mirror of https://github.com/MISP/misp-rfc
chg: [core] updated the ASCII output
parent
6824cca7d8
commit
e289e0c8b0
|
@ -5,7 +5,7 @@
|
||||||
Network Working Group A. Dulaunoy
|
Network Working Group A. Dulaunoy
|
||||||
Internet-Draft A. Iklody
|
Internet-Draft A. Iklody
|
||||||
Intended status: Informational CIRCL
|
Intended status: Informational CIRCL
|
||||||
Expires: October 12, 2018 April 10, 2018
|
Expires: February 9, 2019 August 8, 2018
|
||||||
|
|
||||||
|
|
||||||
MISP core format
|
MISP core format
|
||||||
|
@ -37,7 +37,7 @@ Status of This Memo
|
||||||
time. It is inappropriate to use Internet-Drafts as reference
|
time. It is inappropriate to use Internet-Drafts as reference
|
||||||
material or to cite them other than as "work in progress."
|
material or to cite them other than as "work in progress."
|
||||||
|
|
||||||
This Internet-Draft will expire on October 12, 2018.
|
This Internet-Draft will expire on February 9, 2019.
|
||||||
|
|
||||||
Copyright Notice
|
Copyright Notice
|
||||||
|
|
||||||
|
@ -53,9 +53,9 @@ Copyright Notice
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 1]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 1]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
include Simplified BSD License text as described in Section 4.e of
|
include Simplified BSD License text as described in Section 4.e of
|
||||||
|
@ -99,7 +99,7 @@ Table of Contents
|
||||||
5. Implementation . . . . . . . . . . . . . . . . . . . . . . . 48
|
5. Implementation . . . . . . . . . . . . . . . . . . . . . . . 48
|
||||||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 48
|
6. Security Considerations . . . . . . . . . . . . . . . . . . . 48
|
||||||
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 48
|
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 48
|
||||||
8. Sample MISP file . . . . . . . . . . . . . . . . . . . . . . 48
|
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
|
||||||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
|
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
|
||||||
9.1. Normative References . . . . . . . . . . . . . . . . . . 48
|
9.1. Normative References . . . . . . . . . . . . . . . . . . 48
|
||||||
9.2. Informative References . . . . . . . . . . . . . . . . . 49
|
9.2. Informative References . . . . . . . . . . . . . . . . . 49
|
||||||
|
@ -109,9 +109,9 @@ Table of Contents
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 2]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 2]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
1. Introduction
|
1. Introduction
|
||||||
|
@ -165,9 +165,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 3]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 3]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.2.1.2. id
|
2.2.1.2. id
|
||||||
|
@ -221,9 +221,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 4]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 4]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.2.1.6. analysis
|
2.2.1.6. analysis
|
||||||
|
@ -277,9 +277,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 5]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 5]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.2.1.10. org_id
|
2.2.1.10. org_id
|
||||||
|
@ -333,9 +333,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 6]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 6]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
All Communities
|
All Communities
|
||||||
|
@ -389,9 +389,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 7]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 7]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"Org": {
|
"Org": {
|
||||||
|
@ -445,9 +445,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 8]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 8]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"Attribute": {
|
"Attribute": {
|
||||||
|
@ -501,26 +501,26 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 9]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 9]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
link, comment, text, hex, attachment, other
|
link, comment, text, hex, attachment, other
|
||||||
|
|
||||||
Artifacts dropped
|
Artifacts dropped
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, filename, filename|md5,
|
ssdeep, imphash, impfuzzy, authentihash, cdhash, filename,
|
||||||
filename|sha1, filename|sha224, filename|sha256, filename|sha384,
|
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
||||||
filename|sha512, filename|sha512/224, filename|sha512/256,
|
filename|sha384, filename|sha512, filename|sha512/224,
|
||||||
filename|authentihash, filename|ssdeep, filename|tlsh,
|
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
||||||
filename|imphash, filename|impfuzzy, filename|pehash, regkey,
|
filename|tlsh, filename|imphash, filename|impfuzzy,
|
||||||
regkey|value, pattern-in-file, pattern-in-memory, pdb,
|
filename|pehash, regkey, regkey|value, pattern-in-file, pattern-
|
||||||
stix2-pattern, yara, sigma, attachment, malware-sample, named
|
in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-
|
||||||
pipe, mutex, windows-scheduled-task, windows-service-name,
|
sample, named pipe, mutex, windows-scheduled-task, windows-
|
||||||
windows-service-displayname, comment, text, hex, x509-fingerprint-
|
service-name, windows-service-displayname, comment, text, hex,
|
||||||
sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other,
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
cookie, gene, mime-type
|
sha256, other, cookie, gene, mime-type
|
||||||
|
|
||||||
Attribution
|
Attribution
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
||||||
|
@ -533,11 +533,11 @@ Internet-Draft MISP core format April 2018
|
||||||
md5, sha1, sha256, filename, filename|md5, filename|sha1,
|
md5, sha1, sha256, filename, filename|md5, filename|sha1,
|
||||||
