MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

MISP format updated

pull/6/head
Alexandre Dulaunoy 2017-09-04 21:29:47 +02:00
parent c037269888
commit a965a0e25e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 99 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
misp-core-format/raw.md.txt
View File

@ -5,7 +5,7 @@
Network Working Group A. Dulaunoy Network Working Group A. Dulaunoy
Internet-Draft A. Iklody Internet-Draft A. Iklody
Intended status: Informational CIRCL Intended status: Informational CIRCL
Expires: October 12, 2017 April 10, 2017 Expires: March 8, 2018 September 4, 2017
MISP core format MISP core format
@ -37,7 +37,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 12, 2017. This Internet-Draft will expire on March 8, 2018.
Copyright Notice Copyright Notice
@ -53,9 +53,9 @@ Copyright Notice
Dulaunoy & Iklody Expires October 12, 2017 [Page 1] Dulaunoy & Iklody Expires March 8, 2018 [Page 1]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
@ -109,9 +109,9 @@ Table of Contents
Dulaunoy & Iklody Expires October 12, 2017 [Page 2] Dulaunoy & Iklody Expires March 8, 2018 [Page 2]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
of this document is to describe the specification and the MISP core of this document is to describe the specification and the MISP core
@ -165,9 +165,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 3] Dulaunoy & Iklody Expires March 8, 2018 [Page 3]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.2.1.3. published 2.2.1.3. published
@ -181,9 +181,10 @@ Internet-Draft MISP core format April 2017
2.2.1.4. info 2.2.1.4. info
info represents the information field of the event. info a free-text info represents the information field of the event. info is a free-
value to provide a human-readable summary of the event. info SHOULD text value to provide a human-readable summary of the event. info
NOT be bigger than 256 characters and SHOULD NOT include new-lines. SHOULD NOT be bigger than 256 characters and SHOULD NOT include new-
lines.
info is represented as a JSON string. info MUST be present. info is represented as a JSON string. info MUST be present.
@ -217,15 +218,16 @@ Internet-Draft MISP core format April 2017
Initial Initial
1: 1:
Ongoing
Dulaunoy & Iklody Expires October 12, 2017 [Page 4] Dulaunoy & Iklody Expires March 8, 2018 [Page 4]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
Ongoing
2: 2:
Complete Complete
@ -275,11 +277,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires March 8, 2018 [Page 5]
Dulaunoy & Iklody Expires October 12, 2017 [Page 5]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.2.1.11. orgc_id 2.2.1.11. orgc_id
@ -333,9 +333,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 6] Dulaunoy & Iklody Expires March 8, 2018 [Page 6]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
sharing_group_id is represented by a JSON string and SHOULD be sharing_group_id is represented by a JSON string and SHOULD be
@ -389,9 +389,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 7] Dulaunoy & Iklody Expires March 8, 2018 [Page 7]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.4. Attribute 2.4. Attribute
@ -445,9 +445,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 8] Dulaunoy & Iklody Expires March 8, 2018 [Page 8]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.4.2.3. type 2.4.2.3. type
@ -501,9 +501,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 9] Dulaunoy & Iklody Expires March 8, 2018 [Page 9]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
Payload installation Payload installation
@ -524,7 +524,7 @@ Internet-Draft MISP core format April 2017
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri, ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
user-agent, http-method, AS, snort, pattern-in-file, pattern-in- user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
traffic, attachment, comment, text, x509-fingerprint-sha1, other, traffic, attachment, comment, text, x509-fingerprint-sha1, other,
hex hex, cookie
Payload type Payload type
comment, text, other comment, text, other
@ -544,7 +544,7 @@ Internet-Draft MISP core format April 2017
Financial fraud Financial fraud
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
comment, text, other, hex phone-number, comment, text, other, hex
Support tool Support tool
attachment, link, comment, text, other, hex attachment, link, comment, text, other, hex
