.. |
TSK-Chats
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Bookmark
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Cookie
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Downloads
|
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
|
2018-10-25 17:45:58 +02:00 |
TSK-Web-History
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Search-Query
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
ail-leak
|
chg: [ail] version of the template updated
|
2018-09-12 22:11:46 +02:00 |
ais-info
|
Chg: jq all the things
|
2018-06-19 21:11:24 +02:00 |
android-permission
|
fix: update android permissions based on Google latest list
|
2017-11-28 15:59:01 +01:00 |
annotation
|
fixed typos and ran jq_all_things
|
2019-04-13 13:45:05 +05:30 |
anonymisation
|
chg: [anonymisation] add level-of-knowledge to request for more information if needed
|
2019-02-01 10:19:25 +01:00 |
asn
|
disable correlation for last-seen/first-seen/text
|
2017-12-05 11:05:56 +01:00 |
authenticode-signerinfo
|
chg: [authenticode-signerinfo] first version
|
2019-05-06 07:10:33 +02:00 |
av-signature
|
disabled AV software correlation and re-ran jq-all-the-things
|
2017-10-24 10:23:46 -04:00 |
bank-account
|
fix: jq all the things
|
2018-02-23 08:25:35 +01:00 |
bgp-hijack
|
bgp-hijack
|
2018-09-13 14:13:33 +02:00 |
cap-alert
|
fix: trailing dot removed
|
2018-02-07 14:54:15 +01:00 |
cap-info
|
add: Common Alerting Protocol Version (CAP) info object
|
2018-02-08 07:45:41 +01:00 |
cap-resource
|
add: Common Alerting Protocol Version (CAP) resource object
|
2018-02-08 11:53:05 +01:00 |
coin-address
|
fix: [definition] Fixed current balance type, is float.
|
2018-10-30 22:58:54 +09:00 |
cookie
|
Add descriptions in all the objects
|
2017-08-29 18:36:46 +02:00 |
cortex
|
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with
|
2018-11-18 10:29:42 +01:00 |
cortex-taxonomy
|
chg: [cortex-taxonomy] aka mini-report
|
2018-11-18 10:11:25 +01:00 |
course-of-action
|
added option "Further Analysis Required" to attribute stage
|
2019-04-15 17:41:39 +05:30 |
cowrie
|
fix: disable correlation for compression algorithms
|
2018-03-01 21:09:04 +01:00 |
credential
|
Username is often utilised alongside a credential
|
2019-04-02 18:26:00 +01:00 |
credit-card
|
Fixing typo in the credit-card object
|
2017-09-21 15:35:05 +02:00 |
ddos
|
disable correlation for last-seen/first-seen/text
|
2017-12-05 11:05:56 +01:00 |
device
|
chg: [device] name of an object must be lowercase
|
2019-04-21 15:57:07 +02:00 |
diameter-attack
|
add: Diameter attack object targeting GSM, UMTS and 4G networks.
|
2018-01-05 14:34:20 +01:00 |
domain-ip
|
Merge pull request #181 from ater49/master
|
2019-05-04 09:35:11 +02:00 |
elf
|
chg: [elf] disable correlation on file type
|
2019-02-20 10:43:38 +01:00 |
elf-section
|
Disable some correlations
|
2017-09-11 16:08:03 +02:00 |
email
|
chg: [email] IP and hostname fields from extracted headers
|
2019-02-14 14:33:39 +01:00 |
exploit-poc
|
chg: [exploit-poc] a same context can contains multiple PoC samples
|
2018-07-10 09:32:12 +02:00 |
facial-composite
|
add: [facial-composite] new facial composite object
|
2018-12-21 20:41:45 +01:00 |
fail2ban
|
new: Attach logfile to fail2ban
|
2018-03-27 10:25:54 +02:00 |
file
|
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
|
2019-04-30 12:32:22 -05:00 |
forensic-case
|
