..
TSK-Chats
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
TSK-Web-Bookmark
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
TSK-Web-Cookie
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
TSK-Web-Downloads
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
2018-10-25 17:45:58 +02:00
TSK-Web-History
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
TSK-Web-Search-Query
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
ail-leak
chg: [ail] version of the template updated
2018-09-12 22:11:46 +02:00
ais-info
Chg: jq all the things
2018-06-19 21:11:24 +02:00
android-permission
fix: update android permissions based on Google latest list
2017-11-28 15:59:01 +01:00
annotation
fixed typos and ran jq_all_things
2019-04-13 13:45:05 +05:30
anonymisation
chg: [anonymisation] add level-of-knowledge to request for more information if needed
2019-02-01 10:19:25 +01:00
asn
disable correlation for last-seen/first-seen/text
2017-12-05 11:05:56 +01:00
attack-pattern
fix: JQed all the things
2019-08-01 15:50:29 +02:00
authenticode-signerinfo
chg: [authenticode-signerinfo] first version
2019-05-06 07:10:33 +02:00
av-signature
disabled AV software correlation and re-ran jq-all-the-things
2017-10-24 10:23:46 -04:00
bank-account
fix: jq all the things
2018-02-23 08:25:35 +01:00
bgp-hijack
bgp-hijack
2018-09-13 14:13:33 +02:00
btc-transaction
disable correlation on the text field
2019-07-11 16:01:06 +02:00
btc-wallet
bumped version
2019-07-11 15:18:55 +02:00
cap-alert
fix: trailing dot removed
2018-02-07 14:54:15 +01:00
cap-info
add: Common Alerting Protocol Version (CAP) info object
2018-02-08 07:45:41 +01:00
cap-resource
add: Common Alerting Protocol Version (CAP) resource object
2018-02-08 11:53:05 +01:00
coin-address
fix: duplicate in coin-address
2019-10-01 13:21:28 -07:00
command
Better wording
2019-09-11 21:59:37 +02:00
command-line
Better wording
2019-09-11 22:02:48 +02:00
cookie
Add descriptions in all the objects
2017-08-29 18:36:46 +02:00
cortex
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with
2018-11-18 10:29:42 +01:00
cortex-taxonomy
chg: [cortex-taxonomy] aka mini-report
2018-11-18 10:11:25 +01:00
course-of-action
added option "Further Analysis Required" to attribute stage
2019-04-15 17:41:39 +05:30
cowrie
chg: [cowrie] to add HASSH of the client SSH session following Salesforce algorithm
2019-10-05 10:05:26 +02:00
credential
chg: [credential] adding disable correlation when required
2019-09-11 10:27:27 +02:00
credit-card
Adding IIN and bank_name
2019-06-18 21:45:42 +02:00
crypto-material
chg: [x509, crypto-material] several changes:
2019-10-31 10:09:40 +01:00
ddos
disable correlation for last-seen/first-seen/text
2017-12-05 11:05:56 +01:00
device
chg: [device] name of an object must be lowercase
2019-04-21 15:57:07 +02:00
diameter-attack
add: Diameter attack object targeting GSM, UMTS and 4G networks.
