| .. |
|
TSK-Chats
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
TSK-Web-Bookmark
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
TSK-Web-Cookie
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
TSK-Web-Downloads
|
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
|
2018-10-25 17:45:58 +02:00 |
|
TSK-Web-History
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
TSK-Web-Search-Query
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
ail-leak
|
chg: [ail] version of the template updated
|
2018-09-12 22:11:46 +02:00 |
|
ais-info
|
…
|
|
|
android-permission
|
…
|
|
|
annotation
|
…
|
|
|
asn
|
…
|
|
|
av-signature
|
…
|
|
|
bank-account
|
…
|
|
|
bgp-hijack
|
bgp-hijack
|
2018-09-13 14:13:33 +02:00 |
|
cap-alert
|
…
|
|
|
cap-info
|
…
|
|
|
cap-resource
|
…
|
|
|
coin-address
|
…
|
|
|
cookie
|
…
|
|
|
course-of-action
|
…
|
|
|
cowrie
|
…
|
|
|
credential
|
…
|
|
|
credit-card
|
…
|
|
|
ddos
|
…
|
|
|
diameter-attack
|
…
|
|
|
domain-ip
|
…
|
|
|
elf
|
…
|
|
|
elf-section
|
…
|
|
|
email
|
…
|
|
|
exploit-poc
|
…
|
|
|
fail2ban
|
…
|
|
|
file
|
chg: [file] fullpath can be part of a single file object
|
2018-09-16 17:13:30 +02:00 |
|
forensic-case
|
…
|
|
|
forensic-evidence
|
chg: [forensic-evidence] updated to include other tools and correlation disabled for some fields
|
2018-09-04 20:48:51 +02:00 |
|
geolocation
|
…
|
|
|
gtp-attack
|
…
|
|
|
http-request
|
…
|
|
|
internal-reference
|
chg: Add type of internal reference
|
2018-10-25 15:47:04 -04:00 |
|
ip-api-address
|
fix: JQed ip-api-address template
|
2018-10-11 09:14:08 +02:00 |
|
ip-port
|
…
|
|
|
ja3
|
…
|
|
|
legal-entity
|
…
|
|
|
macho
|
…
|
|
|
macho-section
|
…
|
|
|
mactime-timeline-analysis
|
chg: jq all the things ;-)
|
2018-09-27 13:19:33 +02:00 |
|
malware-config
|
chg: [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded
|
2018-09-21 07:11:38 +02:00 |
|
microblog
|
…
|
|
|
mutex
|
…
|
|
|
netflow
|
…
|
|
|
network-connection
|
chg: [network-connection] disable correlation
|
2018-10-06 20:27:51 +02:00 |
|
network-socket
|
…
|
|
|
original-imported-file
|
fix: Disabled correlation of imported files format attribute
|
2018-10-22 10:13:48 +02:00 |
|
passive-dns
|
…
|
|
|
paste
|
…
|
|
|
pcap-metadata
|
chg: [pcap-metadata] linktype added in the sane default
|
2018-10-24 07:35:31 +02:00 |
|
pe
|
…
|
|
|
pe-section
|
…
|
|
|
person
|
chg: [person] add attributes to whois-related information which can be associated to a person
|
2018-10-23 08:43:35 +02:00 |
|
phishing
|
chg: [phishing] new template object (first draft) based on the phishtank format
|
2018-09-28 15:14:51 +02:00 |
|
phone
|
…
|
|
|
process
|
chg: [process] disable correlation where it's not required
|
2018-10-06 07:42:34 +02:00 |
|
python-etvx-event-log
|
fix typo
|
2018-10-25 17:35:50 +02:00 |
|
r2graphity
|
…
|
|
|
regexp
|
…
|
|
|
registry-key
|
…
|
|
|
regripper-NTUser
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-sam-hive-single-user
|
chg: [regripper-sam-hive-single-user] uuid fixed
|
2018-10-25 17:49:20 +02:00 |
|
regripper-sam-hive-user-group
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-BHO
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-appInit-DLLS
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-application-paths
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-applications-installed
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-command-shell
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-general-windows-info
|
fix: various typos
|
2018-10-25 17:38:26 +02:00 |
|
regripper-software-hive-software-run
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-software-hive-userprofile-winlogon
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-system-hive-firewall-configuration
|
typo fixed
|
2018-10-25 17:42:57 +02:00 |
|
regripper-system-hive-general-configuration
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-system-hive-network-information
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
regripper-system-hive-service-drivers
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
|
report
|
enable multiple summary attribute in report object
|
2018-10-22 14:55:27 +02:00 |
|
rtir
|
…
|
|
|
sandbox-report
|
fix failing check via running .jq_all_the_things.sh
|
2018-10-24 14:14:32 +02:00 |
|
sb-signature
|
…
|
|
|
script
|
…
|
|
|
short-message-service
|
…
|
|
|
shortened-link
|
…
|
|
|
ss7-attack
|
…
|
|
|
stix2-pattern
|
…
|
|
|
suricata
|
…
|
|
|
target-system
|
…
|
|
|
threatgrid-report
|
…
|
|
|
timecode
|
…
|
|
|
timesketch-timeline
|
…
|
|
|
timestamp
|
…
|
|
|
tor-node
|
…
|
|
|
tracking-id
|
chg: [tracking-id] add the tracker origin such as the vendor or software
|
2018-09-09 12:39:22 +02:00 |
|
transaction
|
…
|
|
|
url
|
fix the required part of the url
|
2018-10-23 20:03:58 +02:00 |
|
vehicle
|
…
|
|
|
victim
|
…
|
|
|
virustotal-report
|
…
|
|
|
vulnerability
|
…
|
|
|
whois
|
…
|
|
|
x509
|
…
|
|
|
yabin
|
…
|
|
|
yara
|
…
|
|