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
||||||
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
||||||
regkey, regkey|value, AS, snort, pattern-in-file, pattern-in-
|
regkey, regkey|value, AS, snort, bro, pattern-in-file, pattern-in-
|
||||||
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
||||||
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, github-repository,
|
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
||||||
other, cortex
|
github-repository, other, cortex
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
@ -551,51 +551,52 @@ Internet-Draft MISP core format April 2018
|
||||||
domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-
|
domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-
|
||||||
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
||||||
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
||||||
sha1, other, hex, cookie, hostname|port
|
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
||||||
|
fingerprint-md5, other, hex, cookie, hostname|port, bro
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 10]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
Other
|
Other
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 10]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
float, hex, phone-number, boolean
|
float, hex, phone-number, boolean
|
||||||
|
|
||||||
Payload delivery
|
Payload delivery
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, filename,
|
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash,
|
||||||
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
filename, filename|md5, filename|sha1, filename|sha224,
|
||||||
filename|sha384, filename|sha512, filename|sha512/224,
|
filename|sha256, filename|sha384, filename|sha512,
|
||||||
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
filename|sha512/224, filename|sha512/256, filename|authentihash,
|
||||||
filename|tlsh, filename|imphash, filename|impfuzzy,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-
|
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
||||||
dst|port, ip-src|port, hostname, domain, email-src, email-dst,
|
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-
|
||||||
email-subject, email-attachment, email-body, url, user-agent, AS,
|
src, email-dst, email-subject, email-attachment, email-body, url,
|
||||||
pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma,
|
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
mime-type, attachment, malware-sample, link, malware-type,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
comment, text, hex, vulnerability, x509-fingerprint-sha1, x509-
|
link, malware-type, comment, text, hex, vulnerability, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, other, hostname|port,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
email-dst-display-name, email-src-display-name, email-header,
|
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name,
|
||||||
email-reply-to, email-x-mailer, email-mime-boundary, email-thread-
|
email-src-display-name, email-header, email-reply-to, email-
|
||||||
index, email-message-id, mobile-application-id, whois-registrant-
|
x-mailer, email-mime-boundary, email-thread-index, email-message-
|
||||||
email
|
id, mobile-application-id, whois-registrant-email
|
||||||
|
|
||||||
Payload installation
|
Payload installation
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, filename,
|
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash,
|
||||||
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
filename, filename|md5, filename|sha1, filename|sha224,
|
||||||
filename|sha384, filename|sha512, filename|sha512/224,
|
filename|sha256, filename|sha384, filename|sha512,
|
||||||
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
filename|sha512/224, filename|sha512/256, filename|authentihash,
|
||||||
filename|tlsh, filename|imphash, filename|impfuzzy,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-
|
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
||||||
memory, stix2-pattern, yara, sigma, vulnerability, attachment,
|
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
||||||
malware-sample, malware-type, comment, text, hex, x509-
|
vulnerability, attachment, malware-sample, malware-type, comment,
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
||||||
mobile-application-id, other, mime-type
|
fingerprint-sha256, mobile-application-id, other, mime-type
|
||||||
|
|
||||||
Payload type
|
Payload type
|
||||||
comment, text, other
|
comment, text, other
|
||||||
|
@ -609,15 +610,15 @@ Internet-Draft MISP core format April 2018
|
||||||
redress-number, nationality, visa-number, issue-date-of-the-visa,
|
redress-number, nationality, visa-number, issue-date-of-the-visa,
|
||||||
primary-residence, country-of-residence, special-service-request,
|
primary-residence, country-of-residence, special-service-request,
|
||||||
frequent-flyer-number, travel-details, payment-details, place-
|
frequent-flyer-number, travel-details, payment-details, place-
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 11]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
port-of-original-embarkation, place-port-of-clearance, place-port-
|
port-of-original-embarkation, place-port-of-clearance, place-port-
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 11]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
of-onward-foreign-destination, passenger-name-record-locator-
|
of-onward-foreign-destination, passenger-name-record-locator-
|
||||||
number, comment, text, other, phone-number, identity-card-number
|
number, comment, text, other, phone-number, identity-card-number
|
||||||
|
|
||||||
|
@ -665,15 +666,16 @@ Internet-Draft MISP core format April 2018
|
||||||
The event_id SHOULD be updated when the event is imported to reflect
|
The event_id SHOULD be updated when the event is imported to reflect
|
||||||
the newly created event's id on the instance.
