misp-objects/objects
Andras Iklody ed271a3b7d
Merge pull request #173 from haxpak/master
added option "Further Analysis Required" to attribute stage of object course-of-action
2019-04-16 07:42:32 +02:00
..
TSK-Chats fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Bookmark fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Cookie fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Downloads chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default) 2018-10-25 17:45:58 +02:00
TSK-Web-History fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
TSK-Web-Search-Query fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
ail-leak
ais-info
android-permission
annotation fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
anonymisation chg: [anonymisation] add level-of-knowledge to request for more information if needed 2019-02-01 10:19:25 +01:00
asn
av-signature
bank-account
bgp-hijack
cap-alert
cap-info
cap-resource
coin-address fix: [definition] Fixed current balance type, is float. 2018-10-30 22:58:54 +09:00
cookie
cortex chg: [cortex] description updated as TheHive/Cortex observables will be attributes with 2018-11-18 10:29:42 +01:00
cortex-taxonomy chg: [cortex-taxonomy] aka mini-report 2018-11-18 10:11:25 +01:00
course-of-action added option "Further Analysis Required" to attribute stage 2019-04-15 17:41:39 +05:30
cowrie
credential Username is often utilised alongside a credential 2019-04-02 18:26:00 +01:00
credit-card
ddos
device added attribute DNS name to device object 2019-04-15 10:33:08 +05:30
diameter-attack
domain-ip
elf chg: [elf] disable correlation on file type 2019-02-20 10:43:38 +01:00
elf-section
email chg: [email] IP and hostname fields from extracted headers 2019-02-14 14:33:39 +01:00
exploit-poc
facial-composite add: [facial-composite] new facial composite object 2018-12-21 20:41:45 +01:00
fail2ban
file chg: [file] preferred charset used by the file (if decoded from mime-type parsing) 2019-02-14 14:16:01 +01:00
forensic-case
forensic-evidence
geolocation
gtp-attack
http-request chg: [http-request] IP as allowed type 2019-01-03 15:07:08 +01:00
ilr-impact remove accent from ilrobjects 2019-02-26 15:57:58 +01:00
ilr-notification-incident remove accent from ilr objects - bis 2019-02-26 16:00:23 +01:00
internal-reference fix: JQ things 2018-10-25 17:45:47 -04:00
interpol-notice fix required field for interpol notice 2019-01-28 15:40:07 +01:00
ip-api-address chg: [ip-api-adress] updated to ensure correlation disabled 2018-10-28 15:07:35 +01:00
ip-port chg: [ip-port] ip-src added to fix #149 2019-04-07 22:28:36 +02:00
ja3 Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version 2018-12-30 12:31:17 +01:00
legal-entity
lnk chg: [lnk] new LNK object (Windows Shortcut) 2019-04-03 14:05:39 +02:00
macho
macho-section
mactime-timeline-analysis chg: [mactime-timeline-analysis] disable some correlations 2018-10-29 20:43:36 +01:00
malware-config
microblog chg: [microblog] a small clarification about the username to avoid the @ 2018-11-26 22:21:51 +01:00
mutex
netflow
network-connection
network-socket
organization meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category 2019-04-14 11:32:55 +05:30
original-imported-file fix: Disabled correlation for original imported samples 2019-01-11 16:50:29 +01:00
passive-dns
paste Fixed misp-attribute in link attribute of paste object 2018-11-02 00:40:55 +01:00
pcap-metadata
pe
pe-section
person corrected typo 2019-04-14 11:27:29 +05:30
phishing corrected order 2019-02-25 09:29:15 +01:00
phishing-kit modified: objects/device/definition.json 2019-04-14 11:04:57 +05:30
phone
process chg: [process] fix the type - fix #160 2019-04-02 19:56:59 +02:00
python-etvx-event-log fix typo 2018-10-25 17:35:50 +02:00
r2graphity
regexp
registry-key
regripper-NTUser fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-sam-hive-single-user chg: [regripper-sam-hive-single-user] uuid fixed 2018-10-25 17:49:20 +02:00
regripper-sam-hive-user-group fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-BHO fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-appInit-DLLS fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-application-paths fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-applications-installed fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-command-shell fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-general-windows-info fix: various typos 2018-10-25 17:38:26 +02:00
regripper-software-hive-software-run fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-software-hive-userprofile-winlogon fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-firewall-configuration typo fixed 2018-10-25 17:42:57 +02:00
regripper-system-hive-general-configuration fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-network-information fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
regripper-system-hive-service-drivers fix: jq all the things(tm) 2018-10-25 17:31:36 +02:00
report fixed typos and ran jq_all_things 2019-04-13 13:45:05 +05:30
research-scanner New object: Information related to known scanning activity (e.g. from research projects) 2019-01-02 16:19:08 +01:00
rtir
sandbox-report
sb-signature
script chg: [script] filename added to fix #149 2019-04-07 22:24:58 +02:00
short-message-service
shortened-link
splunk jq'ed definition.json 2019-02-21 19:36:07 +01:00
ss7-attack
stix2-pattern
suricata
target-system
threatgrid-report
timecode
timesketch-timeline
timesketch_message new misp object for a timesketch message 2018-11-23 15:40:57 +01:00
timestamp
tor-hiddenservice add: [tor-hiddenservice] a simple object template to describe Tor Onion Service 2019-04-05 11:22:22 +02:00
tor-node
tracking-id
transaction
url
vehicle chg: Bump vehicle object 2019-04-02 17:09:02 +02:00
victim Object Victim - Extended requiredOneof 2018-12-21 12:27:11 +01:00
virustotal-report
vulnerability
whois
x509 Added issuer as one of the required fields 2019-04-02 17:28:49 +01:00
yabin
yara