mirror of https://github.com/MISP/misp-rfc
MISP format updated
parent
c037269888
commit
a965a0e25e
|
@ -5,7 +5,7 @@
|
|||
Network Working Group A. Dulaunoy
|
||||
Internet-Draft A. Iklody
|
||||
Intended status: Informational CIRCL
|
||||
Expires: October 12, 2017 April 10, 2017
|
||||
Expires: March 8, 2018 September 4, 2017
|
||||
|
||||
|
||||
MISP core format
|
||||
|
@ -37,7 +37,7 @@ Status of This Memo
|
|||
time. It is inappropriate to use Internet-Drafts as reference
|
||||
material or to cite them other than as "work in progress."
|
||||
|
||||
This Internet-Draft will expire on October 12, 2017.
|
||||
This Internet-Draft will expire on March 8, 2018.
|
||||
|
||||
Copyright Notice
|
||||
|
||||
|
@ -53,9 +53,9 @@ Copyright Notice
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 1]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 1]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
include Simplified BSD License text as described in Section 4.e of
|
||||
|
@ -109,9 +109,9 @@ Table of Contents
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 2]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 2]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
of this document is to describe the specification and the MISP core
|
||||
|
@ -165,9 +165,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 3]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 3]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.2.1.3. published
|
||||
|
@ -181,9 +181,10 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
2.2.1.4. info
|
||||
|
||||
info represents the information field of the event. info a free-text
|
||||
value to provide a human-readable summary of the event. info SHOULD
|
||||
NOT be bigger than 256 characters and SHOULD NOT include new-lines.
|
||||
info represents the information field of the event. info is a free-
|
||||
text value to provide a human-readable summary of the event. info
|
||||
SHOULD NOT be bigger than 256 characters and SHOULD NOT include new-
|
||||
lines.
|
||||
|
||||
info is represented as a JSON string. info MUST be present.
|
||||
|
||||
|
@ -217,15 +218,16 @@ Internet-Draft MISP core format April 2017
|
|||
Initial
|
||||
|
||||
1:
|
||||
Ongoing
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 4]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 4]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
Ongoing
|
||||
|
||||
2:
|
||||
Complete
|
||||
|
||||
|
@ -275,11 +277,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 5]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 5]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.2.1.11. orgc_id
|
||||
|
@ -333,9 +333,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 6]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 6]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
sharing_group_id is represented by a JSON string and SHOULD be
|
||||
|
@ -389,9 +389,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 7]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 7]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.4. Attribute
|
||||
|
@ -445,9 +445,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 8]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 8]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.4.2.3. type
|
||||
|
@ -501,9 +501,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 9]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 9]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
Payload installation
|
||||
|
@ -524,7 +524,7 @@ Internet-Draft MISP core format April 2017
|
|||
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
|
||||
user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
|
||||
traffic, attachment, comment, text, x509-fingerprint-sha1, other,
|
||||
hex
|
||||
hex, cookie
|
||||
|
||||
Payload type
|
||||
comment, text, other
|
||||
|
@ -544,7 +544,7 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
Financial fraud
|
||||
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
|
||||
comment, text, other, hex
|
||||
phone-number, comment, text, other, hex
|
||||
|
||||
Support tool
|
||||
attachment, link, comment, text, other, hex
|
||||
|
@ -557,9 +557,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 10]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 10]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
first-name, middle-name, last-name, date-of-birth, place-of-birth,
|
||||
|
@ -569,11 +569,11 @@ Internet-Draft MISP core format April 2017
|
|||
frequent-flyer-number, travel-details, payment-details, place-
|
||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||
of-onward-foreign-destination, passenger-name-record-locator-
|
||||
number, comment, text, other
|
||||
number, comment, text, other, phone-number
|
||||
|
||||
Other
|
||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||
float, hex
|
||||
float, hex, phone-number
|
||||
|
||||
Attributes are based on the usage within their different communities.
|
||||
Attributes can be extended on a regular basis and this reference
|
||||
|
@ -613,9 +613,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 11]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 11]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.4.2.7. distribution
|
||||
|
@ -669,9 +669,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 12]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 12]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
sharing_group_id is represented by a JSON string and SHOULD be
|
||||
|
@ -725,9 +725,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 13]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 13]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.4.2.15. value
|
||||
|
@ -781,9 +781,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 14]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 14]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.5.2.1. uuid
|
||||
|
@ -837,9 +837,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 15]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 15]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
email-dst-display-name, email-src-display-name, email-header,
|
||||
|
@ -876,7 +876,7 @@ Internet-Draft MISP core format April 2017
|
|||
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
|
||||
user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
|
||||
traffic, attachment, comment, text, x509-fingerprint-sha1, other,
|
||||
hex
|
||||
hex, cookie
|
||||
|
||||
Payload type
|
||||
comment, text, other
|
||||
|
@ -893,9 +893,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 16]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 16]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
pattern-in-traffic, pattern-in-memory, vulnerability, attachment,
|
||||
|
@ -904,7 +904,7 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
Financial fraud
|
||||
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
|
||||
comment, text, other, hex
|
||||
phone-number, comment, text, other, hex
|
||||
|
||||
Support tool
|
||||
attachment, link, comment, text, other, hex
|
||||
|
@ -921,11 +921,11 @@ Internet-Draft MISP core format April 2017
|
|||
frequent-flyer-number, travel-details, payment-details, place-
|
||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||
of-onward-foreign-destination, passenger-name-record-locator-
|
||||
number, comment, text, other
|
||||
number, comment, text, other, phone-number
|
||||
|
||||
Other
|
||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||
float, hex
|
||||
float, hex, phone-number
|
||||
|
||||
Attributes are based on the usage within their different communities.
