MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [datatypes] updated to the latest version

pull/21/head
Alexandre Dulaunoy 2019-01-13 12:34:24 +01:00
parent 602ea6ccde
commit 0cb9a0f46e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
misp-core-format/raw.md.txt
View File

@ -537,7 +537,7 @@ Internet-Draft MISP core format August 2018
traffic, pattern-in-memory, vulnerability, attachment, malware- traffic, pattern-in-memory, vulnerability, attachment, malware-
sample, link, comment, text, x509-fingerprint-sha1, x509- sample, link, comment, text, x509-fingerprint-sha1, x509-
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
github-repository, other, cortex hassh-md5, hasshserver-md5, github-repository, other, cortex
Financial fraud Financial fraud
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
@ -552,8 +552,8 @@ Internet-Draft MISP core format August 2018
agent, http-method, AS, snort, pattern-in-file, stix2-pattern, agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
pattern-in-traffic, attachment, comment, text, x509-fingerprint- pattern-in-traffic, attachment, comment, text, x509-fingerprint-
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3- md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
fingerprint-md5, other, hex, cookie, hostname|port, bro fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
hostname|port, bro
@ -580,10 +580,11 @@ Internet-Draft MISP core format August 2018
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
link, malware-type, comment, text, hex, vulnerability, x509- link, malware-type, comment, text, hex, vulnerability, x509-
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
email-src-display-name, email-header, email-reply-to, email- hostname|port, email-dst-display-name, email-src-display-name,
x-mailer, email-mime-boundary, email-thread-index, email-message- email-header, email-reply-to, email-x-mailer, email-mime-boundary,
id, mobile-application-id, whois-registrant-email email-thread-index, email-message-id, mobile-application-id,
whois-registrant-email
Payload installation Payload installation
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
@ -609,7 +610,6 @@ Internet-Draft MISP core format August 2018
gender, passport-number, passport-country, passport-expiration, gender, passport-number, passport-country, passport-expiration,
redress-number, nationality, visa-number, issue-date-of-the-visa, redress-number, nationality, visa-number, issue-date-of-the-visa,
primary-residence, country-of-residence, special-service-request, primary-residence, country-of-residence, special-service-request,
frequent-flyer-number, travel-details, payment-details, place-
@ -618,6 +618,7 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 11]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018
frequent-flyer-number, travel-details, payment-details, place-
port-of-original-embarkation, place-port-of-clearance, place-port- port-of-original-embarkation, place-port-of-clearance, place-port-
of-onward-foreign-destination, passenger-name-record-locator- of-onward-foreign-destination, passenger-name-record-locator-
number, comment, text, other, phone-number, identity-card-number number, comment, text, other, phone-number, identity-card-number
@ -668,7 +669,6 @@ Internet-Draft MISP core format August 2018
Dulaunoy & Iklody Expires February 9, 2019 [Page 12] Dulaunoy & Iklody Expires February 9, 2019 [Page 12]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018
@ -909,7 +909,7 @@ Internet-Draft MISP core format August 2018
traffic, pattern-in-memory, vulnerability, attachment, malware- traffic, pattern-in-memory, vulnerability, attachment, malware-
sample, link, comment, text, x509-fingerprint-sha1, x509- sample, link, comment, text, x509-fingerprint-sha1, x509-
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5, fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
github-repository, other, cortex hassh-md5, hasshserver-md5, github-repository, other, cortex
Financial fraud Financial fraud
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
@ -924,7 +924,8 @@ Internet-Draft MISP core format August 2018
agent, http-method, AS, snort, pattern-in-file, stix2-pattern, agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
pattern-in-traffic, attachment, comment, text, x509-fingerprint- pattern-in-traffic, attachment, comment, text, x509-fingerprint-
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3- md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
fingerprint-md5, other, hex, cookie, hostname|port, bro fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
hostname|port, bro
Other Other
comment, text, other, size-in-bytes, counter, datetime, cpe, port, comment, text, other, size-in-bytes, counter, datetime, cpe, port,
@ -944,8 +945,7 @@ Internet-Draft MISP core format August 2018
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample, stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
link, malware-type, comment, text, hex, vulnerability, x509- link, malware-type, comment, text, hex, vulnerability, x509-
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256, fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name, ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
email-src-display-name, email-header, email-reply-to, email-
@ -954,8 +954,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 17]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018
x-mailer, email-mime-boundary, email-thread-index, email-message- hostname|port, email-dst-display-name, email-src-display-name,
id, mobile-application-id, whois-registrant-email email-header, email-reply-to, email-x-mailer, email-mime-boundary,
email-thread-index, email-message-id, mobile-application-id,
whois-registrant-email
Payload installation Payload installation
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256, md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
@ -998,9 +1000,7 @@ Internet-Draft MISP core format August 2018
target-user, target-email, target-machine, target-org, target- target-user, target-email, target-machine, target-org, target-
location, target-external, comment location, target-external, comment
Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference
document is updated accordingly.
@ -1010,6 +1010,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 18]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018
Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference
document is updated accordingly.
2.5.2.4. category 2.5.2.4. category
category represents the intent of what the attribute is describing as category represents the intent of what the attribute is describing as
@ -1054,10 +1058,6 @@ Internet-Draft MISP core format August 2018
the ShadowAttribute proposes the creation of a new Attribute, it the ShadowAttribute proposes the creation of a new Attribute, it
should be set to 0. should be set to 0.
old_id is represented as a JSON string. old_id MUST be present.
@ -1066,6 +1066,8 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 19]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018
old_id is represented as a JSON string. old_id MUST be present.
2.5.2.8. timestamp 2.5.2.8. timestamp
timestamp represents a reference time when the attribute was created timestamp represents a reference time when the attribute was created
@ -1115,8 +1117,6 @@ Internet-Draft MISP core format August 2018
Dulaunoy & Iklody Expires February 9, 2019 [Page 20] Dulaunoy & Iklody Expires February 9, 2019 [Page 20]
Internet-Draft MISP core format August 2018 Internet-Draft MISP core format August 2018