MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [misp-galaxy] RFC text export added

pull/21/head
Alexandre Dulaunoy 2018-09-22 10:25:09 +02:00
parent cc756f6836
commit d6fa8078dd
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 144 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
misp-galaxy-format/raw.md.txt
View File

@ -5,8 +5,8 @@
Network Working Group A. Dulaunoy Network Working Group A. Dulaunoy
Internet-Draft A. Iklody Internet-Draft A. Iklody
Intended status: Informational D. Servili Intended status: Informational D. Servili
Expires: October 3, 2018 CIRCL Expires: March 24, 2019 CIRCL
April 1, 2018 September 20, 2018
MISP galaxy format MISP galaxy format
@ -38,7 +38,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 3, 2018. This Internet-Draft will expire on March 24, 2019.
Copyright Notice Copyright Notice
@ -53,9 +53,9 @@ Copyright Notice
Dulaunoy, et al. Expires October 3, 2018 [Page 1] Dulaunoy, et al. Expires March 24, 2019 [Page 1]
Internet-Draft MISP galaxy format April 2018 Internet-Draft MISP galaxy format September 2018
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
@ -73,7 +73,7 @@ Table of Contents
2.3. related . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3. related . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.4. meta . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.4. meta . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. JSON Schema . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. JSON Schema . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1. MISP galaxy format - clusters . . . . . . . . . . . . . . 7 3.1. MISP galaxy format - clusters . . . . . . . . . . . . . . 8
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.1. Normative References . . . . . . . . . . . . . . . . . . 11 5.1. Normative References . . . . . . . . . . . . . . . . . . 11
@ -109,9 +109,9 @@ Table of Contents
Dulaunoy, et al. Expires October 3, 2018 [Page 2] Dulaunoy, et al. Expires March 24, 2019 [Page 2]
Internet-Draft MISP galaxy format April 2018 Internet-Draft MISP galaxy format September 2018
2. Format 2. Format
@ -165,9 +165,9 @@ Internet-Draft MISP galaxy format April 2018
Dulaunoy, et al. Expires October 3, 2018 [Page 3] Dulaunoy, et al. Expires March 24, 2019 [Page 3]
Internet-Draft MISP galaxy format April 2018 Internet-Draft MISP galaxy format September 2018
present. The type is represented as a string and MUST be present and present. The type is represented as a string and MUST be present and
@ -187,15 +187,17 @@ Internet-Draft MISP galaxy format April 2018
2.4. meta 2.4. meta
Meta contains a list of custom defined JSON key value pairs. Users Meta contains a list of custom defined JSON key value pairs. Users
SHOULD reuse commonly used keys such as properties, complexity, SHOULD reuse commonly used keys such as complexity, effectiveness,
effectiveness, country, possible_issues, colour, motive, impact, country, possible_issues, colour, motive, impact, refs, synonyms,
refs, synonyms, status, date, encryption, extensions, ransomnotes, status, date, encryption, extensions, ransomnotes, suspected-victims,
cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of- suspected-state-sponsor, type-of-incident, target-category, cfr-
incident, cfr-target-category wherever applicable. suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-incident,
cfr-target-category wherever applicable.
properties is used to provide clusters with additional properties. refs, synonyms SHALL be used to give further informations. refs is
Properties are represented as an array containing one or more strings represented as an array containing one or more strings and SHALL be
ans MAY be present. present. synonyms is represented as an array containing one or more
strings and SHALL be present.
date, status MAY be used to give time information about an cluster. date, status MAY be used to give time information about an cluster.
date is represented as a string describing a time or period and SHALL date is represented as a string describing a time or period and SHALL
@ -216,16 +218,17 @@ Internet-Draft MISP galaxy format April 2018
enumerated value from a fixed vocabulary and SHALL be present. enumerated value from a fixed vocabulary and SHALL be present.
possible_issues is represented as a string and SHOULD be present. possible_issues is represented as a string and SHOULD be present.