@ -557,9 +557,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 10] Dulaunoy & Iklody Expires March 8, 2018 [Page 10]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
first-name, middle-name, last-name, date-of-birth, place-of-birth, first-name, middle-name, last-name, date-of-birth, place-of-birth,
@ -569,11 +569,11 @@ Internet-Draft MISP core format April 2017
frequent-flyer-number, travel-details, payment-details, place- frequent-flyer-number, travel-details, payment-details, place-
port-of-original-embarkation, place-port-of-clearance, place-port- port-of-original-embarkation, place-port-of-clearance, place-port-
of-onward-foreign-destination, passenger-name-record-locator- of-onward-foreign-destination, passenger-name-record-locator-
number, comment, text, other number, comment, text, other, phone-number
Other Other
comment, text, other, size-in-bytes, counter, datetime, cpe, port, comment, text, other, size-in-bytes, counter, datetime, cpe, port,
float, hex float, hex, phone-number
Attributes are based on the usage within their different communities. Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference Attributes can be extended on a regular basis and this reference
@ -613,9 +613,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 11] Dulaunoy & Iklody Expires March 8, 2018 [Page 11]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.4.2.7. distribution 2.4.2.7. distribution
@ -669,9 +669,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 12] Dulaunoy & Iklody Expires March 8, 2018 [Page 12]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
sharing_group_id is represented by a JSON string and SHOULD be sharing_group_id is represented by a JSON string and SHOULD be
@ -725,9 +725,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 13] Dulaunoy & Iklody Expires March 8, 2018 [Page 13]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.4.2.15. value 2.4.2.15. value
@ -781,9 +781,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 14] Dulaunoy & Iklody Expires March 8, 2018 [Page 14]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.5.2.1. uuid 2.5.2.1. uuid
@ -837,9 +837,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 15] Dulaunoy & Iklody Expires March 8, 2018 [Page 15]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
email-dst-display-name, email-src-display-name, email-header, email-dst-display-name, email-src-display-name, email-header,
@ -876,7 +876,7 @@ Internet-Draft MISP core format April 2017
ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri, ip-src, ip-dst, hostname, domain, domain|ip, email-dst, url, uri,
user-agent, http-method, AS, snort, pattern-in-file, pattern-in- user-agent, http-method, AS, snort, pattern-in-file, pattern-in-
traffic, attachment, comment, text, x509-fingerprint-sha1, other, traffic, attachment, comment, text, x509-fingerprint-sha1, other,
hex hex, cookie
Payload type Payload type
comment, text, other comment, text, other
@ -893,9 +893,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 16] Dulaunoy & Iklody Expires March 8, 2018 [Page 16]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
pattern-in-traffic, pattern-in-memory, vulnerability, attachment, pattern-in-traffic, pattern-in-memory, vulnerability, attachment,
@ -904,7 +904,7 @@ Internet-Draft MISP core format April 2017
Financial fraud Financial fraud
btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn, btc, iban, bic, bank-account-nr, aba-rtn, bin, cc-number, prtn,
comment, text, other, hex phone-number, comment, text, other, hex
Support tool Support tool
attachment, link, comment, text, other, hex attachment, link, comment, text, other, hex
@ -921,11 +921,11 @@ Internet-Draft MISP core format April 2017
frequent-flyer-number, travel-details, payment-details, place- frequent-flyer-number, travel-details, payment-details, place-
port-of-original-embarkation, place-port-of-clearance, place-port- port-of-original-embarkation, place-port-of-clearance, place-port-
of-onward-foreign-destination, passenger-name-record-locator- of-onward-foreign-destination, passenger-name-record-locator-
number, comment, text, other number, comment, text, other, phone-number
Other Other
comment, text, other, size-in-bytes, counter, datetime, cpe, port, comment, text, other, size-in-bytes, counter, datetime, cpe, port,
float, hex float, hex, phone-number
Attributes are based on the usage within their different communities. Attributes are based on the usage within their different communities.
