mirror of https://github.com/MISP/misp-rfc
chg: [datatypes] updated to the latest version
parent
602ea6ccde
commit
0cb9a0f46e
|
@ -537,7 +537,7 @@ Internet-Draft MISP core format August 2018
|
||||||
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
||||||
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
||||||
github-repository, other, cortex
|
hassh-md5, hasshserver-md5, github-repository, other, cortex
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
@ -552,8 +552,8 @@ Internet-Draft MISP core format August 2018
|
||||||
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
||||||
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
||||||
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
||||||
fingerprint-md5, other, hex, cookie, hostname|port, bro
|
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
||||||
|
hostname|port, bro
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -580,10 +580,11 @@ Internet-Draft MISP core format August 2018
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, x509-
|
link, malware-type, comment, text, hex, vulnerability, x509-
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name,
|
ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
||||||
email-src-display-name, email-header, email-reply-to, email-
|
hostname|port, email-dst-display-name, email-src-display-name,
|
||||||
x-mailer, email-mime-boundary, email-thread-index, email-message-
|
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
||||||
id, mobile-application-id, whois-registrant-email
|
email-thread-index, email-message-id, mobile-application-id,
|
||||||
|
whois-registrant-email
|
||||||
|
|
||||||
Payload installation
|
Payload installation
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
|
@ -609,7 +610,6 @@ Internet-Draft MISP core format August 2018
|
||||||
gender, passport-number, passport-country, passport-expiration,
|
gender, passport-number, passport-country, passport-expiration,
|
||||||
redress-number, nationality, visa-number, issue-date-of-the-visa,
|
redress-number, nationality, visa-number, issue-date-of-the-visa,
|
||||||
primary-residence, country-of-residence, special-service-request,
|
primary-residence, country-of-residence, special-service-request,
|
||||||
frequent-flyer-number, travel-details, payment-details, place-
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -618,6 +618,7 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 11]
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
|
frequent-flyer-number, travel-details, payment-details, place-
|
||||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||||
of-onward-foreign-destination, passenger-name-record-locator-
|
of-onward-foreign-destination, passenger-name-record-locator-
|
||||||
number, comment, text, other, phone-number, identity-card-number
|
number, comment, text, other, phone-number, identity-card-number
|
||||||
|
@ -668,7 +669,6 @@ Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires February 9, 2019 [Page 12]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 12]
|
||||||
|
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
@ -909,7 +909,7 @@ Internet-Draft MISP core format August 2018
|
||||||
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
||||||
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
||||||
github-repository, other, cortex
|
hassh-md5, hasshserver-md5, github-repository, other, cortex
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
@ -924,7 +924,8 @@ Internet-Draft MISP core format August 2018
|
||||||
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
||||||
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
||||||
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
||||||
fingerprint-md5, other, hex, cookie, hostname|port, bro
|
fingerprint-md5, hassh-md5, hasshserver-md5, other, hex, cookie,
|
||||||
|
hostname|port, bro
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
|
@ -944,8 +945,7 @@ Internet-Draft MISP core format August 2018
|
||||||
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
link, malware-type, comment, text, hex, vulnerability, x509-
|
link, malware-type, comment, text, hex, vulnerability, x509-
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name,
|
ja3-fingerprint-md5, hassh-md5, hasshserver-md5, other,
|
||||||
email-src-display-name, email-header, email-reply-to, email-
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -954,8 +954,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 17]
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
x-mailer, email-mime-boundary, email-thread-index, email-message-
|
hostname|port, email-dst-display-name, email-src-display-name,
|
||||||
id, mobile-application-id, whois-registrant-email
|
email-header, email-reply-to, email-x-mailer, email-mime-boundary,
|
||||||
|
email-thread-index, email-message-id, mobile-application-id,
|
||||||
|
whois-registrant-email
|
||||||
|
|
||||||
Payload installation
|
Payload installation
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
|
@ -998,9 +1000,7 @@ Internet-Draft MISP core format August 2018
|
||||||
target-user, target-email, target-machine, target-org, target-
|
target-user, target-email, target-machine, target-org, target-
|
||||||
location, target-external, comment
|
location, target-external, comment
|
||||||
|
|
||||||
Attributes are based on the usage within their different communities.
|
|
||||||
Attributes can be extended on a regular basis and this reference
|
|
||||||
document is updated accordingly.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1010,6 +1010,10 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 18]
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
|
Attributes are based on the usage within their different communities.
|
||||||
|
Attributes can be extended on a regular basis and this reference
|
||||||
|
document is updated accordingly.
|
||||||
|
|
||||||
2.5.2.4. category
|
2.5.2.4. category
|
||||||
|
|
||||||
category represents the intent of what the attribute is describing as
|
category represents the intent of what the attribute is describing as
|
||||||
|
@ -1054,10 +1058,6 @@ Internet-Draft MISP core format August 2018
|
||||||
the ShadowAttribute proposes the creation of a new Attribute, it
|
the ShadowAttribute proposes the creation of a new Attribute, it
|
||||||
should be set to 0.
|
should be set to 0.
|
||||||
|
|
||||||
old_id is represented as a JSON string. old_id MUST be present.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1066,6 +1066,8 @@ Dulaunoy & Iklody Expires February 9, 2019 [Page 19]
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
|
old_id is represented as a JSON string. old_id MUST be present.
|
||||||
|
|
||||||
2.5.2.8. timestamp
|
2.5.2.8. timestamp
|
||||||
|
|
||||||
timestamp represents a reference time when the attribute was created
|
timestamp represents a reference time when the attribute was created
|
||||||
|
@ -1115,8 +1117,6 @@ Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires February 9, 2019 [Page 20]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 20]
|
||||||
|
|
||||||
Internet-Draft MISP core format August 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
Loading…
Reference in New Issue