Dulaunoy, et al. Expires March 24, 2019 [Page 4]
Internet-Draft MISP galaxy format September 2018
Example use of the complexity, effectiveness, impact, possible_issues Example use of the complexity, effectiveness, impact, possible_issues
fields in the preventive-measure galaxy: fields in the preventive-measure galaxy:
Dulaunoy, et al. Expires October 3, 2018 [Page 4]
Internet-Draft MISP galaxy format April 2018
{ {
"meta": { "meta": {
"refs": [ "refs": [
@ -271,17 +274,16 @@ Internet-Draft MISP galaxy format April 2018
encryption, extensions, ransomnotes MAY be used to give further encryption, extensions, ransomnotes MAY be used to give further
information in ransomware galaxy. encryption is represented as a information in ransomware galaxy. encryption is represented as a
Dulaunoy, et al. Expires March 24, 2019 [Page 5]
Internet-Draft MISP galaxy format September 2018
string and SHALL be present. extensions is represented as an array string and SHALL be present. extensions is represented as an array
containing one or more strings and SHALL be present. ransomnotes is containing one or more strings and SHALL be present. ransomnotes is
Dulaunoy, et al. Expires October 3, 2018 [Page 5]
Internet-Draft MISP galaxy format April 2018
represented as an array containing one or more strings ans SHALL be represented as an array containing one or more strings ans SHALL be
present. present.
@ -327,23 +329,28 @@ Internet-Draft MISP galaxy format April 2018
"value": "menuPass (G0045) uses EvilGrab (S0152)" "value": "menuPass (G0045) uses EvilGrab (S0152)"
} }
Dulaunoy, et al. Expires March 24, 2019 [Page 6]
Internet-Draft MISP galaxy format September 2018
cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of- cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-
incident and cfr-target-category MAY be used to report information incident and cfr-target-category MAY be used to report information
gathered from CFR's (Council on Foreign Relations) [CFR] Cyber gathered from CFR's (Council on Foreign Relations) [CFR] Cyber
Dulaunoy, et al. Expires October 3, 2018 [Page 6]
Internet-Draft MISP galaxy format April 2018
Operations Tracker. cfr-suspected-victims is represented as an array Operations Tracker. cfr-suspected-victims is represented as an array
containing one or more strings and SHALL be present. cfr-suspected- containing one or more strings and SHALL be present. cfr-suspected-
state-sponsor is represented as a string and SHALL be present. cfr- state-sponsor is represented as a string and SHALL be present. cfr-
type-of-incident is represented as a string and SHALL be present. type-of-incident is represented as a string or an array and SHALL be
cfr-target-category is represented as an array containing one or more present. RECOMMENDED but not exhaustive list of possible values for
strings ans SHALL be present. cfr-type-of-incident includes "Espionage", "Denial of service",
"Sabotage". cfr-target-category is represented as an array containing
one or more strings ans SHALL be present. RECOMMENDED but not
exhaustive list of possible values for cfr-target-category includes
"Private sector", "Government", "Civil society", "Military".
Example use of the cfr-suspected-victims, cfr-suspected-state- Example use of the cfr-suspected-victims, cfr-suspected-state-
sponsor, cfr-type-of-incident, cfr-target-category fields in the sponsor, cfr-type-of-incident, cfr-target-category fields in the
@ -376,6 +383,17 @@ Internet-Draft MISP galaxy format April 2018
formats. The main format is the MISP galaxy format used for the formats. The main format is the MISP galaxy format used for the
clusters. clusters.
