orgc/org added and timestamp(s)

2016-10-03 07:52:25 +02:00 · 2016-10-03 07:52:25 +02:00 · 063466e6bd
parent 13fd35114a
commit 063466e6bd
2 changed files with 98 additions and 15 deletions
--- a/misp-core-format/raw.md
+++ b/misp-core-format/raw.md
@ -131,6 +131,33 @@ date represents a reference date to the event in year-month-date format. For a m

 date is represented as a JSON string.

+#### timestamp
+
+timestamp represents a reference time when the event was created. timestamp is expressed in seconds (decimal) since 1st of January 1970 (Unix timestamp). The time zone MUST be UTC.
+
+timestamp is represented as a JSON string.
+
+#### publish_timestamp
+
+publish_timestamp represents a reference time when the event was published. published_timestamp is expressed in seconds (decimal) since 1st of January 1970 (Unix timestamp). At each publication of an event, publish_timestamp MUST be updated. The time zone MUST be UTC.
+
+publish_timestamp is represented as a JSON string.
+
+#### org_id
+
+org_id represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organization which generated the event. The org_id MUST
+be updated when the event is generated by a new instance.
+
+org_id is represented as a JSON string. org_id MUST be present.
+
+#### orgc_id
+
+orgc_id represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organization which created the event.
+The orgc_id MUST be preserved for any updates or transfer of the same event. UUID version 4 is RECOMMENDED when assigning it to a new event.
+orgc_id is globally assigned to an organization and SHALL be kept overtime.
+
+orgc_id is represented as a JSON string. orgc_id MUST be present.
+

 <reference anchor='MISP-P' target='https://github.com/MISP'>
  <front>
--- a/misp-core-format/raw.md.txt
+++ b/misp-core-format/raw.md.txt
@ -70,8 +70,8 @@ Table of Contents
     2.1.  Overview  . . . . . . . . . . . . . . . . . . . . . . . .   2
     2.2.  Event . . . . . . . . . . . . . . . . . . . . . . . . . .   3
       2.2.1.  Event Attributes  . . . . . . . . . . . . . . . . . .   3
-   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
-     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
+   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
+     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     3.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   5
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5
@ -195,6 +195,49 @@ Internet-Draft              MISP core format                October 2016

   date is represented as a JSON string.

+2.2.1.7.  timestamp
+
+   timestamp represents a reference time when the event was created.
+   timestamp is expressed in seconds (decimal) since 1st of January 1970
+   (Unix timestamp).  The time zone MUST be UTC.
+
+   timestamp is represented as a JSON string.
+
+2.2.1.8.  publish_timestamp
+
+   publish_timestamp represents a reference time when the event was
+   published. published_timestamp is expressed in seconds (decimal)
+   since 1st of January 1970 (Unix timestamp).  At each publication of
+   an event, publish_timestamp MUST be updated.  The time zone MUST be
+   UTC.
+
+   publish_timestamp is represented as a JSON string.
+
+2.2.1.9.  org_id
+
+   org_id represents the Universally Unique IDentifier (UUID) [RFC4122]
+   of the organization which generated the event.  The org_id MUST be
+   updated when the event is generated by a new instance.
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 4]
+
+Internet-Draft              MISP core format                October 2016
+
+
+   org_id is represented as a JSON string. org_id MUST be present.
+
+2.2.1.10.  orgc_id
+
+   orgc_id represents the Universally Unique IDentifier (UUID) [RFC4122]
+   of the organization which created the event.  The orgc_id MUST be
+   preserved for any updates or transfer of the same event.  UUID
+   version 4 is RECOMMENDED when assigning it to a new event.  orgc_id
+   is globally assigned to an organization and SHALL be kept overtime.
+
+   orgc_id is represented as a JSON string. orgc_id MUST be present.
+
 3.  References

 3.1.  Normative References
@ -214,18 +257,6 @@ Internet-Draft              MISP core format                October 2016
              DOI 10.17487/RFC4627, July 2006,
              <http://www.rfc-editor.org/info/rfc4627>.

-
-
-
-
-
-
-
-Dulaunoy & Iklody         Expires April 4, 2017                 [Page 4]
-
-Internet-Draft              MISP core format                October 2016
-
-
 3.2.  Informative References

   [MISP-P]   MISP, , "MISP Project - Malware Information Sharing
@ -238,6 +269,19 @@ Appendix A.  Acknowledgements

 Authors' Addresses

+
+
+
+
+
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 5]
+
+Internet-Draft              MISP core format                October 2016
+
+
   Alexandre Dulaunoy
   Computer Incident Response Center Luxembourg
   41, avenue de la gare
@ -277,4 +321,16 @@ Authors' Addresses



-Dulaunoy & Iklody         Expires April 4, 2017                 [Page 5]
+
+
+
+
+
+
+
+
+
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 6]