chg: [forensic-case] object added based on the original one from @Aks6193
|
2018-09-03 13:54:59 +02:00 |
forensic-evidence
|
chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields
|
2018-09-04 20:48:51 +02:00 |
geolocation
|
chg: [geolocation] disable correlation on specific attributes
|
2018-08-15 18:34:35 +02:00 |
gtp-attack
|
fix: GTPInterface updated
|
2018-01-05 14:26:28 +01:00 |
http-request
|
chg: [http-request] IP as allowed type
|
2019-01-03 15:07:08 +01:00 |
ilr-impact
|
remove accent from ilrobjects
|
2019-02-26 15:57:58 +01:00 |
ilr-notification-incident
|
remove accent from ilr objects - bis
|
2019-02-26 16:00:23 +01:00 |
internal-reference
|
fix: JQ things
|
2018-10-25 17:45:47 -04:00 |
interpol-notice
|
fix required field for interpol notice
|
2019-01-28 15:40:07 +01:00 |
ip-api-address
|
chg: [ip-api-adress] updated to ensure correlation disabled
|
2018-10-28 15:07:35 +01:00 |
ip-port
|
chg: [ip-port] ip-src added to fix #149
|
2019-04-07 22:28:36 +02:00 |
irc
|
chg: [irc] add nickname used for associated IRC server and channel(s)
|
2019-04-27 10:32:10 +02:00 |
ja3
|
Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version
|
2018-12-30 12:31:17 +01:00 |
legal-entity
|
Fixed disable_correlation variable type
|
2018-02-06 15:36:57 +01:00 |
lnk
|
chg: [lnk] new LNK object (Windows Shortcut)
|
2019-04-03 14:05:39 +02:00 |
macho
|
Typo fixed
|
2017-08-29 22:02:10 +02:00 |
macho-section
|
Update definitions of binaries
|
2017-08-29 13:25:58 +02:00 |
mactime-timeline-analysis
|
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
|
2019-04-30 12:32:22 -05:00 |
malware-config
|
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded
|
2018-09-21 07:11:38 +02:00 |
microblog
|
chg: [microblog] state field added to describe if the tweet is malicious
|
2019-05-09 17:35:14 +02:00 |
mutex
|
add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program
|
2018-01-22 13:34:33 +01:00 |
netflow
|
Fix typo in the field
|
2017-10-13 15:08:25 +02:00 |
network-connection
|
chg: [network-connection] disable correlation
|
2018-10-06 20:27:51 +02:00 |
network-socket
|
add: Added protocol attribute in the network socket object
|
2018-05-08 09:26:24 +02:00 |
organization
|
meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category
|
2019-04-14 11:32:55 +05:30 |
original-imported-file
|
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
|
2019-04-30 12:32:22 -05:00 |
passive-dns
|
fix: Passive DNS records especially on the disabled_correlation fields
|
2018-01-25 15:07:19 +01:00 |
paste
|
Fixed misp-attribute in link attribute of paste object
|
2018-11-02 00:40:55 +01:00 |
pcap-metadata
|
chg: [pcap-metadata] linktype added in the sane default
|
2018-10-24 07:35:31 +02:00 |
pe
|
fix: disable correlation on all filename-*
|
2017-12-24 15:05:12 +01:00 |
pe-section
|
new: Add offset, virtual_address and virtual_size to the pe section object
|
2019-05-03 11:19:42 +02:00 |
person
|
chg: [person] Gender unknown added
|
2019-05-16 15:08:43 +02:00 |
phishing
|
corrected order
|
2019-02-25 09:29:15 +01:00 |
phishing-kit
|
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
|
2019-04-30 12:32:22 -05:00 |
phone
|
phone defintion fixed
|
2017-08-27 08:30:58 +02:00 |
process
|
chg: [process] fix the type - fix #160
|
2019-04-02 19:56:59 +02:00 |
python-etvx-event-log
|
update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects.
