MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

Various fixes

pull/8/head
Alexandre Dulaunoy 2017-09-21 14:17:37 +02:00
parent 529e09f75c
commit 0861d05ab2
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
misp-galaxy-format/raw.md
View File

@ -1,11 +1,11 @@
% Title = "MISP taxonomy format" % Title = "MISP galaxy format"
% abbrev = "MISP taxonomy format" % abbrev = "MISP galaxy format"
% category = "info" % category = "info"
% docName = "draft-dulaunoy-misp-taxonomy-format" % docName = "draft-dulaunoy-misp-galaxy-format"
% ipr= "trust200902" % ipr= "trust200902"
% area = "Security" % area = "Security"
% %
% date = 2017-09-04T00:00:00Z % date = 2017-09-21T00:00:00Z
% %
% [[author]] % [[author]]
% initials="A." % initials="A."
@ -35,6 +35,22 @@
% city = "Luxembourg" % city = "Luxembourg"
% code = "L-1611" % code = "L-1611"
% country = "Luxembourg" % country = "Luxembourg"
% [[author]]
% initials="D."
% surname="Servili"
% fullname="Deborah"
% abbrev="CIRCL"
% organization = "Computer Incident Response Center Luxembourg"
% [author.address]
% email = "deborah.servili@circl.lu"
% phone = "+352 247 88444"
% [author.address.postal]
% street = " 16, bd d'Avranches"
% city = "Luxembourg"
% code = "L-1611"
% country = "Luxembourg"
.# Abstract .# Abstract
@ -58,13 +74,13 @@ document are to be interpreted as described in RFC 2119 [@!RFC2119].
A cluster is composed of a value (**MUST**), a description (**OPTIONAL**) and metadata (**OPTIONAL**). A cluster is composed of a value (**MUST**), a description (**OPTIONAL**) and metadata (**OPTIONAL**).
Clusters are represented as a json dictionary. Clusters are represented as a JSON [@!RFC4627] dictionary.
## Overview ## Overview
The MISP galaxy format uses the JSON [@!RFC4627] format. Each galaxy is represented as a JSON object with meta information including the following fields: name, uuid, description, version, type, authors, source, values. The MISP galaxy format uses the JSON [@!RFC4627] format. Each galaxy is represented as a JSON object with meta information including the following fields: name, uuid, description, version, type, authors, source, values.
name defines teh name of the galaxy. The name is represented as a string and **MUST** be present. +uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the object reference. The uuid **MUST** be preserved. For any updates or transfer of the same object reference. UUID version 4 is **RECOMMENDED** when assigning it to a new object reference and **MUST** be present. The description is represented as a string and **MUST** be present. The uuid is represented as a string and **MUST** be present. The version is represented as a decimal and **MUST** be present. The source is represented as a string and **MUST** be present. Authors are represented as an array containing one or more author and **MUST** be present. name defines the name of the galaxy. The name is represented as a string and **MUST** be present. The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the object reference. The uuid **MUST** be preserved. For any updates or transfer of the same object reference. UUID version 4 is **RECOMMENDED** when assigning it to a new object reference and **MUST** be present. The description is represented as a string and **MUST** be present. The uuid is represented as a string and **MUST** be present. The version is represented as a decimal and **MUST** be present. The source is represented as a string and **MUST** be present. Authors are represented as an array containing one or more author and **MUST** be present.
Values are represented as an array containing one or more value and **MUST** be present. Values defines all values available in the galaxy. Values are represented as an array containing one or more value and **MUST** be present. Values defines all values available in the galaxy.
@ -85,7 +101,7 @@ country, motive **MAY** be used to give further information in threat-actor gala
colour fields MAY be used at predicates or values level to set a specify colour that MAY be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation. colour fields MAY be used at predicates or values level to set a specify colour that MAY be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation.
encryption, extensions, ransomnotes **MAY** be used to give fursther information in ransomware galaxy. encryption is represented as a string and **SHALL** be present. extensions is represented as an array containing one or more strings and **SHALL** be present. ransomnotes is represented as an array containing one or more strings ans **SHALL** be present. encryption, extensions, ransomnotes **MAY** be used to give further information in ransomware galaxy. encryption is represented as a string and **SHALL** be present. extensions is represented as an array containing one or more strings and **SHALL** be present. ransomnotes is represented as an array containing one or more strings ans **SHALL** be present.
date, status **MAY** be used to give time information about an cluster. date is represented as a string decribing a time or period and **SHALL** be present. status is represented as a string describing the current status of the clusters. It **MAY** also describe a time or period and **SHALL** be present. date, status **MAY** be used to give time information about an cluster. date is represented as a string decribing a time or period and **SHALL** be present. status is represented as a string describing the current status of the clusters. It **MAY** also describe a time or period and **SHALL** be present.