From a965a0e25e8cf8e176c2f4ba3a3a153c57ca7c0e Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 4 Sep 2017 21:29:47 +0200 Subject: [PATCH] MISP format updated --- misp-core-format/raw.md.txt | 198 ++++++++++++++++++------------------ 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/misp-core-format/raw.md.txt b/misp-core-format/raw.md.txt index cd0dbb0..dfbf366 100644 --- a/misp-core-format/raw.md.txt +++ b/misp-core-format/raw.md.txt @@ -5,7 +5,7 @@ Network Working Group A. Dulaunoy Internet-Draft A. Iklody Intended status: Informational CIRCL -Expires: October 12, 2017 April 10, 2017 +Expires: March 8, 2018 September 4, 2017 MISP core format @@ -37,7 +37,7 @@ Status of This Memo time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 12, 2017. + This Internet-Draft will expire on March 8, 2018. Copyright Notice @@ -53,9 +53,9 @@ Copyright Notice -Dulaunoy & Iklody Expires October 12, 2017 [Page 1] +Dulaunoy & Iklody Expires March 8, 2018 [Page 1] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 include Simplified BSD License text as described in Section 4.e of @@ -109,9 +109,9 @@ Table of Contents -Dulaunoy & Iklody Expires October 12, 2017 [Page 2] +Dulaunoy & Iklody Expires March 8, 2018 [Page 2] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 of this document is to describe the specification and the MISP core @@ -165,9 +165,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 3] +Dulaunoy & Iklody Expires March 8, 2018 [Page 3] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.2.1.3. published @@ -181,9 +181,10 @@ Internet-Draft MISP core format April 2017 2.2.1.4. info - info represents the information field of the event. info a free-text - value to provide a human-readable summary of the event. info SHOULD - NOT be bigger than 256 characters and SHOULD NOT include new-lines. + info represents the information field of the event. info is a free- + text value to provide a human-readable summary of the event. info + SHOULD NOT be bigger than 256 characters and SHOULD NOT include new- + lines. info is represented as a JSON string. info MUST be present. @@ -217,15 +218,16 @@ Internet-Draft MISP core format April 2017 Initial 1: - Ongoing -Dulaunoy & Iklody Expires October 12, 2017 [Page 4] +Dulaunoy & Iklody Expires March 8, 2018 [Page 4] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 + Ongoing + 2: Complete @@ -275,11 +277,9 @@ Internet-Draft MISP core format April 2017 - - -Dulaunoy & Iklody Expires October 12, 2017 [Page 5] +Dulaunoy & Iklody Expires March 8, 2018 [Page 5] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.2.1.11. orgc_id @@ -333,9 +333,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 6] +Dulaunoy & Iklody Expires March 8, 2018 [Page 6] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 sharing_group_id is represented by a JSON string and SHOULD be @@ -389,9 +389,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 7] +Dulaunoy & Iklody Expires March 8, 2018 [Page 7] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.4. Attribute @@ -445,9 +445,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 8] +Dulaunoy & Iklody Expires March 8, 2018 [Page 8] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.4.2.3. type @@ -501,9 +501,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 9] +Dulaunoy & Iklody Expires March 8, 2018 [Page 9] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 Payload installation @@ -524,7 +524,7 @@ Internet-Draft MISP core format April 2017 ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, pattern-in- traffic, attachment, comment, text, x509-fingerprint-sha1, other, - hex + hex, cookie Payload type comment, text, other @@ -544,7 +544,7 @@ Internet-Draft MISP core format April 2017 Financial fraud btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, - comment, text, other, hex + phone-number, comment, text, other, hex Support tool attachment, link, comment, text, other, hex @@ -557,9 +557,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 10] +Dulaunoy & Iklody Expires March 8, 2018 [Page 10] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 first-name, middle-name, last-name, date-of-birth, place-of-birth, @@ -569,11 +569,11 @@ Internet-Draft MISP core format April 2017 frequent-flyer-number, travel-details, payment-details, place- port-of-original-embarkation, place-port-of-clearance, place-port- of-onward-foreign-destination, passenger-name-record-locator- - number, comment, text, other + number, comment, text, other, phone-number Other comment, text, other, size-in-bytes, counter, datetime, cpe, port, - float, hex + float, hex, phone-number Attributes are based on the usage within their different communities. Attributes can be extended on a regular basis and this reference @@ -613,9 +613,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 11] +Dulaunoy & Iklody Expires March 8, 2018 [Page 11] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.4.2.7. distribution @@ -669,9 +669,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 12] +Dulaunoy & Iklody Expires March 8, 2018 [Page 12] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 sharing_group_id is represented by a JSON string and SHOULD be @@ -725,9 +725,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 13] +Dulaunoy & Iklody Expires March 8, 2018 [Page 13] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.4.2.15. value @@ -781,9 +781,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 14] +Dulaunoy & Iklody Expires March 8, 2018 [Page 14] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.5.2.1. uuid @@ -837,9 +837,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 15] +Dulaunoy & Iklody Expires March 8, 2018 [Page 15] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 email-dst-display-name, email-src-display-name, email-header, @@ -876,7 +876,7 @@ Internet-Draft MISP core format April 2017 ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri, user-agent, http-method, AS, snort, pattern-in-file, pattern-in- traffic, attachment, comment, text, x509-fingerprint-sha1, other, - hex + hex, cookie Payload type comment, text, other @@ -893,9 +893,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 16] +Dulaunoy & Iklody Expires March 8, 2018 [Page 16] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 pattern-in-traffic, pattern-in-memory, vulnerability, attachment, @@ -904,7 +904,7 @@ Internet-Draft MISP core format April 2017 Financial fraud btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, - comment, text, other, hex + phone-number, comment, text, other, hex Support tool attachment, link, comment, text, other, hex @@ -921,11 +921,11 @@ Internet-Draft MISP core format April 2017 frequent-flyer-number, travel-details, payment-details, place- port-of-original-embarkation, place-port-of-clearance, place-port- of-onward-foreign-destination, passenger-name-record-locator- - number, comment, text, other + number, comment, text, other, phone-number Other comment, text, other, size-in-bytes, counter, datetime, cpe, port, - float, hex + float, hex, phone-number Attributes are based on the usage within their different communities. Attributes can be extended on a regular basis and this reference @@ -949,9 +949,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 17] +Dulaunoy & Iklody Expires March 8, 2018 [Page 17] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 pattern for detection in Local or Network Intrusion Detection System, @@ -1005,9 +1005,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 18] +Dulaunoy & Iklody Expires March 8, 2018 [Page 18] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.5.2.10. org_id @@ -1061,9 +1061,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 19] +Dulaunoy & Iklody Expires March 8, 2018 [Page 19] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 The name is a readable description of the organization and SHOULD be @@ -1117,9 +1117,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 20] +Dulaunoy & Iklody Expires March 8, 2018 [Page 20] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 2.7. Galaxy @@ -1173,9 +1173,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 21] +Dulaunoy & Iklody Expires March 8, 2018 [Page 21] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "Galaxy": [ { @@ -1229,9 +1229,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 22] +Dulaunoy & Iklody Expires March 8, 2018 [Page 22] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 3. JSON Schema @@ -1285,9 +1285,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 23] +Dulaunoy & Iklody Expires March 8, 2018 [Page 23] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "type": "object", @@ -1341,9 +1341,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 24] +Dulaunoy & Iklody Expires March 8, 2018 [Page 24] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "items": { @@ -1397,9 +1397,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 25] +Dulaunoy & Iklody Expires March 8, 2018 [Page 25] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "type": "string" @@ -1453,9 +1453,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 26] +Dulaunoy & Iklody Expires March 8, 2018 [Page 26] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "type": "string" @@ -1509,9 +1509,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 27] +Dulaunoy & Iklody Expires March 8, 2018 [Page 27] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "properties": { @@ -1565,9 +1565,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 28] +Dulaunoy & Iklody Expires March 8, 2018 [Page 28] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 }, @@ -1621,9 +1621,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 29] +Dulaunoy & Iklody Expires March 8, 2018 [Page 29] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 } @@ -1677,9 +1677,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 30] +Dulaunoy & Iklody Expires March 8, 2018 [Page 30] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 "description": { @@ -1733,9 +1733,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 31] +Dulaunoy & Iklody Expires March 8, 2018 [Page 31] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 } @@ -1789,9 +1789,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 32] +Dulaunoy & Iklody Expires March 8, 2018 [Page 32] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 o timestamp (MUST) @@ -1845,9 +1845,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 33] +Dulaunoy & Iklody Expires March 8, 2018 [Page 33] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 { @@ -1901,9 +1901,9 @@ Internet-Draft MISP core format April 2017 -Dulaunoy & Iklody Expires October 12, 2017 [Page 34] +Dulaunoy & Iklody Expires March 8, 2018 [Page 34] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 5. Implementation @@ -1940,32 +1940,32 @@ Internet-Draft MISP core format April 2017 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, - DOI 10.17487/RFC2119, March 1997, - . + DOI 10.17487/RFC2119, March 1997, . [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, - DOI 10.17487/RFC4122, July 2005, - . + DOI 10.17487/RFC4122, July 2005, . [RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, - DOI 10.17487/RFC4627, July 2006, - . + DOI 10.17487/RFC4627, July 2006, . -Dulaunoy & Iklody Expires October 12, 2017 [Page 35] +Dulaunoy & Iklody Expires March 8, 2018 [Page 35] -Internet-Draft MISP core format April 2017 +Internet-Draft MISP core format September 2017 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. Thayer, "OpenPGP Message Format", RFC 4880, - DOI 10.17487/RFC4880, November 2007, - . + DOI 10.17487/RFC4880, November 2007, . 9.2. Informative References @@ -1984,8 +1984,8 @@ Authors' Addresses Alexandre Dulaunoy Computer Incident Response Center Luxembourg - 41, avenue de la gare - Luxembourg L-1611 + 16, bd d'Avranches + Luxembourg L-1160 Luxembourg Phone: +352 247 88444 @@ -1994,8 +1994,8 @@ Authors' Addresses Andras Iklody Computer Incident Response Center Luxembourg - 41, avenue de la gare - Luxembourg L-1611 + 16, bd d'Avranches + Luxembourg L-1160 Luxembourg Phone: +352 247 88444 @@ -2013,4 +2013,4 @@ Authors' Addresses -Dulaunoy & Iklody Expires October 12, 2017 [Page 36] +Dulaunoy & Iklody Expires March 8, 2018 [Page 36]