MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

orgc/org added and timestamp(s)

Rafiot-patch-1
Alexandre Dulaunoy 2016-10-03 07:52:25 +02:00
parent 13fd35114a
commit 063466e6bd
2 changed files with 98 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
misp-core-format/raw.md
View File

@ -131,6 +131,33 @@ date represents a reference date to the event in year-month-date format. For a m
date is represented as a JSON string. date is represented as a JSON string.
#### timestamp
timestamp represents a reference time when the event was created. timestamp is expressed in seconds (decimal) since 1st of January 1970 (Unix timestamp). The time zone MUST be UTC.
timestamp is represented as a JSON string.
#### publish_timestamp
publish_timestamp represents a reference time when the event was published. published_timestamp is expressed in seconds (decimal) since 1st of January 1970 (Unix timestamp). At each publication of an event, publish_timestamp MUST be updated. The time zone MUST be UTC.
publish_timestamp is represented as a JSON string.
#### org_id
org_id represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organization which generated the event. The org_id MUST
be updated when the event is generated by a new instance.
org_id is represented as a JSON string. org_id MUST be present.
#### orgc_id
orgc_id represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organization which created the event.
The orgc_id MUST be preserved for any updates or transfer of the same event. UUID version 4 is RECOMMENDED when assigning it to a new event.
orgc_id is globally assigned to an organization and SHALL be kept overtime.
orgc_id is represented as a JSON string. orgc_id MUST be present.
<reference anchor='MISP-P' target='https://github.com/MISP'> <reference anchor='MISP-P' target='https://github.com/MISP'>
<front> <front>

86
misp-core-format/raw.md.txt
View File

@ -70,8 +70,8 @@ Table of Contents
2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2. Event . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Event . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2.1. Event Attributes . . . . . . . . . . . . . . . . . . 3 2.2.1. Event Attributes . . . . . . . . . . . . . . . . . . 3
3. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Normative References . . . . . . . . . . . . . . . . . . 4 3.1. Normative References . . . . . . . . . . . . . . . . . . 5
3.2. Informative References . . . . . . . . . . . . . . . . . 5 3.2. Informative References . . . . . . . . . . . . . . . . . 5
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
@ -195,6 +195,49 @@ Internet-Draft MISP core format October 2016
date is represented as a JSON string. date is represented as a JSON string.
2.2.1.7. timestamp
timestamp represents a reference time when the event was created.
timestamp is expressed in seconds (decimal) since 1st of January 1970
(Unix timestamp). The time zone MUST be UTC.
timestamp is represented as a JSON string.
2.2.1.8. publish_timestamp
publish_timestamp represents a reference time when the event was
published. published_timestamp is expressed in seconds (decimal)
since 1st of January 1970 (Unix timestamp). At each publication of
an event, publish_timestamp MUST be updated. The time zone MUST be
UTC.
publish_timestamp is represented as a JSON string.
2.2.1.9. org_id
org_id represents the Universally Unique IDentifier (UUID) [RFC4122]
of the organization which generated the event. The org_id MUST be
updated when the event is generated by a new instance.
Dulaunoy & Iklody Expires April 4, 2017 [Page 4]
Internet-Draft MISP core format October 2016
org_id is represented as a JSON string. org_id MUST be present.
2.2.1.10. orgc_id
orgc_id represents the Universally Unique IDentifier (UUID) [RFC4122]
of the organization which created the event. The orgc_id MUST be
preserved for any updates or transfer of the same event. UUID
version 4 is RECOMMENDED when assigning it to a new event. orgc_id
is globally assigned to an organization and SHALL be kept overtime.
orgc_id is represented as a JSON string. orgc_id MUST be present.
3. References 3. References
3.1. Normative References 3.1. Normative References
@ -214,18 +257,6 @@ Internet-Draft MISP core format October 2016
DOI 10.17487/RFC4627, July 2006, DOI 10.17487/RFC4627, July 2006,
<http://www.rfc-editor.org/info/rfc4627>. <http://www.rfc-editor.org/info/rfc4627>.
Dulaunoy & Iklody Expires April 4, 2017 [Page 4]
Internet-Draft MISP core format October 2016
3.2. Informative References 3.2. Informative References
[MISP-P] MISP, , "MISP Project - Malware Information Sharing [MISP-P] MISP, , "MISP Project - Malware Information Sharing
@ -238,6 +269,19 @@ Appendix A. Acknowledgements
Authors' Addresses Authors' Addresses
Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
Internet-Draft MISP core format October 2016
Alexandre Dulaunoy Alexandre Dulaunoy
Computer Incident Response Center Luxembourg Computer Incident Response Center Luxembourg
41, avenue de la gare 41, avenue de la gare
@ -277,4 +321,16 @@ Authors' Addresses
Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
Dulaunoy & Iklody Expires April 4, 2017 [Page 6]