mirror of https://github.com/MISP/misp-rfc
Export added
parent
71a1974818
commit
5789bf2990
|
@ -70,8 +70,11 @@ Table of Contents
|
|||
2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2
|
||||
2.2. Event . . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||
2.2.1. Event Attributes . . . . . . . . . . . . . . . . . . 3
|
||||
3. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||
3.1. Normative References . . . . . . . . . . . . . . . . . . 5
|
||||
2.3. Objects . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||
2.3.1. Org . . . . . . . . . . . . . . . . . . . . . . . . . 5
|
||||
2.3.2. Orgc . . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||
3. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||
3.1. Normative References . . . . . . . . . . . . . . . . . . 6
|
||||
3.2. Informative References . . . . . . . . . . . . . . . . . 6
|
||||
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6
|
||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
|
||||
|
@ -102,9 +105,6 @@ Table of Contents
|
|||
|
||||
A capitalized key (like Event, Org) represent a data model and a non-
|
||||
capitalized key is just an attribute. This nomenclature can support
|
||||
an implementation to represent the MISP format in another data
|
||||
structure.
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -114,6 +114,9 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 2]
|
|||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
an implementation to represent the MISP format in another data
|
||||
structure.
|
||||
|
||||
2.2. Event
|
||||
|
||||
An event is a simple meta structure scheme where attributes and meta-
|
||||
|
@ -157,11 +160,8 @@ Internet-Draft MISP core format October 2016
|
|||
|
||||
info is represented as a JSON string. info MUST be present.
|
||||
|
||||
2.2.1.5. threat_level_id
|
||||
|
||||
threat_level_id represents the threat level.
|
||||
|
||||
0:
|
||||
|
||||
|
||||
|
||||
|
@ -170,6 +170,11 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 3]
|
|||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
2.2.1.5. threat_level_id
|
||||
|
||||
threat_level_id represents the threat level.
|
||||
|
||||
0:
|
||||
Undefined
|
||||
|
||||
1:
|
||||
|
@ -197,10 +202,10 @@ Internet-Draft MISP core format October 2016
|
|||
|
||||
2.2.1.7. timestamp
|
||||
|
||||
timestamp represents a reference time when the event, or one of the
|
||||
attributes within the event was created, or last updated/edited
|
||||
on the instance. timestamp is expressed in seconds (decimal) since
|
||||
1st of January 1970 (Unix timestamp). The time zone MUST be UTC.
|
||||
timestamp represents a reference time when the event, or one of the
|
||||
attributes within the event was created, or last updated/edited on
|
||||
the instance. timestamp is expressed in seconds (decimal) since 1st
|
||||
of January 1970 (Unix timestamp). The time zone MUST be UTC.
|
||||
|
||||
timestamp is represented as a JSON string. timestamp MUST be present.
|
||||
|
||||
|
@ -212,11 +217,6 @@ Internet-Draft MISP core format October 2016
|
|||
each publication of an event, publish_timestamp MUST be updated. The
|
||||
time zone MUST be UTC.
|
||||
|
||||
publish_timestamp is represented as a JSON string. publish_timestamp
|
||||
MUST be present.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -226,21 +226,26 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 4]
|
|||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
publish_timestamp is represented as a JSON string. publish_timestamp
|
||||
MUST be present.
|
||||
|
||||
2.2.1.9. org_id
|
||||
|
||||
org_id represents the Universally Unique IDentifier (UUID) [RFC4122]
|
||||
of the organization which generated the event. The org_id MUST be
|
||||
updated when the event is generated by a new instance.
|
||||
org_id represents a human-readable identifier referencing an Org
|
||||
object of the organization which generated the event.
|
||||
|
||||
The org_id MUST be updated when the event is generated by a new
|
||||
instance.
|
||||
|
||||
org_id is represented as a JSON string. org_id MUST be present.
|
||||
|
||||
2.2.1.10. orgc_id
|
||||
|
||||
orgc_id represents the Universally Unique IDentifier (UUID) [RFC4122]
|
||||
of the organization which created the event. The orgc_id MUST be
|
||||
preserved for any updates or transfer of the same event. UUID
|
||||
version 4 is RECOMMENDED when assigning it to a new event. orgc_id
|
||||
is globally assigned to an organization and SHALL be kept overtime.
|
||||
orgc_id represents a human-readable identifier referencing an Orgc
|
||||
object of the organization which created the event.
|
||||
|
||||
The orgc_id and Orc object MUST be preserved for any updates or
|
||||
transfer of the same event.
|
||||
|
||||
orgc_id is represented as a JSON string. orgc_id MUST be present.
|
||||
|
||||
|
@ -252,6 +257,45 @@ Internet-Draft MISP core format October 2016
|
|||
attribute_count is represented as a JSON string. attribute_count
|
||||
SHALL be present.
|
||||
|
||||
2.3. Objects
|
||||
|
||||
2.3.1. Org
|
||||
|
||||
An Org object is composed of an uuid, name and id.
|
||||
|
||||
The uuid represents the Universally Unique IDentifier (UUID)
|
||||
[RFC4122] of the organization. The uuid is globally assigned to an
|
||||
organization and SHALL be kept overtime.
|
||||
|
||||
uuid is represented as a JSON string. uuid MUST be present.
|
||||
|
||||
The name is a readable description of the organization and SHOULD be
|
||||
present.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
|
||||
|
||||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
2.3.2. Orgc
|
||||
|
||||
An Orgc object is composed of an uuid, name and id.
|
||||
|
||||
The uuid MUST be preserved for any updates or transfer of the same
|
||||
event. UUID version 4 is RECOMMENDED when assigning it to a new
|
||||
event. orgc_id is globally assigned to an organization and SHALL be
|
||||
kept overtime.
|
||||
|
||||
The name is a readable description of the organization and SHOULD be
|
||||
present.
|
||||
|
||||
orgc_id is represented as a JSON string. orgc_id SHOULD be present.
|
||||
|
||||
3. References
|
||||
|
||||
3.1. Normative References
|
||||
|
@ -271,17 +315,6 @@ Internet-Draft MISP core format October 2016
|
|||
DOI 10.17487/RFC4627, July 2006,
|
||||
<http://www.rfc-editor.org/info/rfc4627>.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
|
||||
|
||||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
3.2. Informative References
|
||||
|
||||
[MISP-P] MISP, , "MISP Project - Malware Information Sharing
|
||||
|
@ -294,6 +327,17 @@ Appendix A. Acknowledgements
|
|||
|
||||
Authors' Addresses
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires April 4, 2017 [Page 6]
|
||||
|
||||
Internet-Draft MISP core format October 2016
|
||||
|
||||
|
||||
Alexandre Dulaunoy
|
||||
Computer Incident Response Center Luxembourg
|
||||
41, avenue de la gare
|
||||
|
@ -333,4 +377,16 @@ Authors' Addresses
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires April 4, 2017 [Page 6]
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires April 4, 2017 [Page 7]
|
||||
|
|
Loading…
Reference in New Issue