|
2019-04-30 12:32:22 -05:00 |
r2graphity
|
fix: requiredOneOf list of r2graphity was wrong
|
2017-11-10 13:28:05 -08:00 |
regexp
|
regexp object - change version
|
2018-04-13 10:56:56 +02:00 |
registry-key
|
fix: registry-key updated
|
2018-01-18 13:49:03 +01:00 |
regripper-NTUser
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-sam-hive-single-user
|
chg: [regripper-sam-hive-single-user] uuid fixed
|
2018-10-25 17:49:20 +02:00 |
regripper-sam-hive-user-group
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-BHO
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-appInit-DLLS
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-application-paths
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-applications-installed
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-command-shell
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-general-windows-info
|
fix: various typos
|
2018-10-25 17:38:26 +02:00 |
regripper-software-hive-software-run
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-userprofile-winlogon
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-system-hive-firewall-configuration
|
typo fixed
|
2018-10-25 17:42:57 +02:00 |
regripper-system-hive-general-configuration
|
chg: [regripper] version updated
|
2019-05-01 21:32:14 +02:00 |
regripper-system-hive-network-information
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-system-hive-service-drivers
|
chg: [regripper] version updated
|
2019-05-01 21:32:14 +02:00 |
report
|
fixed typos and ran jq_all_things
|
2019-04-13 13:45:05 +05:30 |
research-scanner
|
New object: Information related to known scanning activity (e.g. from research projects)
|
2019-01-02 16:19:08 +01:00 |
rogue-dns
|
chg: [rogue-dns] new object template expressing rogue dns
|
2019-06-18 17:39:47 +02:00 |
rtir
|
add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform)
|
2017-10-12 22:08:09 +02:00 |
sandbox-report
|
fix failing check via running .jq_all_the_things.sh
|
2018-10-24 14:14:32 +02:00 |
sb-signature
|
fix: Make the schema happy.
|
2018-01-23 10:46:15 +01:00 |
script
|
chg: [script] requiredOneOf for script or filename
|
2019-05-23 11:24:05 +02:00 |
shell-commands
|
chg: [shell-commands] fix typo in object name
|
2019-06-01 10:13:06 +02:00 |
short-message-service
|
new: [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added
|
2018-07-18 09:52:31 +02:00 |
shortened-link
|
renamed url attributed, versioning date based
|
2018-06-05 14:39:12 +02:00 |
splunk
|
jq'ed definition.json
|
2019-02-21 19:36:07 +01:00 |
ss7-attack
|
chg: change version of the SS7 template object
|
2018-05-29 16:07:50 +02:00 |
ssh-authorized-keys
|
add: [ssh-authorized-keys] object to add elements from SSH authorized
|
2019-05-19 17:47:51 +02:00 |
stix2-pattern
|
fix: version field added if stix2-pattern has multiple version in the future
|
2018-03-19 17:33:45 +01:00 |
suricata
|
fix: [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format
|
2018-07-09 21:50:44 +02:00 |
target-system
|
moved object into internal
|
2018-04-10 16:08:04 +00:00 |
threatgrid-report
|
new: threatgrid-report object template
|
2018-07-16 13:48:56 +02:00 |
timecode
|
chg: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.
|
2018-05-21 10:19:54 +02:00 |
timesketch-timeline
|
add: missing timesketch-timeline object template
|
2018-06-22 07:44:20 +02:00 |
timesketch_message
|
new misp object for a timesketch message
|
2018-11-23 15:40:57 +01:00 |
timestamp
|
add: new timestamp object
|
2018-04-30 16:27:17 +02:00 |
tor-hiddenservice
|
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service
|
2019-04-05 11:22:22 +02:00 |
tor-node
|
Improved Tor node object to include support of the new Tor monitoring
|
2017-07-06 14:57:32 +02:00 |
tracking-id
|
chg: [tracking-id] add the tracker origin such as the vendor or software
|
2018-09-09 12:39:22 +02:00 |
transaction
|
Fixed the bank-account meta-category
|
2018-02-20 15:44:02 +01:00 |
url
|
fix the required part of the url
|
2018-10-23 20:03:58 +02:00 |
vehicle
|
chg: Bump vehicle object
|
2019-04-02 17:09:02 +02:00 |
victim
|
Object Victim - Extended requiredOneof
|
2018-12-21 12:27:11 +01:00 |
virustotal-report
|
Adding ui-priority fields
|
2018-04-23 11:22:39 +02:00 |
vulnerability
|
chg: [vulnerability] is now in its own vulnerability meta-category
|
2018-07-10 07:38:28 +02:00 |
whois
|
Update definition.json
|
2018-04-26 16:53:24 +02:00 |
x509
|
chg: [jq] jq all the things(tm)
|
2019-05-05 12:33:59 +02:00 |
yabin
|
Updated following Andras feedback
|
2017-09-06 16:13:35 +02:00 |
yara
|
add: Context where the YARA rule can be applied
|
2018-05-01 11:21:05 +02:00 |