Merge pull request #12 from Delta-Sierra/master

Quick review of misp-galaxy-format rfc
pull/13/head
Alexandre Dulaunoy 2018-05-02 09:21:47 +02:00 committed by GitHub
commit 2167f61ebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 8 deletions

View File

@ -80,13 +80,13 @@ Clusters are represented as a JSON [@!RFC4627] dictionary.
The MISP galaxy format uses the JSON [@!RFC4627] format. Each galaxy is represented as a JSON object with meta information including the following fields: name, uuid, description, version, type, authors, source, values. The MISP galaxy format uses the JSON [@!RFC4627] format. Each galaxy is represented as a JSON object with meta information including the following fields: name, uuid, description, version, type, authors, source, values.
name defines the name of the galaxy. The name is represented as a string and **MUST** be present. The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the object reference. The uuid **MUST** be preserved. For any updates or transfer of the same object reference. UUID version 4 is **RECOMMENDED** when assigning it to a new object reference and **MUST** be present. The description is represented as a string and **MUST** be present. The uuid is represented as a string and **MUST** be present. The version is represented as a decimal and **MUST** be present. The source is represented as a string and **MUST** be present. Authors are represented as an array containing one or more author and **MUST** be present. name defines the name of the galaxy. The name is represented as a string and **MUST** be present. The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the object reference. The uuid **MUST** be preserved. For any updates or transfer of the same object reference. UUID version 4 is **RECOMMENDED** when assigning it to a new object reference and **MUST** be present. The description is represented as a string and **MUST** be present. The uuid is represented as a string and **MUST** be present. The version is represented as a decimal and **MUST** be present. The source is represented as a string and **MUST** be present. Authors are represented as an array containing one or more authors and **MUST** be present.
Values are represented as an array containing one or more value and **MUST** be present. Values defines all values available in the galaxy. Values are represented as an array containing one or more values and **MUST** be present. Values defines all values available in the galaxy.
## values ## values
The values array contains one or more JSON objects which represents all the possible values in the galaxy. The JSON object contains four fields: value, description, uuid and meta. The values array contains one or more JSON objects which represent all the possible values in the galaxy. The JSON object contains four fields: value, description, uuid and meta.
The value is represented as a string and **MUST** be present. The description is represented as a string and **SHOULD** be present. The meta or metadata is represented as a JSON list and **SHOULD** be present. The value is represented as a string and **MUST** be present. The description is represented as a string and **SHOULD** be present. The meta or metadata is represented as a JSON list and **SHOULD** be present.
The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the value reference. The uuid **SHOULD** can be present and **MUST** be preserved. The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the value reference. The uuid **SHOULD** can be present and **MUST** be preserved.
@ -100,7 +100,7 @@ derivated_from, refs, synonyms **SHALL** be used to give further informations. r
date, status **MAY** be used to give time information about an cluster. date is represented as a string describing a time or period and **SHALL** be present. status is represented as a string describing the current status of the clusters. It **MAY** also describe a time or period and **SHALL** be present. date, status **MAY** be used to give time information about an cluster. date is represented as a string describing a time or period and **SHALL** be present. status is represented as a string describing the current status of the clusters. It **MAY** also describe a time or period and **SHALL** be present.
colour fields MAY be used at predicates or values level to set a specify colour that MAY be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation. colour fields **MAY** be used at predicates or values level to set a specify colour that **MAY** be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation.
complexity, effectiveness, impact, possible_issues **MAY** be used to give further information in preventive-measure galaxy. complexity is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. effectiveness is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. impact is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. possible_issues is represented as a string and **SHOULD** be present. complexity, effectiveness, impact, possible_issues **MAY** be used to give further information in preventive-measure galaxy. complexity is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. effectiveness is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. impact is represented by an enumerated value from a fixed vocabulary and **SHALL** be present. possible_issues is represented as a string and **SHOULD** be present.
@ -181,7 +181,7 @@ Example use of the encryption, extensions, ransomnotes fields in the ransomware
source-uuid, target-uuid **SHALL** be used to describe relationships. source-uuid and target-uuid represent the Universally Unique IDentifier (UUID) [@!RFC4122] of the value reference. source-uuid and target-uuid **MUST** be preserved. source-uuid, target-uuid **SHALL** be used to describe relationships. source-uuid and target-uuid represent the Universally Unique IDentifier (UUID) [@!RFC4122] of the value reference. source-uuid and target-uuid **MUST** be preserved.
Example use of the source-uuid, target-uuid fields in the mitre-entreprise-attack-relationship galaxy: Example use of the source-uuid, target-uuid fields in the mitre-enterprise-attack-relationship galaxy:
~~~~ ~~~~
{ {
"meta": { "meta": {
@ -189,7 +189,7 @@ Example use of the source-uuid, target-uuid fields in the mitre-entreprise-attac
"target-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78" "target-uuid": "2f1a9fd0-3b7c-4d77-a358-78db13adbe78"
}, },
"uuid": "cfc7da70-d7c5-4508-8f50-1c3107269633", "uuid": "cfc7da70-d7c5-4508-8f50-1c3107269633",
"value": "menuPass uses EvilGrab" "value": "menuPass (G0045) uses EvilGrab (S0152)"
} }
~~~~ ~~~~

View File

@ -133,9 +133,9 @@ Internet-Draft MISP galaxy format April 2018
and MUST be present. The version is represented as a decimal and and MUST be present. The version is represented as a decimal and
MUST be present. The source is represented as a string and MUST be MUST be present. The source is represented as a string and MUST be
present. Authors are represented as an array containing one or more present. Authors are represented as an array containing one or more
author and MUST be present. authors and MUST be present.
Values are represented as an array containing one or more value and Values are represented as an array containing one or more values and
MUST be present. Values defines all values available in the galaxy. MUST be present. Values defines all values available in the galaxy.
2.2. values 2.2. values