|
the newly created event's id on the instance.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 12]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
event_id is represented as a JSON string. event_id MUST be present.
|
event_id is represented as a JSON string. event_id MUST be present.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 12]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
2.4.2.7. distribution
|
2.4.2.7. distribution
|
||||||
|
|
||||||
distribution represents the basic distribution rules of the
|
distribution represents the basic distribution rules of the
|
||||||
|
@ -719,17 +721,18 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
sharing_group_id represents a human-readable identifier referencing a
|
sharing_group_id represents a human-readable identifier referencing a
|
||||||
Sharing Group object that defines the distribution of the attribute,
|
Sharing Group object that defines the distribution of the attribute,
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 13]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
if distribution level "4" is set. A human-readable identifier MUST
|
if distribution level "4" is set. A human-readable identifier MUST
|
||||||
be represented as an unsigned integer.
|
be represented as an unsigned integer.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 13]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
sharing_group_id is represented by a JSON string and SHOULD be
|
sharing_group_id is represented by a JSON string and SHOULD be
|
||||||
present. If a distribution level other than "4" is chosen the
|
present. If a distribution level other than "4" is chosen the
|
||||||
sharing_group_id MUST be set to "0".
|
sharing_group_id MUST be set to "0".
|
||||||
|
@ -778,12 +781,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 14]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 14]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
2.4.2.15. value
|
2.4.2.15. value
|
||||||
|
@ -837,9 +837,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 15]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 15]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.5.2.1. uuid
|
2.5.2.1. uuid
|
||||||
|
@ -873,17 +873,17 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
Artifacts dropped
|
Artifacts dropped
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, filename, filename|md5,
|
ssdeep, imphash, impfuzzy, authentihash, cdhash, filename,
|
||||||
filename|sha1, filename|sha224, filename|sha256, filename|sha384,
|
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
||||||
filename|sha512, filename|sha512/224, filename|sha512/256,
|
filename|sha384, filename|sha512, filename|sha512/224,
|
||||||
filename|authentihash, filename|ssdeep, filename|tlsh,
|
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
||||||
filename|imphash, filename|impfuzzy, filename|pehash, regkey,
|
filename|tlsh, filename|imphash, filename|impfuzzy,
|
||||||
regkey|value, pattern-in-file, pattern-in-memory, pdb,
|
filename|pehash, regkey, regkey|value, pattern-in-file, pattern-
|
||||||
stix2-pattern, yara, sigma, attachment, malware-sample, named
|
in-memory, pdb, stix2-pattern, yara, sigma, attachment, malware-
|
||||||
pipe, mutex, windows-scheduled-task, windows-service-name,
|
sample, named pipe, mutex, windows-scheduled-task, windows-
|
||||||
windows-service-displayname, comment, text, hex, x509-fingerprint-
|
service-name, windows-service-displayname, comment, text, hex,
|
||||||
sha1, x509-fingerprint-md5, x509-fingerprint-sha256, other,
|
x509-fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-
|
||||||
cookie, gene, mime-type
|
sha256, other, cookie, gene, mime-type
|
||||||
|
|
||||||
Attribution
|
Attribution
|
||||||
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
threat-actor, campaign-name, campaign-id, whois-registrant-phone,
|
||||||
|
@ -893,9 +893,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 16]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 16]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
|
@ -905,11 +905,11 @@ Internet-Draft MISP core format April 2018
|
||||||
md5, sha1, sha256, filename, filename|md5, filename|sha1,
|
md5, sha1, sha256, filename, filename|md5, filename|sha1,
|
||||||
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
filename|sha256, ip-src, ip-dst, ip-dst|port, ip-src|port, mac-
|
||||||
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
address, mac-eui-64, hostname, domain, domain|ip, url, user-agent,
|
||||||
regkey, regkey|value, AS, snort, pattern-in-file, pattern-in-
|
regkey, regkey|value, AS, snort, bro, pattern-in-file, pattern-in-
|
||||||
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
traffic, pattern-in-memory, vulnerability, attachment, malware-
|
||||||
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
sample, link, comment, text, x509-fingerprint-sha1, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, github-repository,
|
fingerprint-md5, x509-fingerprint-sha256, ja3-fingerprint-md5,
|
||||||
other, cortex
|
github-repository, other, cortex
|
||||||
|
|
||||||
Financial fraud
|
Financial fraud
|
||||||
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
btc, xmr, iban, bic, bank-account-nr, aba-rtn, bin, cc-number,
|
||||||
|
@ -923,7 +923,8 @@ Internet-Draft MISP core format April 2018
|
||||||
domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-
|
domain|ip, mac-address, mac-eui-64, email-dst, url, uri, user-
|
||||||
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
agent, http-method, AS, snort, pattern-in-file, stix2-pattern,
|
||||||
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
pattern-in-traffic, attachment, comment, text, x509-fingerprint-
|
||||||
sha1, other, hex, cookie, hostname|port
|
md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-
|
||||||
|
fingerprint-md5, other, hex, cookie, hostname|port, bro
|
||||||
|
|
