misp-objects/objects
Raphaël Vinot 1a0d055caa new: Internal reference object 2018-10-25 13:47:20 -04:00
..
TSK-Chats fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Bookmark fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Cookie fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Downloads chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
TSK-Web-History fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Search-Query fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
ail-leak chg: [ail] version of the template updated 2018-09-12 22:11:46 +02:00
ais-info Chg: jq all the things 2018-06-19 21:11:24 +02:00
android-permission fix: update android permissions based on Google latest list 2017-11-28 15:59:01 +01:00
annotation fix: annotation object 2018-01-08 11:47:19 +01:00
asn disable correlation for last-seen/first-seen/text 2017-12-05 11:05:56 +01:00
av-signature disabled AV software correlation and re-ran jq-all-the-things 2017-10-24 10:23:46 -04:00
bank-account fix: jq all the things 2018-02-23 08:25:35 +01:00
bgp-hijack bgp-hijack 2018-09-13 14:13:33 +02:00
cap-alert fix: trailing dot removed 2018-02-07 14:54:15 +01:00
cap-info add: Common Alerting Protocol Version (CAP) info object 2018-02-08 07:45:41 +01:00
cap-resource add: Common Alerting Protocol Version (CAP) resource object 2018-02-08 11:53:05 +01:00
coin-address chg: [coin-address] ETN symbol added 2018-07-13 17:07:35 +02:00
cookie Add descriptions in all the objects 2017-08-29 18:36:46 +02:00
course-of-action Course of Action object 2018-04-11 16:48:05 +02:00
cowrie fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00
credential fix: origin of credential as sane_default 2017-11-02 21:37:53 +01:00
credit-card Fixing typo in the credit-card object 2017-09-21 15:35:05 +02:00
ddos disable correlation for last-seen/first-seen/text 2017-12-05 11:05:56 +01:00
diameter-attack add: Diameter attack object targeting GSM, UMTS and 4G networks. 2018-01-05 14:34:20 +01:00
domain-ip chg: allow multiple domains too fix #108 2018-07-20 10:12:09 +02:00
elf fix: disable correlation on fields where is not needed 2017-12-30 19:39:55 +01:00
elf-section Disable some correlations 2017-09-11 16:08:03 +02:00
email url is not a field of email object, then not one of the requiredOneOf 2018-07-26 15:49:44 +02:00
exploit-poc chg: [exploit-poc] a same context can contains multiple PoC samples 2018-07-10 09:32:12 +02:00
fail2ban new: Attach logfile to fail2ban 2018-03-27 10:25:54 +02:00
file chg: [file] fullpath can be part of a single file object 2018-09-16 17:13:30 +02:00
forensic-case chg: [forensic-case] object added based on the original one from @Aks6193 2018-09-03 13:54:59 +02:00
forensic-evidence chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields 2018-09-04 20:48:51 +02:00
geolocation chg: [geolocation] disable correlation on specific attributes 2018-08-15 18:34:35 +02:00
gtp-attack fix: GTPInterface updated 2018-01-05 14:26:28 +01:00
http-request Changed http request object template 2018-02-09 09:43:39 +01:00
internal-reference new: Internal reference object 2018-10-25 13:47:20 -04:00
ip-api-address fix: JQed ip-api-address template 2018-10-11 09:14:08 +02:00
ip-port fix: add hostname to ip-port template and make attributes multiple 2018-04-10 14:46:36 +02:00
ja3 chg: [ja3] categories removed (default attributes categories will be used) 2018-08-28 14:30:29 +02:00
legal-entity Fixed disable_correlation variable type 2018-02-06 15:36:57 +01:00
macho Typo fixed 2017-08-29 22:02:10 +02:00
macho-section Update definitions of binaries 2017-08-29 13:25:58 +02:00
mactime-timeline-analysis chg: jq all the things ;-) 2018-09-27 13:19:33 +02:00
malware-config chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded 2018-09-21 07:11:38 +02:00
microblog fix: disable correlation on microblog type (Twitter or alike) 2017-12-30 19:26:48 +01:00
mutex add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program 2018-01-22 13:34:33 +01:00
netflow Fix typo in the field 2017-10-13 15:08:25 +02:00
network-connection chg: [network-connection] disable correlation 2018-10-06 20:27:51 +02:00
network-socket add: Added protocol attribute in the network socket object 2018-05-08 09:26:24 +02:00
original-imported-file fix: Disabled correlation of imported files format attribute 2018-10-22 10:13:48 +02:00
passive-dns fix: Passive DNS records especially on the disabled_correlation fields 2018-01-25 15:07:19 +01:00