Attributes can be extended on a regular basis and this reference Attributes can be extended on a regular basis and this reference
@ -949,9 +949,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 17] Dulaunoy & Iklody Expires March 8, 2018 [Page 17]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
pattern for detection in Local or Network Intrusion Detection System, pattern for detection in Local or Network Intrusion Detection System,
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 18] Dulaunoy & Iklody Expires March 8, 2018 [Page 18]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.5.2.10. org_id 2.5.2.10. org_id
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 19] Dulaunoy & Iklody Expires March 8, 2018 [Page 19]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
The name is a readable description of the organization and SHOULD be The name is a readable description of the organization and SHOULD be
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 20] Dulaunoy & Iklody Expires March 8, 2018 [Page 20]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
2.7. Galaxy 2.7. Galaxy
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 21] Dulaunoy & Iklody Expires March 8, 2018 [Page 21]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"Galaxy": [ { "Galaxy": [ {
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 22] Dulaunoy & Iklody Expires March 8, 2018 [Page 22]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
3. JSON Schema 3. JSON Schema
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 23] Dulaunoy & Iklody Expires March 8, 2018 [Page 23]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"type": "object", "type": "object",
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 24] Dulaunoy & Iklody Expires March 8, 2018 [Page 24]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"items": { "items": {
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 25] Dulaunoy & Iklody Expires March 8, 2018 [Page 25]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"type": "string" "type": "string"
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 26] Dulaunoy & Iklody Expires March 8, 2018 [Page 26]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"type": "string" "type": "string"
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 27] Dulaunoy & Iklody Expires March 8, 2018 [Page 27]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"properties": { "properties": {
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 28] Dulaunoy & Iklody Expires March 8, 2018 [Page 28]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
}, },
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 29] Dulaunoy & Iklody Expires March 8, 2018 [Page 29]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
} }
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 30] Dulaunoy & Iklody Expires March 8, 2018 [Page 30]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
"description": { "description": {
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 31] Dulaunoy & Iklody Expires March 8, 2018 [Page 31]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
} }
@ -1789,9 +1789,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 32] Dulaunoy & Iklody Expires March 8, 2018 [Page 32]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
o timestamp (MUST) o timestamp (MUST)
@ -1845,9 +1845,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 33] Dulaunoy & Iklody Expires March 8, 2018 [Page 33]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
{ {
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format April 2017
Dulaunoy & Iklody Expires October 12, 2017 [Page 34] Dulaunoy & Iklody Expires March 8, 2018 [Page 34]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
5. Implementation 5. Implementation
@ -1940,32 +1940,32 @@ Internet-Draft MISP core format April 2017
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, DOI 10.17487/RFC4122, July 2005, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc4122>. editor.org/info/rfc4122>.
[RFC4627] Crockford, D., "The application/json Media Type for [RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627, JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006, DOI 10.17487/RFC4627, July 2006, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc4627>. editor.org/info/rfc4627>.
Dulaunoy & Iklody Expires October 12, 2017 [Page 35] Dulaunoy & Iklody Expires March 8, 2018 [Page 35]
Internet-Draft MISP core format April 2017 Internet-Draft MISP core format September 2017
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880, Thayer, "OpenPGP Message Format", RFC 4880,
DOI 10.17487/RFC4880, November 2007, DOI 10.17487/RFC4880, November 2007, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc4880>. editor.org/info/rfc4880>.
9.2. Informative References 9.2. Informative References
@ -1984,8 +1984,8 @@ Authors' Addresses
Alexandre Dulaunoy Alexandre Dulaunoy
Computer Incident Response Center Luxembourg Computer Incident Response Center Luxembourg
41, avenue de la gare 16, bd d'Avranches
Luxembourg L-1611 Luxembourg L-1160
Luxembourg Luxembourg
Phone: +352 247 88444 Phone: +352 247 88444
@ -1994,8 +1994,8 @@ Authors' Addresses
Andras Iklody Andras Iklody
Computer Incident Response Center Luxembourg Computer Incident Response Center Luxembourg
41, avenue de la gare 16, bd d'Avranches
Luxembourg L-1611 Luxembourg L-1160
Luxembourg Luxembourg
Phone: +352 247 88444 Phone: +352 247 88444
@ -2013,4 +2013,4 @@ Authors' Addresses
Dulaunoy & Iklody Expires October 12, 2017 [Page 36] Dulaunoy & Iklody Expires March 8, 2018 [Page 36]