||||||
Other
|
Other
|
||||||
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
comment, text, other, size-in-bytes, counter, datetime, cpe, port,
|
||||||
|
@ -931,44 +932,43 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
Payload delivery
|
Payload delivery
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, filename,
|
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash,
|
||||||
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
filename, filename|md5, filename|sha1, filename|sha224,
|
||||||
filename|sha384, filename|sha512, filename|sha512/224,
|
filename|sha256, filename|sha384, filename|sha512,
|
||||||
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
filename|sha512/224, filename|sha512/256, filename|authentihash,
|
||||||
filename|tlsh, filename|imphash, filename|impfuzzy,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|pehash, mac-address, mac-eui-64, ip-src, ip-dst, ip-
|
filename|impfuzzy, filename|pehash, mac-address, mac-eui-64, ip-
|
||||||
dst|port, ip-src|port, hostname, domain, email-src, email-dst,
|
src, ip-dst, ip-dst|port, ip-src|port, hostname, domain, email-
|
||||||
email-subject, email-attachment, email-body, url, user-agent, AS,
|
src, email-dst, email-subject, email-attachment, email-body, url,
|
||||||
pattern-in-file, pattern-in-traffic, stix2-pattern, yara, sigma,
|
user-agent, AS, pattern-in-file, pattern-in-traffic,
|
||||||
mime-type, attachment, malware-sample, link, malware-type,
|
stix2-pattern, yara, sigma, mime-type, attachment, malware-sample,
|
||||||
comment, text, hex, vulnerability, x509-fingerprint-sha1, x509-
|
link, malware-type, comment, text, hex, vulnerability, x509-
|
||||||
fingerprint-md5, x509-fingerprint-sha256, other, hostname|port,
|
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
||||||
email-dst-display-name, email-src-display-name, email-header,
|
ja3-fingerprint-md5, other, hostname|port, email-dst-display-name,
|
||||||
email-reply-to, email-x-mailer, email-mime-boundary, email-thread-
|
email-src-display-name, email-header, email-reply-to, email-
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 17]
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 17]
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
|
||||||
|
|
||||||
|
|
||||||
index, email-message-id, mobile-application-id, whois-registrant-
|
x-mailer, email-mime-boundary, email-thread-index, email-message-
|
||||||
email
|
id, mobile-application-id, whois-registrant-email
|
||||||
|
|
||||||
Payload installation
|
Payload installation
|
||||||
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
md5, sha1, sha224, sha256, sha384, sha512, sha512/224, sha512/256,
|
||||||
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, filename,
|
ssdeep, imphash, impfuzzy, authentihash, pehash, tlsh, cdhash,
|
||||||
filename|md5, filename|sha1, filename|sha224, filename|sha256,
|
filename, filename|md5, filename|sha1, filename|sha224,
|
||||||
filename|sha384, filename|sha512, filename|sha512/224,
|
filename|sha256, filename|sha384, filename|sha512,
|
||||||
filename|sha512/256, filename|authentihash, filename|ssdeep,
|
filename|sha512/224, filename|sha512/256, filename|authentihash,
|
||||||
filename|tlsh, filename|imphash, filename|impfuzzy,
|
filename|ssdeep, filename|tlsh, filename|imphash,
|
||||||
filename|pehash, pattern-in-file, pattern-in-traffic, pattern-in-
|
filename|impfuzzy, filename|pehash, pattern-in-file, pattern-in-
|
||||||
memory, stix2-pattern, yara, sigma, vulnerability, attachment,
|
traffic, pattern-in-memory, stix2-pattern, yara, sigma,
|
||||||
malware-sample, malware-type, comment, text, hex, x509-
|
vulnerability, attachment, malware-sample, malware-type, comment,
|
||||||
fingerprint-sha1, x509-fingerprint-md5, x509-fingerprint-sha256,
|
text, hex, x509-fingerprint-sha1, x509-fingerprint-md5, x509-
|
||||||
mobile-application-id, other, mime-type
|
fingerprint-sha256, mobile-application-id, other, mime-type
|
||||||
|
|
||||||
Payload type
|
Payload type
|
||||||
comment, text, other
|
comment, text, other
|
||||||
|
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 18]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 18]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.5.2.4. category
|
2.5.2.4. category
|
||||||
|
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 19]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 19]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.5.2.8. timestamp
|
2.5.2.8. timestamp
|
||||||
|
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 20]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 20]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.5.2.13. data
|
2.5.2.13. data
|
||||||
|
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 21]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 21]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
template used for its creation within. Objects belong to a meta-
|
template used for its creation within. Objects belong to a meta-
|
||||||
|
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 22]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 22]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.6.2. Object Attributes
|
2.6.2. Object Attributes
|
||||||
|
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 23]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 23]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.6.2.7. template_version
|
2.6.2.7. template_version
|
||||||
|
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 24]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 24]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
Sharing Group
|
Sharing Group
|
||||||
|
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 25]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 25]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.7.1. Sample ObjectReference object
|
2.7.1. Sample ObjectReference object
