MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

MISP format updated

pull/6/head
Alexandre Dulaunoy 2017-09-04 21:29:47 +02:00
parent c037269888
commit a965a0e25e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 99 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
misp-core-format/raw.md.txt
View File

@ -5,7 +5,7 @@
Network Working Group A. Dulaunoy
Internet-Draft A. Iklody
Intended status: Informational CIRCL
Expires: October 12, 2017 April 10, 2017
Expires: March 8, 2018 September 4, 2017
MISP core format
@ -37,7 +37,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 12, 2017.
This Internet-Draft will expire on March 8, 2018.
Copyright Notice
@ -53,9 +53,9 @@ Copyright Notice
Dulaunoy & Iklody Expires October 12, 2017 [Page 1]
Dulaunoy & Iklody Expires March 8, 2018 [Page 1]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
include Simplified BSD License text as described in Section 4.e of
@ -109,9 +109,9 @@ Table of Contents
Dulaunoy & Iklody Expires October 12, 2017 [Page 2]
Dulaunoy & Iklody Expires March 8, 2018 [Page 2]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
of this document is to describe the specification and the MISP core
@ -165,9 +165,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 3]
Dulaunoy & Iklody Expires March 8, 2018 [Page 3]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.2.1.3. published
@ -181,9 +181,10 @@ Internet-Draft MISP core format April 2017
2.2.1.4. info
info represents the information field of the event. info a free-text
value to provide a human-readable summary of the event. info SHOULD
NOT be bigger than 256 characters and SHOULD NOT include new-lines.
info represents the information field of the event. info is a free-
text value to provide a human-readable summary of the event. info
SHOULD NOT be bigger than 256 characters and SHOULD NOT include new-
lines.
info is represented as a JSON string. info MUST be present.
@ -217,15 +218,16 @@ Internet-Draft MISP core format April 2017
Initial
1:
Ongoing
Dulaunoy & Iklody Expires October 12, 2017 [Page 4]
Dulaunoy & Iklody Expires March 8, 2018 [Page 4]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
Ongoing
2:
Complete
@ -275,11 +277,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 5]
Dulaunoy & Iklody Expires March 8, 2018 [Page 5]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.2.1.11. orgc_id
@ -333,9 +333,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 6]
Dulaunoy & Iklody Expires March 8, 2018 [Page 6]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
sharing_group_id is represented by a JSON string and SHOULD be
@ -389,9 +389,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 7]
Dulaunoy & Iklody Expires March 8, 2018 [Page 7]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.4. Attribute
@ -445,9 +445,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 8]
Dulaunoy & Iklody Expires March 8, 2018 [Page 8]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.4.2.3. type
@ -501,9 +501,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 9]
Dulaunoy & Iklody Expires March 8, 2018 [Page 9]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
Payload installation
@ -524,7 +524,7 @@ Internet-Draft MISP core format April 2017
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
traffic, attachment, comment, text, x509-fingerprint-sha1, other,
hex
hex, cookie
Payload type
comment, text, other
@ -544,7 +544,7 @@ Internet-Draft MISP core format April 2017
Financial fraud
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
comment, text, other, hex
phone-number, comment, text, other, hex
Support tool
attachment, link, comment, text, other, hex
@ -557,9 +557,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 10]
Dulaunoy & Iklody Expires March 8, 2018 [Page 10]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
first-name, middle-name, last-name, date-of-birth, place-of-birth,
@ -569,11 +569,11 @@ Internet-Draft MISP core format April 2017
frequent-flyer-number, travel-details, payment-details, place-
port-of-original-embarkation, place-port-of-clearance, place-port-
of-onward-foreign-destination, passenger-name-record-locator-
number, comment, text, other
number, comment, text, other, phone-number
Other
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
float, hex
float, hex, phone-number
Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference
@ -613,9 +613,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 11]
Dulaunoy & Iklody Expires March 8, 2018 [Page 11]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.4.2.7. distribution
@ -669,9 +669,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 12]
Dulaunoy & Iklody Expires March 8, 2018 [Page 12]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
sharing_group_id is represented by a JSON string and SHOULD be
@ -725,9 +725,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 13]
Dulaunoy & Iklody Expires March 8, 2018 [Page 13]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.4.2.15. value
@ -781,9 +781,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 14]
Dulaunoy & Iklody Expires March 8, 2018 [Page 14]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.5.2.1. uuid
@ -837,9 +837,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 15]
Dulaunoy & Iklody Expires March 8, 2018 [Page 15]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
email-dst-display-name, email-src-display-name, email-header,
@ -876,7 +876,7 @@ Internet-Draft MISP core format April 2017
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
traffic, attachment, comment, text, x509-fingerprint-sha1, other,
hex
hex, cookie
Payload type
comment, text, other