Dulaunoy, et al. Expires March 24, 2019 [Page 7]
Internet-Draft MISP galaxy format September 2018
3.1. MISP galaxy format - clusters 3.1. MISP galaxy format - clusters
{ {
@ -386,14 +404,6 @@ Internet-Draft MISP galaxy format April 2018
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"description": { "description": {
Dulaunoy, et al. Expires October 3, 2018 [Page 7]
Internet-Draft MISP galaxy format April 2018
"type": "string" "type": "string"
}, },
"type": { "type": {
@ -432,6 +442,14 @@ Internet-Draft MISP galaxy format April 2018
"additionalProperties": false, "additionalProperties": false,
"items": { "items": {
"type": "object" "type": "object"
Dulaunoy, et al. Expires March 24, 2019 [Page 8]
Internet-Draft MISP galaxy format September 2018
}, },
"properties": { "properties": {
"dest-uuid": { "dest-uuid": {
@ -442,14 +460,6 @@ Internet-Draft MISP galaxy format April 2018
}, },
"tags": { "tags": {
"type": "array", "type": "array",
Dulaunoy, et al. Expires October 3, 2018 [Page 8]
Internet-Draft MISP galaxy format April 2018
"uniqueItems": true, "uniqueItems": true,
"items": { "items": {
"type": "string" "type": "string"
@ -488,6 +498,14 @@ Internet-Draft MISP galaxy format April 2018
}, },
"impact": { "impact": {
"type": "string" "type": "string"
Dulaunoy, et al. Expires March 24, 2019 [Page 9]
Internet-Draft MISP galaxy format September 2018
}, },
"refs": { "refs": {
"type": "array", "type": "array",
@ -498,14 +516,6 @@ Internet-Draft MISP galaxy format April 2018
}, },
"synonyms": { "synonyms": {
"type": "array", "type": "array",
Dulaunoy, et al. Expires October 3, 2018 [Page 9]
Internet-Draft MISP galaxy format April 2018
"uniqueItems": true, "uniqueItems": true,
"items": { "items": {
"type": "string" "type": "string"
@ -544,6 +554,14 @@ Internet-Draft MISP galaxy format April 2018
}, },
"authors": { "authors": {
"type": "array", "type": "array",
Dulaunoy, et al. Expires March 24, 2019 [Page 10]
Internet-Draft MISP galaxy format September 2018
"uniqueItems": true, "uniqueItems": true,
"items": { "items": {
"type": "string" "type": "string"
@ -554,14 +572,6 @@ Internet-Draft MISP galaxy format April 2018
"description", "description",
"type", "type",
"version", "version",
Dulaunoy, et al. Expires October 3, 2018 [Page 10]
Internet-Draft MISP galaxy format April 2018
"name", "name",
"uuid", "uuid",
"values", "values",
@ -600,6 +610,14 @@ Internet-Draft MISP galaxy format April 2018
Relations", 2018, Relations", 2018,
<https://www.cfr.org/interactive/cyber-operations>. <https://www.cfr.org/interactive/cyber-operations>.
Dulaunoy, et al. Expires March 24, 2019 [Page 11]
Internet-Draft MISP galaxy format September 2018
[JSON-SCHEMA] [JSON-SCHEMA]
"JSON Schema: A Media Type for Describing JSON Documents", "JSON Schema: A Media Type for Describing JSON Documents",
2016, 2016,
@ -608,16 +626,6 @@ Internet-Draft MISP galaxy format April 2018
[MISP-G] MISP, "MISP Galaxy - Public Repository", [MISP-G] MISP, "MISP Galaxy - Public Repository",
<https://github.com/MISP/misp-galaxy>. <https://github.com/MISP/misp-galaxy>.
Dulaunoy, et al. Expires October 3, 2018 [Page 11]
Internet-Draft MISP galaxy format April 2018
[MISP-G-DOC] [MISP-G-DOC]
MISP, "MISP Galaxy - Documentation of the Public MISP, "MISP Galaxy - Documentation of the Public
Repository", <https://www.misp-project.org/galaxy.html>. Repository", <https://www.misp-project.org/galaxy.html>.
@ -651,6 +659,21 @@ Authors' Addresses
Email: andras.iklody@circl.lu Email: andras.iklody@circl.lu
Dulaunoy, et al. Expires March 24, 2019 [Page 12]
Internet-Draft MISP galaxy format September 2018
Deborah Servili Deborah Servili
Computer Incident Response Center Luxembourg Computer Incident Response Center Luxembourg
16, bd d'Avranches 16, bd d'Avranches
@ -669,4 +692,37 @@ Authors' Addresses
Dulaunoy, et al. Expires October 3, 2018 [Page 12]
Dulaunoy, et al. Expires March 24, 2019 [Page 13]