From 5789bf299034b94312b5a2cb557de20fd109a450 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 5 Oct 2016 09:01:33 +0200
Subject: [PATCH] Export added

---
 misp-core-format/raw.md.txt | 130 ++++++++++++++++++++++++++----------
 1 file changed, 93 insertions(+), 37 deletions(-)

diff --git a/misp-core-format/raw.md.txt b/misp-core-format/raw.md.txt
index 35153d0..a8111c0 100644
--- a/misp-core-format/raw.md.txt
+++ b/misp-core-format/raw.md.txt
@@ -70,8 +70,11 @@ Table of Contents
      2.1.  Overview  . . . . . . . . . . . . . . . . . . . . . . . .   2
      2.2.  Event . . . . . . . . . . . . . . . . . . . . . . . . . .   3
        2.2.1.  Event Attributes  . . . . . . . . . . . . . . . . . .   3
-   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
-     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
+     2.3.  Objects . . . . . . . . . . . . . . . . . . . . . . . . .   5
+       2.3.1.  Org . . . . . . . . . . . . . . . . . . . . . . . . .   5
+       2.3.2.  Orgc  . . . . . . . . . . . . . . . . . . . . . . . .   6
+   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
+     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
      3.2.  Informative References  . . . . . . . . . . . . . . . . .   6
    Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   6
    Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6
@@ -102,9 +105,6 @@ Table of Contents
 
    A capitalized key (like Event, Org) represent a data model and a non-
    capitalized key is just an attribute.  This nomenclature can support
-   an implementation to represent the MISP format in another data
-   structure.
-
 
 
 
@@ -114,6 +114,9 @@ Dulaunoy & Iklody         Expires April 4, 2017                 [Page 2]
 Internet-Draft              MISP core format                October 2016
 
 
+   an implementation to represent the MISP format in another data
+   structure.
+
 2.2.  Event
 
    An event is a simple meta structure scheme where attributes and meta-
@@ -157,11 +160,8 @@ Internet-Draft              MISP core format                October 2016
 
    info is represented as a JSON string. info MUST be present.
 
-2.2.1.5.  threat_level_id
 
-   threat_level_id represents the threat level.
 
-   0:
 
 
 
@@ -170,6 +170,11 @@ Dulaunoy & Iklody         Expires April 4, 2017                 [Page 3]
 Internet-Draft              MISP core format                October 2016
 
 
+2.2.1.5.  threat_level_id
+
+   threat_level_id represents the threat level.
+
+   0:
       Undefined
 
    1:
@@ -197,10 +202,10 @@ Internet-Draft              MISP core format                October 2016
 
 2.2.1.7.  timestamp
 
-   timestamp represents a reference time when the event, or one of the 
-   attributes within the event was created, or last updated/edited 
-   on the instance. timestamp is expressed in seconds (decimal) since 
-   1st of January 1970 (Unix timestamp). The time zone MUST be UTC.
+   timestamp represents a reference time when the event, or one of the
+   attributes within the event was created, or last updated/edited on
+   the instance. timestamp is expressed in seconds (decimal) since 1st
+   of January 1970 (Unix timestamp).  The time zone MUST be UTC.
 
    timestamp is represented as a JSON string. timestamp MUST be present.
 
@@ -212,11 +217,6 @@ Internet-Draft              MISP core format                October 2016
    each publication of an event, publish_timestamp MUST be updated.  The
    time zone MUST be UTC.
 
-   publish_timestamp is represented as a JSON string. publish_timestamp
-   MUST be present.
-
-
-
 
 
 
@@ -226,21 +226,26 @@ Dulaunoy & Iklody         Expires April 4, 2017                 [Page 4]
 Internet-Draft              MISP core format                October 2016
 
 
+   publish_timestamp is represented as a JSON string. publish_timestamp
+   MUST be present.
+
 2.2.1.9.  org_id
 
-   org_id represents the Universally Unique IDentifier (UUID) [RFC4122]
-   of the organization which generated the event.  The org_id MUST be
-   updated when the event is generated by a new instance.
+   org_id represents a human-readable identifier referencing an Org
+   object of the organization which generated the event.
+
+   The org_id MUST be updated when the event is generated by a new
+   instance.
 
    org_id is represented as a JSON string. org_id MUST be present.
 
 2.2.1.10.  orgc_id
 
-   orgc_id represents the Universally Unique IDentifier (UUID) [RFC4122]
-   of the organization which created the event.  The orgc_id MUST be
-   preserved for any updates or transfer of the same event.  UUID
-   version 4 is RECOMMENDED when assigning it to a new event.  orgc_id
-   is globally assigned to an organization and SHALL be kept overtime.
+   orgc_id represents a human-readable identifier referencing an Orgc
+   object of the organization which created the event.
+
+   The orgc_id and Orc object MUST be preserved for any updates or
+   transfer of the same event.
 
    orgc_id is represented as a JSON string. orgc_id MUST be present.
 
@@ -252,6 +257,45 @@ Internet-Draft              MISP core format                October 2016
    attribute_count is represented as a JSON string. attribute_count
    SHALL be present.
 
+2.3.  Objects
+
+2.3.1.  Org
+
+   An Org object is composed of an uuid, name and id.
+
+   The uuid represents the Universally Unique IDentifier (UUID)
+   [RFC4122] of the organization.  The uuid is globally assigned to an
+   organization and SHALL be kept overtime.
+
+   uuid is represented as a JSON string. uuid MUST be present.
+
+   The name is a readable description of the organization and SHOULD be
+   present.
+
+
+
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 5]
+
+Internet-Draft              MISP core format                October 2016
+
+
+2.3.2.  Orgc
+
+   An Orgc object is composed of an uuid, name and id.
+
+   The uuid MUST be preserved for any updates or transfer of the same
+   event.  UUID version 4 is RECOMMENDED when assigning it to a new
+   event.  orgc_id is globally assigned to an organization and SHALL be
+   kept overtime.
+
+   The name is a readable description of the organization and SHOULD be
+   present.
+
+   orgc_id is represented as a JSON string. orgc_id SHOULD be present.
+
 3.  References
 
 3.1.  Normative References
@@ -271,17 +315,6 @@ Internet-Draft              MISP core format                October 2016
               DOI 10.17487/RFC4627, July 2006,
               <http://www.rfc-editor.org/info/rfc4627>.
 
-
-
-
-
-
-
-Dulaunoy & Iklody         Expires April 4, 2017                 [Page 5]
-
-Internet-Draft              MISP core format                October 2016
-
-
 3.2.  Informative References
 
    [MISP-P]   MISP, , "MISP Project - Malware Information Sharing
@@ -294,6 +327,17 @@ Appendix A.  Acknowledgements
 
 Authors' Addresses
 
+
+
+
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 6]
+
+Internet-Draft              MISP core format                October 2016
+
+
    Alexandre Dulaunoy
    Computer Incident Response Center Luxembourg
    41, avenue de la gare
@@ -333,4 +377,16 @@ Authors' Addresses
 
 
 
-Dulaunoy & Iklody         Expires April 4, 2017                 [Page 6]
+
+
+
+
+
+
+
+
+
+
+
+
+Dulaunoy & Iklody         Expires April 4, 2017                 [Page 7]