MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' of github.com:MISP/misp-rfc into main

main
Alexandre Dulaunoy 2022-02-14 16:33:55 +01:00
parent 7dbfe7a979 4ff1534786
commit 590c412284
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
misp-core-format/raw.md
View File

@ -223,9 +223,9 @@ extends\_uuid represents which event is extended by this event. The extends\_uui
extends\_uuid is represented as a JSON string. extends\_uuid **SHOULD** be present.
## Objects
### Event Objects
### Org
#### Org
An Org object is composed of an uuid, name and id.
@ -238,7 +238,7 @@ A human-readable identifier **MUST** be represented as an unsigned integer.
uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
#### Sample Org Object
##### Sample Org Object
~~~~
"Org": {
@ -248,7 +248,7 @@ uuid, name and id are represented as a JSON string. uuid, name and id **MUST** b
}
~~~~
### Orgc
#### Orgc
An Orgc object is composed of an uuid, name and id.
@ -655,7 +655,15 @@ last_seen represents a reference time when the attribute was last seen. last_see
last_seen is represented as a JSON string. last_seen **MAY** be present.
### Org
#### value
value represents the payload of an attribute. The format of the value is dependent on the type of the attribute.
value is represented by a JSON string. value **MUST** be present.
### ShadowAttribute Objects
#### Org
An Org object is composed of an uuid, name and id.
@ -668,7 +676,7 @@ A human-readable identifier **MUST** be represented as an unsigned integer.
uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
#### Sample Org Object
##### Sample Org Object
~~~~
"Org": {
@ -678,12 +686,6 @@ uuid, name and id are represented as a JSON string. uuid, name and id **MUST** b
}
~~~~
#### value
value represents the payload of an attribute. The format of the value is dependent on the type of the attribute.
value is represented by a JSON string. value **MUST** be present.
## Object
Objects serve as a contextual bond between a list of attributes within an event. Their main purpose is to describe more complex structures than can be described by a single attribute
@ -1076,7 +1078,7 @@ date_sighting **MUST** be present. date_sighting is expressed in seconds (decima
source **MAY** be present. source is represented as a JSON string and represents the human-readable version of the sighting source, which can be a given piece of software (e.g. SIEM), device or a specific analytical process.
id, event_id and attribute_id **MAY** be present.
id, event_id and attribute_id are represented as a JSON string and **MAY** be present.
id represents the human-readable identifier of the sighting reference which belongs to a specific MISP instance.
event_id represents the human-readable identifier of the event referenced by the sighting and belongs to a specific MISP instance.
@ -1086,7 +1088,7 @@ org_id **MAY** be present along the JSON object describing the organisation. If
org_id represents the human-readable identifier of the organisation which did the sighting and belongs to a specific MISP instance.
A human-readable identifier **MUST** be represented as an unsigned integer.
A human-readable identifier **MUST** be considered as an unsigned integer.
### Sample Sighting