|
||||
Attributes can be extended on a regular basis and this reference
|
||||
|
@ -949,9 +949,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 17]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 17]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
pattern for detection in Local or Network Intrusion Detection System,
|
||||
|
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 18]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 18]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.5.2.10. org_id
|
||||
|
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 19]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 19]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
The name is a readable description of the organization and SHOULD be
|
||||
|
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 20]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 20]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
2.7. Galaxy
|
||||
|
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 21]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 21]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"Galaxy": [ {
|
||||
|
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 22]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 22]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
3. JSON Schema
|
||||
|
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 23]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 23]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"type": "object",
|
||||
|
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 24]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 24]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"items": {
|
||||
|
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 25]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 25]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"type": "string"
|
||||
|
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 26]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 26]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"type": "string"
|
||||
|
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 27]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 27]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"properties": {
|
||||
|
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 28]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 28]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
},
|
||||
|
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 29]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 29]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
}
|
||||
|
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 30]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 30]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
"description": {
|
||||
|
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 31]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 31]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
}
|
||||
|
@ -1789,9 +1789,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 32]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 32]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
o timestamp (MUST)
|
||||
|
@ -1845,9 +1845,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 33]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 33]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
{
|
||||
|
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 34]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 34]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
5. Implementation
|
||||
|
@ -1940,32 +1940,32 @@ Internet-Draft MISP core format April 2017
|
|||
|
||||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
||||
Requirement Levels", BCP 14, RFC 2119,
|
||||
DOI 10.17487/RFC2119, March 1997,
|
||||
<http://www.rfc-editor.org/info/rfc2119>.
|
||||
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
|
||||
editor.org/info/rfc2119>.
|
||||
|
||||
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
|
||||
Unique IDentifier (UUID) URN Namespace", RFC 4122,
|
||||
DOI 10.17487/RFC4122, July 2005,
|
||||
<http://www.rfc-editor.org/info/rfc4122>.
|
||||
DOI 10.17487/RFC4122, July 2005, <https://www.rfc-
|
||||
editor.org/info/rfc4122>.
|
||||
|
||||
[RFC4627] Crockford, D., "The application/json Media Type for
|
||||
JavaScript Object Notation (JSON)", RFC 4627,
|
||||
DOI 10.17487/RFC4627, July 2006,
|
||||
<http://www.rfc-editor.org/info/rfc4627>.
|
||||
DOI 10.17487/RFC4627, July 2006, <https://www.rfc-
|
||||
editor.org/info/rfc4627>.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 35]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 35]
|
||||
|
||||
Internet-Draft MISP core format April 2017
|
||||
Internet-Draft MISP core format September 2017
|
||||
|
||||
|
||||
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
|
||||
Thayer, "OpenPGP Message Format", RFC 4880,
|
||||
DOI 10.17487/RFC4880, November 2007,
|
||||
<http://www.rfc-editor.org/info/rfc4880>.
|
||||
DOI 10.17487/RFC4880, November 2007, <https://www.rfc-
|
||||
editor.org/info/rfc4880>.
|
||||
|
||||
9.2. Informative References
|
||||
|
||||
|
@ -1984,8 +1984,8 @@ Authors' Addresses
|
|||
|
||||
Alexandre Dulaunoy
|
||||
Computer Incident Response Center Luxembourg
|
||||
41, avenue de la gare
|
||||
Luxembourg L-1611
|
||||
16, bd d'Avranches
|
||||
Luxembourg L-1160
|
||||
Luxembourg
|
||||
|
||||
Phone: +352 247 88444
|
||||
|
@ -1994,8 +1994,8 @@ Authors' Addresses
|
|||
|
||||
Andras Iklody
|
||||
Computer Incident Response Center Luxembourg
|
||||
41, avenue de la gare
|
||||
Luxembourg L-1611
|
||||
16, bd d'Avranches
|
||||
Luxembourg L-1160
|
||||
Luxembourg
|
||||
|
||||
Phone: +352 247 88444
|
||||
|
@ -2013,4 +2013,4 @@ Authors' Addresses
|
|||
|
||||
|
||||
|
||||
Dulaunoy & Iklody Expires October 12, 2017 [Page 36]
|
||||
Dulaunoy & Iklody Expires March 8, 2018 [Page 36]
|
||||
|
|
Loading…
Reference in New Issue