paste chg: [paste object] add a link attribute when the paste reference is not malicious 2018-07-26 14:06:39 +02:00
pcap-metadata chg: [pcap-metadata] linktype added in the sane default 2018-10-24 07:35:31 +02:00
pe fix: disable correlation on all filename-* 2017-12-24 15:05:12 +01:00
pe-section Update definitions of binaries 2017-08-29 13:25:58 +02:00
person chg: [person] add attributes to whois-related information which can be associated to a person 2018-10-23 08:43:35 +02:00
phishing chg: [phishing] new template object (first draft) based on the phishtank format 2018-09-28 15:14:51 +02:00
phone phone defintion fixed 2017-08-27 08:30:58 +02:00
process chg: [process] disable correlation where it's not required 2018-10-06 07:42:34 +02:00
python-etvx-event-log fix typo 2018-10-25 17:35:50 +02:00
r2graphity fix: requiredOneOf list of r2graphity was wrong 2017-11-10 13:28:05 -08:00
regexp regexp object - change version 2018-04-13 10:56:56 +02:00
registry-key fix: registry-key updated 2018-01-18 13:49:03 +01:00
regripper-NTUser fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-sam-hive-single-user chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
regripper-sam-hive-user-group fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-BHO fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-appInit-DLLS fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-application-paths fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-applications-installed fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-command-shell fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-general-windows-info fix: various typos 2018-10-25 17:38:26 +02:00
regripper-software-hive-software-run fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-userprofile-winlogon fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-firewall-configuration typo fixed 2018-10-25 17:42:57 +02:00
regripper-system-hive-general-configuration fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-network-information fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-service-drivers fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
report enable multiple summary attribute in report object 2018-10-22 14:55:27 +02:00
rtir add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform) 2017-10-12 22:08:09 +02:00
sandbox-report fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00
sb-signature fix: Make the schema happy. 2018-01-23 10:46:15 +01:00
script chg: new script template object 2018-06-09 11:36:58 +02:00
short-message-service new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added 2018-07-18 09:52:31 +02:00
shortened-link renamed url attributed, versioning date based 2018-06-05 14:39:12 +02:00
ss7-attack chg: change version of the SS7 template object 2018-05-29 16:07:50 +02:00
stix2-pattern fix: version field added if stix2-pattern has multiple version in the future 2018-03-19 17:33:45 +01:00
suricata fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format 2018-07-09 21:50:44 +02:00
target-system moved object into internal 2018-04-10 16:08:04 +00:00
threatgrid-report new: threatgrid-report object template 2018-07-16 13:48:56 +02:00
timecode chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. 2018-05-21 10:19:54 +02:00
timesketch-timeline add: missing timesketch-timeline object template 2018-06-22 07:44:20 +02:00
timestamp add: new timestamp object 2018-04-30 16:27:17 +02:00
tor-node Improved Tor node object to include support of the new Tor monitoring 2017-07-06 14:57:32 +02:00
tracking-id chg: [tracking-id] add the tracker origin such as the vendor or software 2018-09-09 12:39:22 +02:00
transaction Fixed the bank-account meta-category 2018-02-20 15:44:02 +01:00
url fix the required part of the url 2018-10-23 20:03:58 +02:00
vehicle chg: [vehicle] Vehicle object template to describe a vehicle information and registration 2018-08-04 15:39:38 +02:00
victim Never trust standards using Google docs to store list of machine parsable information. 2017-12-04 15:28:29 +01:00
virustotal-report Adding ui-priority fields 2018-04-23 11:22:39 +02:00
vulnerability chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00
whois Update definition.json 2018-04-26 16:53:24 +02:00
x509 fix: Feedback from @sheidan 2018-03-28 15:26:35 +02:00
yabin Updated following Andras feedback 2017-09-06 16:13:35 +02:00
yara add: Context where the YARA rule can be applied 2018-05-01 11:21:05 +02:00