Event basic description added

2016-10-01 12:47:20 +02:00 · 2016-10-01 12:47:20 +02:00 · baf351a7bb
parent eca54fb9e2
commit baf351a7bb
2 changed files with 24 additions and 20 deletions
--- a/misp-core-format/raw.md
+++ b/misp-core-format/raw.md
@ -28,7 +28,7 @@ This document describes the MISP core format used to exchange indicators and thr
 MISP (Malware Information and threat Sharing Platform) instances.
 The JSON format includes the overall structure along with the semantic associated for each
 respective key. The format is described to support other implementations which reuse the
-format and ensuring an interoperability with existing MISP [@?MISP-P] software and other Threat Intelligence Platform.
+format and ensuring an interoperability with existing MISP [@?MISP-P] software and other Threat Intelligence Platforms.

 {mainmatter}

@ -36,7 +36,9 @@ format and ensuring an interoperability with existing MISP [@?MISP-P] software a

 Sharing threat information became a fundamental requirements in the Internet, security and intelligence community at large. Threat
 information can include indicators of compromise, malicious file indicators, financial fraud indicators
-or even detailed information about a threat actor. MISP started as an open source project in late 2011
+or even detailed information about a threat actor. MISP started as an open source project in late 2011 and
+the MISP format started to be widely used as an exchange format within the community in the past years. The aim of this document
+is to describe the specification and the MISP core format.

 # Format

@ -46,7 +48,9 @@ The MISP core format is in the JSON [@!RFC4627] format. In MISP, an event is com

 ## Event

-An event is a simple meta structure scheme where attributes are embedded 
+An event is a simple meta structure scheme where attributes and meta-data are embedded to compose a coherent set
+of indicators. An event can be composed from an incident, a security analysis report or a specific threat actor
+analysis. The meaning of an event only depends of the information embedded in the event.


 <reference anchor='MISP-P' target='https://github.com/MISP'>
--- a/misp-core-format/raw.md.txt
+++ b/misp-core-format/raw.md.txt
@ -20,7 +20,7 @@ Abstract
   respective key.  The format is described to support other
   implementations which reuse the format and ensuring an
   interoperability with existing MISP [MISP-P] software and other
-   Threat Intelligence Platform.
+   Threat Intelligence Platforms.

 Status of This Memo

@ -69,7 +69,7 @@ Table of Contents
     2.1.  Overview  . . . . . . . . . . . . . . . . . . . . . . . .   2
     2.2.  Event . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   2
-     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   2
+     3.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
     3.2.  Informative References  . . . . . . . . . . . . . . . . .   3
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   3
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   3
@ -81,7 +81,9 @@ Table of Contents
   information can include indicators of compromise, malicious file
   indicators, financial fraud indicators or even detailed information
   about a threat actor.  MISP started as an open source project in late
-   2011
+   2011 and the MISP format started to be widely used as an exchange
+   format within the community in the past years.  The aim of this
+   document is to describe the specification and the MISP core format.

 2.  Format

@ -92,17 +94,15 @@ Table of Contents

 2.2.  Event

-   An event is a simple meta structure scheme where attributes are
-   embedded
+   An event is a simple meta structure scheme where attributes and meta-
+   data are embedded to compose a coherent set of indicators.  An event
+   can be composed from an incident, a security analysis report or a
+   specific threat actor analysis.  The meaning of an event only depends
+   of the information embedded in the event.

 3.  References

-3.1.  Normative References

-   [RFC4627]  Crockford, D., "The application/json Media Type for
-              JavaScript Object Notation (JSON)", RFC 4627,
-              DOI 10.17487/RFC4627, July 2006,
-              <http://www.rfc-editor.org/info/rfc4627>.



@ -114,6 +114,13 @@ Dulaunoy                  Expires April 4, 2017                 [Page 2]
 Internet-Draft              MISP core format                October 2016


+3.1.  Normative References
+
+   [RFC4627]  Crockford, D., "The application/json Media Type for
+              JavaScript Object Notation (JSON)", RFC 4627,
+              DOI 10.17487/RFC4627, July 2006,
+              <http://www.rfc-editor.org/info/rfc4627>.
+
 3.2.  Informative References

   [MISP-P]   MISP, , "MISP Project - Malware Information Sharing
@ -147,13 +154,6 @@ Author's Address



-
-
-
-
-
-
-