Event basic description added

Rafiot-patch-1
Alexandre Dulaunoy 2016-10-01 12:47:20 +02:00
parent eca54fb9e2
commit baf351a7bb
2 changed files with 24 additions and 20 deletions

View File

@ -28,7 +28,7 @@ This document describes the MISP core format used to exchange indicators and thr
MISP (Malware Information and threat Sharing Platform) instances. MISP (Malware Information and threat Sharing Platform) instances.
The JSON format includes the overall structure along with the semantic associated for each The JSON format includes the overall structure along with the semantic associated for each
respective key. The format is described to support other implementations which reuse the respective key. The format is described to support other implementations which reuse the
format and ensuring an interoperability with existing MISP [@?MISP-P] software and other Threat Intelligence Platform. format and ensuring an interoperability with existing MISP [@?MISP-P] software and other Threat Intelligence Platforms.
{mainmatter} {mainmatter}
@ -36,7 +36,9 @@ format and ensuring an interoperability with existing MISP [@?MISP-P] software a
Sharing threat information became a fundamental requirements in the Internet, security and intelligence community at large. Threat Sharing threat information became a fundamental requirements in the Internet, security and intelligence community at large. Threat
information can include indicators of compromise, malicious file indicators, financial fraud indicators information can include indicators of compromise, malicious file indicators, financial fraud indicators
or even detailed information about a threat actor. MISP started as an open source project in late 2011 or even detailed information about a threat actor. MISP started as an open source project in late 2011 and
the MISP format started to be widely used as an exchange format within the community in the past years. The aim of this document
is to describe the specification and the MISP core format.
# Format # Format
@ -46,7 +48,9 @@ The MISP core format is in the JSON [@!RFC4627] format. In MISP, an event is com
## Event ## Event
An event is a simple meta structure scheme where attributes are embedded An event is a simple meta structure scheme where attributes and meta-data are embedded to compose a coherent set
of indicators. An event can be composed from an incident, a security analysis report or a specific threat actor
analysis. The meaning of an event only depends of the information embedded in the event.
<reference anchor='MISP-P' target='https://github.com/MISP'> <reference anchor='MISP-P' target='https://github.com/MISP'>

View File

@ -20,7 +20,7 @@ Abstract
respective key. The format is described to support other respective key. The format is described to support other
implementations which reuse the format and ensuring an implementations which reuse the format and ensuring an
interoperability with existing MISP [MISP-P] software and other interoperability with existing MISP [MISP-P] software and other
Threat Intelligence Platform. Threat Intelligence Platforms.
Status of This Memo Status of This Memo
@ -69,7 +69,7 @@ Table of Contents
2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2. Event . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2. Event . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. References . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. References . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.1. Normative References . . . . . . . . . . . . . . . . . . 2 3.1. Normative References . . . . . . . . . . . . . . . . . . 3
3.2. Informative References . . . . . . . . . . . . . . . . . 3 3.2. Informative References . . . . . . . . . . . . . . . . . 3
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 3 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 3
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 3 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 3
@ -81,7 +81,9 @@ Table of Contents
information can include indicators of compromise, malicious file information can include indicators of compromise, malicious file
indicators, financial fraud indicators or even detailed information indicators, financial fraud indicators or even detailed information
about a threat actor. MISP started as an open source project in late about a threat actor. MISP started as an open source project in late
2011 2011 and the MISP format started to be widely used as an exchange
format within the community in the past years. The aim of this
document is to describe the specification and the MISP core format.
2. Format 2. Format
@ -92,17 +94,15 @@ Table of Contents
2.2. Event 2.2. Event
An event is a simple meta structure scheme where attributes are An event is a simple meta structure scheme where attributes and meta-
embedded data are embedded to compose a coherent set of indicators. An event
can be composed from an incident, a security analysis report or a
specific threat actor analysis. The meaning of an event only depends
of the information embedded in the event.
3. References 3. References
3.1. Normative References
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<http://www.rfc-editor.org/info/rfc4627>.
@ -114,6 +114,13 @@ Dulaunoy Expires April 4, 2017 [Page 2]
Internet-Draft MISP core format October 2016 Internet-Draft MISP core format October 2016
3.1. Normative References
[RFC4627] Crockford, D., "The application/json Media Type for
JavaScript Object Notation (JSON)", RFC 4627,
DOI 10.17487/RFC4627, July 2006,
<http://www.rfc-editor.org/info/rfc4627>.
3.2. Informative References 3.2. Informative References
[MISP-P] MISP, , "MISP Project - Malware Information Sharing [MISP-P] MISP, , "MISP Project - Malware Information Sharing
@ -147,13 +154,6 @@ Author's Address