01 21:32:14 +02:00
report fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
research-scanner New object: Information related to known scanning activity (e.g. from research projects) 2019-01-02 16:19:08 +01:00
rogue-dns chg: [rogue-dns] new object template expressing rogue dns 2019-06-18 17:39:47 +02:00
rtir
sandbox-report fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00
sb-signature
script chg: [script] requiredOneOf for script or filename 2019-05-23 11:24:05 +02:00
shell-commands chg: [shell-commands] fix typo in object name 2019-06-01 10:13:06 +02:00
short-message-service new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added 2018-07-18 09:52:31 +02:00
shortened-link renamed url attributed, versioning date based 2018-06-05 14:39:12 +02:00
splunk jq'ed definition.json 2019-02-21 19:36:07 +01:00
ss7-attack chg: change version of the SS7 template object 2018-05-29 16:07:50 +02:00
ssh-authorized-keys add: [ssh-authorized-keys] object to add elements from SSH authorized 2019-05-19 17:47:51 +02:00
stix2-pattern fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
suricata fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format 2018-07-09 21:50:44 +02:00
target-system moved object into internal 2018-04-10 16:08:04 +00:00
threatgrid-report new: threatgrid-report object template 2018-07-16 13:48:56 +02:00
timecode chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. 2018-05-21 10:19:54 +02:00
timesketch-timeline add: missing timesketch-timeline object template 2018-06-22 07:44:20 +02:00
timesketch_message new misp object for a timesketch message 2018-11-23 15:40:57 +01:00
timestamp add: new timestamp object 2018-04-30 16:27:17 +02:00
tor-hiddenservice add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
tor-node
tracking-id chg: [tracking-id] add the tracker origin such as the vendor or software 2018-09-09 12:39:22 +02:00
transaction Fixed the bank-account meta-category 2018-02-20 15:44:02 +01:00
url fix the required part of the url 2018-10-23 20:03:58 +02:00
user-account chg: Added user-id attribute as one of the required ones 2019-07-09 17:05:48 +02:00
vehicle chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
victim Object Victim - Extended requiredOneof 2018-12-21 12:27:11 +01:00
virustotal-report Adding ui-priority fields 2018-04-23 11:22:39 +02:00
vulnerability chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00
whois Update definition.json 2018-04-26 16:53:24 +02:00
x509 chg: [jq] jq all the things(tm) 2019-05-05 12:33:59 +02:00
yabin
yara add: Context where the YARA rule can be applied 2018-05-01 11:21:05 +02:00