@ -893,9 +893,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 16]
Dulaunoy & Iklody Expires March 8, 2018 [Page 16]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
pattern-in-traffic, pattern-in-memory, vulnerability, attachment,
@ -904,7 +904,7 @@ Internet-Draft MISP core format April 2017
Financial fraud
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
comment, text, other, hex
phone-number, comment, text, other, hex
Support tool
attachment, link, comment, text, other, hex
@ -921,11 +921,11 @@ Internet-Draft MISP core format April 2017
frequent-flyer-number, travel-details, payment-details, place-
port-of-original-embarkation, place-port-of-clearance, place-port-
of-onward-foreign-destination, passenger-name-record-locator-
number, comment, text, other
number, comment, text, other, phone-number
Other
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
float, hex
float, hex, phone-number
Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference
@ -949,9 +949,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 17]
Dulaunoy & Iklody Expires March 8, 2018 [Page 17]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
pattern for detection in Local or Network Intrusion Detection System,
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 18]
Dulaunoy & Iklody Expires March 8, 2018 [Page 18]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.5.2.10. org_id
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 19]
Dulaunoy & Iklody Expires March 8, 2018 [Page 19]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
The name is a readable description of the organization and SHOULD be
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 20]
Dulaunoy & Iklody Expires March 8, 2018 [Page 20]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
2.7. Galaxy
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 21]
Dulaunoy & Iklody Expires March 8, 2018 [Page 21]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"Galaxy": [ {
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 22]
Dulaunoy & Iklody Expires March 8, 2018 [Page 22]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
3. JSON Schema
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 23]
Dulaunoy & Iklody Expires March 8, 2018 [Page 23]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"type": "object",
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 24]
Dulaunoy & Iklody Expires March 8, 2018 [Page 24]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"items": {
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 25]
Dulaunoy & Iklody Expires March 8, 2018 [Page 25]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"type": "string"
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 26]
Dulaunoy & Iklody Expires March 8, 2018 [Page 26]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"type": "string"
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 27]
Dulaunoy & Iklody Expires March 8, 2018 [Page 27]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"properties": {
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 28]
Dulaunoy & Iklody Expires March 8, 2018 [Page 28]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
},
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 29]
Dulaunoy & Iklody Expires March 8, 2018 [Page 29]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
}
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 30]
Dulaunoy & Iklody Expires March 8, 2018 [Page 30]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
"description": {
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 31]
Dulaunoy & Iklody Expires March 8, 2018 [Page 31]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
}
@ -1789,9 +1789,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 32]
Dulaunoy & Iklody Expires March 8, 2018 [Page 32]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
o timestamp (MUST)
@ -1845,9 +1845,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 33]
Dulaunoy & Iklody Expires March 8, 2018 [Page 33]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
{
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 34]
Dulaunoy & Iklody Expires March 8, 2018 [Page 34]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
5. Implementation
@ -1940,32 +1940,32 @@ Internet-Draft MISP core format April 2017
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005,
<http://www.rfc-editor.org/info/rfc4122>.
DOI 10.17487/RFC4122, July 2005, <https://www.rfc-
editor.org/info/rfc4122>.
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<http://www.rfc-editor.org/info/rfc4627>.
DOI 10.17487/RFC4627, July 2006, <https://www.rfc-
editor.org/info/rfc4627>.
Dulaunoy & Iklody Expires October 12, 2017 [Page 35]
Dulaunoy & Iklody Expires March 8, 2018 [Page 35]
Internet-Draft MISP core format April 2017
Internet-Draft MISP core format September 2017
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880,
DOI 10.17487/RFC4880, November 2007,
<http://www.rfc-editor.org/info/rfc4880>.
DOI 10.17487/RFC4880, November 2007, <https://www.rfc-
editor.org/info/rfc4880>.
9.2. Informative References
@ -1984,8 +1984,8 @@ Authors' Addresses
Alexandre Dulaunoy
Computer Incident Response Center Luxembourg
41, avenue de la gare
Luxembourg L-1611
16, bd d'Avranches
Luxembourg L-1160
Luxembourg
Phone: +352 247 88444
@ -1994,8 +1994,8 @@ Authors' Addresses
Andras Iklody
Computer Incident Response Center Luxembourg
41, avenue de la gare
Luxembourg L-1611
16, bd d'Avranches
Luxembourg L-1160
Luxembourg
Phone: +352 247 88444
@ -2013,4 +2013,4 @@ Authors' Addresses
Dulaunoy & Iklody Expires October 12, 2017 [Page 36]
Dulaunoy & Iklody Expires March 8, 2018 [Page 36]