MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: export of I-D ascii done

pull/8/head
Alexandre Dulaunoy 2018-02-23 09:33:11 +01:00
parent c61765f954
commit 916b3ea420
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 78 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
misp-galaxy-format/raw.md.txt Normal file → Executable file
View File

@ -18,7 +18,10 @@ Abstract
simple JSON format to represent galaxies and clusters that can be simple JSON format to represent galaxies and clusters that can be
attached to MISP events or attributes. A public directory of MISP attached to MISP events or attributes. A public directory of MISP
galaxies is available and relies on the MISP galaxy format. MISP galaxies is available and relies on the MISP galaxy format. MISP
galaxies are used to add further informations on a MISP event. galaxies are used to add further informations on a MISP event. MISP
galaxy is a public repository [MISP-G] of known malware, threats
actors and various other collections of data that can be used to
mark, classify or label data in threat information sharing.
Status of This Memo Status of This Memo
@ -47,9 +50,6 @@ Copyright Notice
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
@ -58,6 +58,8 @@ Dulaunoy, et al. Expires March 25, 2018 [Page 1]
Internet-Draft MISP galaxy format September 2017 Internet-Draft MISP galaxy format September 2017
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
@ -104,8 +106,6 @@ Table of Contents
A cluster is composed of a value (MUST), a description (OPTIONAL) and A cluster is composed of a value (MUST), a description (OPTIONAL) and
metadata (OPTIONAL). metadata (OPTIONAL).
Clusters are represented as a JSON [RFC4627] dictionary.
@ -114,6 +114,8 @@ Dulaunoy, et al. Expires March 25, 2018 [Page 2]
Internet-Draft MISP galaxy format September 2017 Internet-Draft MISP galaxy format September 2017
Clusters are represented as a JSON [RFC4627] dictionary.
2.1. Overview 2.1. Overview
The MISP galaxy format uses the JSON [RFC4627] format. Each galaxy The MISP galaxy format uses the JSON [RFC4627] format. Each galaxy
@ -139,11 +141,13 @@ Internet-Draft MISP galaxy format September 2017
2.2. values 2.2. values
The values array contains one or more JSON objects which represents The values array contains one or more JSON objects which represents
all the possible values in the galaxy. The JSON object contains all the possible values in the galaxy. The JSON object contains four
three fields: value description and meta. The value is represented fields: value, description, uuid and meta. The value is represented
as a string and MUST be present. The description is represented as a as a string and MUST be present. The description is represented as a
string and SHOULD be present. The meta or metadata is represented as string and SHOULD be present. The meta or metadata is represented as
a JSON list and SHOULD be present. a JSON list and SHOULD be present. The uuid represents the
Universally Unique IDentifier (UUID) [RFC4122] of the value
reference. The uuid SHOULD can be present and MUST be preserved.
2.3. meta 2.3. meta
@ -157,11 +161,7 @@ Internet-Draft MISP galaxy format September 2017
Properties are represented as an array containing one or more strings Properties are represented as an array containing one or more strings
ans MAY be present. ans MAY be present.
complexity, effectiveness, impact, possible_issues MAY be used to
give further information in preventive-measure galaxy. complexity is
represented by an enumerated value from a fixed vocabulary and SHALL
be present. effectiveness is represented by an enumerated value from
a fixed vocabulary and SHALL be present. impact is represented by an
@ -170,6 +170,11 @@ Dulaunoy, et al. Expires March 25, 2018 [Page 3]
Internet-Draft MISP galaxy format September 2017 Internet-Draft MISP galaxy format September 2017
complexity, effectiveness, impact, possible_issues MAY be used to
give further information in preventive-measure galaxy. complexity is
represented by an enumerated value from a fixed vocabulary and SHALL
be present. effectiveness is represented by an enumerated value from
a fixed vocabulary and SHALL be present. impact is represented by an
enumerated value from a fixed vocabulary and SHALL be present. enumerated value from a fixed vocabulary and SHALL be present.
possible_issues is represented as a string and SHOULD be present. possible_issues is represented as a string and SHOULD be present.
@ -190,7 +195,7 @@ Internet-Draft MISP galaxy format September 2017
present. present.
date, status MAY be used to give time information about an cluster. date, status MAY be used to give time information about an cluster.
date is represented as a string decribing a time or period and SHALL date is represented as a string describing a time or period and SHALL
be present. status is represented as a string describing the current be present. status is represented as a string describing the current
status of the clusters. It MAY also describe a time or period and status of the clusters. It MAY also describe a time or period and
SHALL be present. SHALL be present.
@ -210,11 +215,6 @@ Internet-Draft MISP galaxy format September 2017
4.1. Normative References 4.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
@ -226,6 +226,11 @@ Dulaunoy, et al. Expires March 25, 2018 [Page 4]
Internet-Draft MISP galaxy format September 2017 Internet-Draft MISP galaxy format September 2017
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, <https://www.rfc- DOI 10.17487/RFC4122, July 2005, <https://www.rfc-
@ -266,7 +271,18 @@ Authors' Addresses
Email: andras.iklody@circl.lu Email: andras.iklody@circl.lu
Deborah
Dulaunoy, et al. Expires March 25, 2018 [Page 5]
Internet-Draft MISP galaxy format September 2017
Deborah Servili
Computer Incident Response Center Luxembourg Computer Incident Response Center Luxembourg
16, bd d'Avranches 16, bd d'Avranches
Luxembourg L-1611 Luxembourg L-1611
@ -277,4 +293,44 @@ Authors' Addresses
Dulaunoy, et al. Expires March 25, 2018 [Page 5]
Dulaunoy, et al. Expires March 25, 2018 [Page 6]