2018-01-05 14:34:20 +01:00
dns-record
dns record and shodan report objects
2017-11-14 15:38:54 -05:00
domain-ip
Merge pull request #181 from ater49/master
2019-05-04 09:35:11 +02:00
elf
chg: [elf] disable correlation on file type
2019-02-20 10:43:38 +01:00
elf-section
Disable some correlations
2017-09-11 16:08:03 +02:00
email
chg: [email] IP and hostname fields from extracted headers
2019-02-14 14:33:39 +01:00
employee
Merge branch 'master' of https://github.com/kx499/misp-objects
2018-09-06 13:20:52 -04:00
exploit-poc
chg: [exploit-poc] a same context can contains multiple PoC samples
2018-07-10 09:32:12 +02:00
facial-composite
add: [facial-composite] new facial composite object
2018-12-21 20:41:45 +01:00
fail2ban
new: Attach logfile to fail2ban
2018-03-27 10:25:54 +02:00
file
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
forensic-case
chg: [forensic-case] object added based on the original one from @Aks6193
2018-09-03 13:54:59 +02:00
forensic-evidence
chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields
2018-09-04 20:48:51 +02:00
geolocation
chg: [geolocation] disable correlation on specific attributes
2018-08-15 18:34:35 +02:00
gtp-attack
fix: GTPInterface updated
2018-01-05 14:26:28 +01:00
http-request
chg: [http-request] IP as allowed type
2019-01-03 15:07:08 +01:00
ilr-impact
remove accent from ilrobjects
2019-02-26 15:57:58 +01:00
ilr-notification-incident
remove accent from ilr objects - bis
2019-02-26 16:00:23 +01:00
impersonation
chg: [new object templates] various updates
2019-09-11 09:11:28 +02:00
imsi-catcher
new: [imsi-catcher] object based on the output format of IMSI-catcher open source tools
2019-07-02 10:19:54 +02:00
internal-reference
fix: JQ things
2018-10-25 17:45:47 -04:00
interpol-notice
fix required field for interpol notice
2019-01-28 15:40:07 +01:00
ip-api-address
chg: [ip-api-adress] updated to ensure correlation disabled
2018-10-28 15:07:35 +01:00
ip-port
add: [ip-port] Added ip-dst as one of the required attributes
2019-07-05 16:11:31 +02:00
irc
chg: [irc] add nickname used for associated IRC server and channel(s)
2019-04-27 10:32:10 +02:00
ja3
Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version
2018-12-30 12:31:17 +01:00
legal-entity
Fixed disable_correlation variable type
2018-02-06 15:36:57 +01:00
lnk
chg: [lnk] new LNK object (Windows Shortcut)
2019-04-03 14:05:39 +02:00
macho
Typo fixed
2017-08-29 22:02:10 +02:00
macho-section
Update definitions of binaries
2017-08-29 13:25:58 +02:00
mactime-timeline-analysis
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
malware-config
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded
2018-09-21 07:11:38 +02:00
microblog
chg: [microblog] verified field added to add the state of the username
2019-11-16 21:13:10 +01:00
mutex
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program
2018-01-22 13:34:33 +01:00
netflow
chg: [netflow] attribute community-id added in netflow object template
2019-07-13 10:02:15 +02:00
network-connection
chg: [network-connection] community-id added
2019-07-13 10:22:18 +02:00
network-socket
add: Added protocol attribute in the network socket object
2018-05-08 09:26:24 +02:00
organization
rename object misc to organization + update version
2019-09-23 12:57:09 +02:00
original-imported-file
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
passive-dns
fix: Passive DNS records especially on the disabled_correlation fields
2018-01-25 15:07:19 +01:00
paste
Update version of paste object
2019-09-23 09:54:41 +02:00
pcap-metadata
chg: [pcap-metadata] linktype added in the sane default
2018-10-24 07:35:31 +02:00
pe
fix: disable correlation on all filename-*
2017-12-24 15:05:12 +01:00
pe-section
new: Add offset, virtual_address and virtual_size to the pe section object
2019-05-03 11:19:42 +02:00
person
chg: [person] Gender unknown added
2019-05-16 15:08:43 +02:00
phishing
corrected order
2019-02-25 09:29:15 +01:00
phishing-kit
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
phone
phone defintion fixed
2017-08-27 08:30:58 +02:00
process
fix: [process] change undefined attributes
2019-08-06 10:39:43 +02:00
python-etvx-event-log
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
2019-04-30 12:32:22 -05:00
r2graphity
fix: requiredOneOf list of r2graphity was wrong
2017-11-10 13:28:05 -08:00
regexp
regexp object - change version
2018-04-13 10:56:56 +02:00
registry-key
fix: registry-key updated
2018-01-18 13:49:03 +01:00
regripper-NTUser
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-sam-hive-single-user
chg: [regripper-sam-hive-single-user] uuid fixed
2018-10-25 17:49:20 +02:00
regripper-sam-hive-user-group
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-BHO
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-appInit-DLLS
