.. |
TSK-Chats
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Bookmark
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Cookie
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Downloads
|
chg: [tsk-web-downloads] including link versus url (we assume it's malicious link by default)
|
2018-10-25 17:45:58 +02:00 |
TSK-Web-History
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
TSK-Web-Search-Query
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
ail-leak
|
…
|
|
ais-info
|
…
|
|
android-permission
|
…
|
|
annotation
|
fixed typos and ran jq_all_things
|
2019-04-13 13:45:05 +05:30 |
anonymisation
|
chg: [anonymisation] add level-of-knowledge to request for more information if needed
|
2019-02-01 10:19:25 +01:00 |
asn
|
…
|
|
av-signature
|
…
|
|
bank-account
|
…
|
|
bgp-hijack
|
…
|
|
cap-alert
|
…
|
|
cap-info
|
…
|
|
cap-resource
|
…
|
|
coin-address
|
fix: [definition] Fixed current balance type, is float.
|
2018-10-30 22:58:54 +09:00 |
cookie
|
…
|
|
cortex
|
chg: [cortex] description updated as TheHive/Cortex observables will be attributes with
|
2018-11-18 10:29:42 +01:00 |
cortex-taxonomy
|
chg: [cortex-taxonomy] aka mini-report
|
2018-11-18 10:11:25 +01:00 |
course-of-action
|
added option "Further Analysis Required" to attribute stage
|
2019-04-15 17:41:39 +05:30 |
cowrie
|
…
|
|
credential
|
Username is often utilised alongside a credential
|
2019-04-02 18:26:00 +01:00 |
credit-card
|
…
|
|
ddos
|
…
|
|
device
|
added attribute DNS name to device object
|
2019-04-15 10:33:08 +05:30 |
diameter-attack
|
…
|
|
domain-ip
|
…
|
|
elf
|
chg: [elf] disable correlation on file type
|
2019-02-20 10:43:38 +01:00 |
elf-section
|
…
|
|
email
|
chg: [email] IP and hostname fields from extracted headers
|
2019-02-14 14:33:39 +01:00 |
exploit-poc
|
…
|
|
facial-composite
|
add: [facial-composite] new facial composite object
|
2018-12-21 20:41:45 +01:00 |
fail2ban
|
…
|
|
file
|
chg: [file] preferred charset used by the file (if decoded from mime-type parsing)
|
2019-02-14 14:16:01 +01:00 |
forensic-case
|
…
|
|
forensic-evidence
|
…
|
|
geolocation
|
…
|
|
gtp-attack
|
…
|
|
http-request
|
chg: [http-request] IP as allowed type
|
2019-01-03 15:07:08 +01:00 |
ilr-impact
|
remove accent from ilrobjects
|
2019-02-26 15:57:58 +01:00 |
ilr-notification-incident
|
remove accent from ilr objects - bis
|
2019-02-26 16:00:23 +01:00 |
internal-reference
|
fix: JQ things
|
2018-10-25 17:45:47 -04:00 |
interpol-notice
|
fix required field for interpol notice
|
2019-01-28 15:40:07 +01:00 |
ip-api-address
|
chg: [ip-api-adress] updated to ensure correlation disabled
|
2018-10-28 15:07:35 +01:00 |
ip-port
|
chg: [ip-port] ip-src added to fix #149
|
2019-04-07 22:28:36 +02:00 |
ja3
|
Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version
|
2018-12-30 12:31:17 +01:00 |
legal-entity
|
…
|
|
lnk
|
chg: [lnk] new LNK object (Windows Shortcut)
|
2019-04-03 14:05:39 +02:00 |
macho
|
…
|
|
macho-section
|
…
|
|
mactime-timeline-analysis
|
chg: [mactime-timeline-analysis] disable some correlations
|
2018-10-29 20:43:36 +01:00 |
malware-config
|
…
|
|
microblog
|
chg: [microblog] a small clarification about the username to avoid the @
|
2018-11-26 22:21:51 +01:00 |
mutex
|
…
|
|
netflow
|
…
|
|
network-connection
|
…
|
|
network-socket
|
…
|
|
organization
|
meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category
|
2019-04-14 11:32:55 +05:30 |
original-imported-file
|
fix: Disabled correlation for original imported samples
|
2019-01-11 16:50:29 +01:00 |
passive-dns
|
…
|
|
paste
|
Fixed misp-attribute in link attribute of paste object
|
2018-11-02 00:40:55 +01:00 |
pcap-metadata
|
…
|
|
pe
|
…
|
|
pe-section
|
…
|
|
person
|
corrected typo
|
2019-04-14 11:27:29 +05:30 |
phishing
|
corrected order
|
2019-02-25 09:29:15 +01:00 |
phishing-kit
|
modified: objects/device/definition.json
|
2019-04-14 11:04:57 +05:30 |
phone
|
…
|
|
process
|
chg: [process] fix the type - fix #160
|
2019-04-02 19:56:59 +02:00 |
python-etvx-event-log
|
fix typo
|
2018-10-25 17:35:50 +02:00 |
r2graphity
|
…
|
|
regexp
|
…
|
|
registry-key
|
…
|
|
regripper-NTUser
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-sam-hive-single-user
|
chg: [regripper-sam-hive-single-user] uuid fixed
|
2018-10-25 17:49:20 +02:00 |
regripper-sam-hive-user-group
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-BHO
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-appInit-DLLS
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-application-paths
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-applications-installed
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-command-shell
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-general-windows-info
|
fix: various typos
|
2018-10-25 17:38:26 +02:00 |
regripper-software-hive-software-run
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-software-hive-userprofile-winlogon
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-system-hive-firewall-configuration
|
typo fixed
|
2018-10-25 17:42:57 +02:00 |
regripper-system-hive-general-configuration
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-system-hive-network-information
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
regripper-system-hive-service-drivers
|
fix: jq all the things(tm)
|
2018-10-25 17:31:36 +02:00 |
report
|
fixed typos and ran jq_all_things
|
2019-04-13 13:45:05 +05:30 |
research-scanner
|
New object: Information related to known scanning activity (e.g. from research projects)
|
2019-01-02 16:19:08 +01:00 |
rtir
|
…
|
|
sandbox-report
|
…
|
|
sb-signature
|
…
|
|
script
|
chg: [script] filename added to fix #149
|
2019-04-07 22:24:58 +02:00 |
short-message-service
|
…
|
|
shortened-link
|
…
|
|
splunk
|
jq'ed definition.json
|
2019-02-21 19:36:07 +01:00 |
ss7-attack
|
…
|
|
stix2-pattern
|
…
|
|
suricata
|
…
|
|
target-system
|
…
|
|
threatgrid-report
|
…
|
|
timecode
|
…
|
|
timesketch-timeline
|
…
|
|
timesketch_message
|
new misp object for a timesketch message
|
2018-11-23 15:40:57 +01:00 |
timestamp
|
…
|
|
tor-hiddenservice
|
add: [tor-hiddenservice] a simple object template to describe Tor Onion Service
|
2019-04-05 11:22:22 +02:00 |
tor-node
|
…
|
|
tracking-id
|
…
|
|
transaction
|
…
|
|
url
|
…
|
|
vehicle
|
chg: Bump vehicle object
|
2019-04-02 17:09:02 +02:00 |
victim
|
Object Victim - Extended requiredOneof
|
2018-12-21 12:27:11 +01:00 |
virustotal-report
|
…
|
|
vulnerability
|
…
|
|
whois
|
…
|
|
x509
|
Added issuer as one of the required fields
|
2019-04-02 17:28:49 +01:00 |
yabin
|
…
|
|
yara
|
…
|
|