many fixes

pull/8/head
Alexandre Dulaunoy 2017-09-21 15:37:13 +02:00
parent 8d1c657a30
commit c1c2345cb3
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 16 additions and 17 deletions

View File

@ -5,7 +5,7 @@
% ipr= "trust200902" % ipr= "trust200902"
% area = "Security" % area = "Security"
% %
% date = 2017-09-04T00:00:00Z % date = 2017-09-21T00:00:00Z
% %
% [[author]] % [[author]]
% initials="A." % initials="A."
@ -39,7 +39,7 @@
.# Abstract .# Abstract
This document describes the MISP object template format which describes a simple JSON format to represent the various templates used to construct MISP objects. A public directory of common vocabularies MISP object templates is available and relies on the MISP object reference format. This document describes the MISP object template format which describes a simple JSON format to represent the various templates used to construct MISP objects. A public directory of common vocabularies MISP object templates [@?MISP-O] is available and relies on the MISP object reference format.
{mainmatter} {mainmatter}
@ -47,7 +47,7 @@ This document describes the MISP object template format which describes a simple
Due to the increased maturity of threat information sharing, the need arose for more complex and exhaustive data-points to be shared across the various sharing communities. MISP's information sharing in general relied on a flat structure of attributes contained within an event, where attributes served as atomic secluded data-points with some commonalities as defined by the encapsulating event. However, this flat structure restricted the use of more diverse and complex data-points described by a list of atomic values, a problem solved by the MISP object structure. Due to the increased maturity of threat information sharing, the need arose for more complex and exhaustive data-points to be shared across the various sharing communities. MISP's information sharing in general relied on a flat structure of attributes contained within an event, where attributes served as atomic secluded data-points with some commonalities as defined by the encapsulating event. However, this flat structure restricted the use of more diverse and complex data-points described by a list of atomic values, a problem solved by the MISP object structure.
MISP objects combine a list of attributes to represent a singular object with various facets. In order to bootstrap the object creation process and to maintain uniformity among objects describing similar data-points, the MISP object template format serves as a reuseable and share-able blueprint format. MISP objects combine a list of attributes to represent a singular object with various facets. In order to bootstrap the object creation process and to maintain uniformity among objects describing similar data-points, the MISP object template format serves as a reusable and share-able blueprint format.
MISP object templates also include a vocabulary to describe the various inter object and object to attribute relationships and are leveraged by MISP object references. MISP object templates also include a vocabulary to describe the various inter object and object to attribute relationships and are leveraged by MISP object references.
@ -63,7 +63,7 @@ MISP object templates are composed of the MISP object template (**MUST**) struct
MISP object templates themselves consist of a name (**MUST**), a meta-category (**MUST**) and a description (**SHOULD**). They are identified by a uuid (**MUST**) and a version (**MUST**). The list of requirements when it comes to the contained MISP object template elements is defined in the requirements field (**OPTIONAL**). MISP object templates themselves consist of a name (**MUST**), a meta-category (**MUST**) and a description (**SHOULD**). They are identified by a uuid (**MUST**) and a version (**MUST**). The list of requirements when it comes to the contained MISP object template elements is defined in the requirements field (**OPTIONAL**).
MISP object template elements consist of an object\_relation (**MUST**) a type (**MUST**) an object\_template\_id (**SHOULD**) a ui\_priority (**SHOULD**) a list of categories (**MAY**), a list of sane\_default values (**MAY**) a values_list (**MAY**) MISP object template elements consist of an object\_relation (**MUST**) a type (**MUST**) an object\_template\_id (**SHOULD**) a ui\_priority (**SHOULD**) a list of categories (**MAY**), a list of sane\_default values (**MAY**) a values\_list (**MAY**)
## Overview ## Overview
@ -129,7 +129,7 @@ misp-attribute is represented by a JSON string or a JSON object with a list of v
The misp-attribute field **MUST** be present. The misp-attribute field **MUST** be present.
#### disable_correlation #### disable\_correlation
disable\_correlation is represented by a JSON boolean. The disable\_correlation field flags the attribute(s) created by the given object template element to be marked as non correlating. disable\_correlation is represented by a JSON boolean. The disable\_correlation field flags the attribute(s) created by the given object template element to be marked as non correlating.
@ -143,7 +143,7 @@ The categories field **MAY** be present.
#### multiple #### multiple
multiple is represented by a JSON boolean value. It marks the MISP object template element as a multiple input field, allowing for several attributes to be created by the eleemnt within the same object. multiple is represented by a JSON boolean value. It marks the MISP object template element as a multiple input field, allowing for several attributes to be created by the element within the same object.
The multiple field **MAY** be present. The multiple field **MAY** be present.
@ -151,19 +151,14 @@ The multiple field **MAY** be present.
~~~~ ~~~~
{ {
"name": "credit-card",
"description": "A payment card like credit card, debit card or any similar cards which can be used for financial transactions.",
"meta-category": "financial",
"uuid": "2b9c57aa-daba-4330-a738-56f18743b0c7",
"version": 1,
"requiredOneOf": [ "requiredOneOf": [
"cc-number" "cc-number"
], ],
"attributes": { "attributes": {
"version": { "version": {
"description": "yabin.py and regex.txt version used for the generation of the yara rules.", "description": "Version of the card.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "comment" "misp-attribute": "text"
}, },
"comment": { "comment": {
"description": "A description of the card.", "description": "A description of the card.",
@ -171,7 +166,7 @@ The multiple field **MAY** be present.
"misp-attribute": "comment" "misp-attribute": "comment"
}, },
"card-security-code": { "card-security-code": {
"description": "Card security code as embossed or printed on the card.", "description": "Card security code (CSC, CVD, CVV, CVC and SPC) as embossed or printed on the card.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
@ -195,9 +190,13 @@ The multiple field **MAY** be present.
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "cc-number" "misp-attribute": "cc-number"
} }
} },
"version": 2,
"description": "A payment card like credit card, debit card or any similar cards which can be used for financial transactions.",
"meta-category": "financial",
"uuid": "2b9c57aa-daba-4330-a738-56f18743b0c7",
"name": "credit-card"
} }
~~~~ ~~~~
### Object Relationships ### Object Relationships