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-application-paths
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-applications-installed
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-command-shell
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-general-windows-info
fix: various typos
2018-10-25 17:38:26 +02:00
regripper-software-hive-software-run
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-software-hive-userprofile-winlogon
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-system-hive-firewall-configuration
typo fixed
2018-10-25 17:42:57 +02:00
regripper-system-hive-general-configuration
chg: [regripper] version updated
2019-05-01 21:32:14 +02:00
regripper-system-hive-network-information
fix: jq all the things(tm)
2018-10-25 17:31:36 +02:00
regripper-system-hive-service-drivers
chg: [regripper] version updated
2019-05-01 21:32:14 +02:00
report
fixed typos and ran jq_all_things
2019-04-13 13:45:05 +05:30
research-scanner
New object: Information related to known scanning activity (e.g. from research projects)
2019-01-02 16:19:08 +01:00
rogue-dns
chg: [rogue-dns] new object template expressing rogue dns
2019-06-18 17:39:47 +02:00
rtir
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform)
2017-10-12 22:08:09 +02:00
sandbox-report
fix failing check via running .jq_all_the_things.sh
2018-10-24 14:14:32 +02:00
sb-signature
Change undefined category to "External analysis"
2019-08-02 14:37:08 +02:00
scrippsco2-c13-daily
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
scrippsco2-c13-monthly
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
scrippsco2-co2-daily
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
scrippsco2-co2-monthly
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
scrippsco2-o18-daily
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
scrippsco2-o18-monthly
chg: Rename category environment -> climate
2019-07-24 09:31:15 +02:00
script
Update definition.json
2019-09-25 12:15:04 +02:00
shell-commands
chg: [shell-commands] fix typo in object name
2019-06-01 10:13:06 +02:00
shodan-report
dns record and shodan report objects
2017-11-14 15:38:54 -05:00
short-message-service
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added
2018-07-18 09:52:31 +02:00
shortened-link
renamed url attributed, versioning date based
2018-06-05 14:39:12 +02:00
splunk
jq'ed definition.json
2019-02-21 19:36:07 +01:00
ss7-attack
chg: change version of the SS7 template object
2018-05-29 16:07:50 +02:00
ssh-authorized-keys
add: [ssh-authorized-keys] object to add elements from SSH authorized
2019-05-19 17:47:51 +02:00
stix2-pattern
fix: version field added if stix2-pattern has multiple version in the future
2018-03-19 17:33:45 +01:00
suricata
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format
2018-07-09 21:50:44 +02:00
target-system
moved object into internal
2018-04-10 16:08:04 +00:00
threatgrid-report
new: threatgrid-report object template
2018-07-16 13:48:56 +02:00
timecode
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
2018-05-21 10:19:54 +02:00
timesketch-timeline
fix: [timesketch] fix incorrect attribute type
2019-08-08 12:11:13 +02:00
timesketch_message
new misp object for a timesketch message
2018-11-23 15:40:57 +01:00
timestamp
add: new timestamp object
2018-04-30 16:27:17 +02:00
tor-hiddenservice
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service
2019-04-05 11:22:22 +02:00
tor-node
Improved Tor node object to include support of the new Tor monitoring
2017-07-06 14:57:32 +02:00
tracking-id
chg: [tracking-id] add the tracker origin such as the vendor or software
2018-09-09 12:39:22 +02:00
transaction
Fixed the bank-account meta-category
2018-02-20 15:44:02 +01:00
translation
chg: [translation] double entry fixed in requiredOneOf
2019-09-20 09:05:49 +02:00
url
fix the required part of the url
2018-10-23 20:03:58 +02:00
user-account
chg: Added user-id attribute as one of the required ones
2019-07-09 17:05:48 +02:00
vehicle
chg: Bump vehicle object
2019-04-02 17:09:02 +02:00
victim
Object Victim - Extended requiredOneof
2018-12-21 12:27:11 +01:00
virustotal-graph
new: [virustotal-graph] VirusTotal graph object added
2019-12-03 07:39:28 +01:00
virustotal-report
fix: [virustotal] corrected typo in category
2019-08-08 14:01:09 +02:00
vulnerability
chg: [vulnerability] is now in its own vulnerability meta-category
2018-07-10 07:38:28 +02:00
weakness
fix: JQed all the things
2019-08-01 15:50:29 +02:00
whois
Update definition.json
2018-04-26 16:53:24 +02:00
x509
chg: [x509, crypto-material] several changes:
2019-10-31 10:09:40 +01:00
yabin
Updated following Andras feedback
2017-09-06 16:13:35 +02:00
yara
chg: [yara] add a yara-rule-name field which can be optional or the only field
2019-07-11 22:59:05 +02:00