|
||||||
|
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 26]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 26]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.7.2.5. event_id
|
2.7.2.5. event_id
|
||||||
|
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 27]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 27]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.7.2.11. object_uuid
|
2.7.2.11. object_uuid
|
||||||
|
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 28]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 28]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
element describes one singular instance of a sighting. A sighting
|
element describes one singular instance of a sighting. A sighting
|
||||||
|
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 29]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 29]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
2.9.1. Sample Sighting
|
2.9.1. Sample Sighting
|
||||||
|
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 30]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 30]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"Galaxy": [ {
|
"Galaxy": [ {
|
||||||
|
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 31]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 31]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
3. JSON Schema
|
3. JSON Schema
|
||||||
|
@ -1789,9 +1789,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 32]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 32]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"type": "object",
|
"type": "object",
|
||||||
|
@ -1845,9 +1845,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 33]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 33]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"items": {
|
"items": {
|
||||||
|
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 34]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 34]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -1957,9 +1957,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 35]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 35]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -2013,9 +2013,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 36]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 36]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2069,9 +2069,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 37]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 37]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2125,9 +2125,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 38]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 38]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2181,9 +2181,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 39]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 39]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2237,9 +2237,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 40]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 40]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"additionalProperties": false,
|
"additionalProperties": false,
|
||||||
|
@ -2293,9 +2293,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 41]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 41]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -2349,9 +2349,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 42]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 42]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"type": "array",
|
"type": "array",
|
||||||
|
@ -2405,9 +2405,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 43]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 43]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"additionalProperties": false,
|
"additionalProperties": false,
|
||||||
|
@ -2461,9 +2461,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 44]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 44]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"value": {
|
"value": {
|
||||||
|
@ -2517,9 +2517,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 45]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 45]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
4. Manifest
|
4. Manifest
|
||||||
|
@ -2573,9 +2573,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 46]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 46]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
4.1.1. Sample Manifest
|
4.1.1. Sample Manifest
|
||||||
|
@ -2629,9 +2629,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 47]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 47]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
"threat_level_id": "3"
|
"threat_level_id": "3"
|
||||||
|
@ -2665,7 +2665,7 @@ Internet-Draft MISP core format April 2018
|
||||||
the creation of open standards in threat intelligence sharing. A
|
the creation of open standards in threat intelligence sharing. A
|
||||||
special thank to Nicolas Bareil for the review of the JSON Schema.
|
special thank to Nicolas Bareil for the review of the JSON Schema.
|
||||||
|
|
||||||
8. Sample MISP file
|
8. References
|
||||||
|
|
||||||
9. References
|
9. References
|
||||||
|
|
||||||
|
@ -2685,9 +2685,9 @@ Internet-Draft MISP core format April 2018
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 48]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 48]
|
||||||
|
|
||||||
Internet-Draft MISP core format April 2018
|
Internet-Draft MISP core format August 2018
|
||||||
|
|
||||||
|
|
||||||
[RFC4627] Crockford, D., "The application/json Media Type for
|
[RFC4627] Crockford, D., "The application/json Media Type for
|
||||||
|
@ -2741,4 +2741,4 @@ Authors' Addresses
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires October 12, 2018 [Page 49]
|
Dulaunoy & Iklody Expires February 9, 2019 [Page 49]
|
||||||
|
|
Loading…
Reference in New Issue