chg: [misp-galaxy] add new meta derived from cfr (for MISP point of view)

misp-galaxy-format/raw.md

@@ -105,7 +105,7 @@ Related contains a list of JSON key value pairs which describe the related value
 
 ## meta
 
-Meta contains a list of custom defined JSON key value pairs. Users **SHOULD** reuse commonly used keys such as complexity, effectiveness, country, possible_issues, colour, motive, impact, refs, synonyms, status, date, encryption, extensions, ransomnotes, ransomnotes-filenames, ransomnotes-refs, suspected-victims, suspected-state-sponsor, type-of-incident, target-category, cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-category, attribution-confidence, payment-method, price, spoken-language, official-refs wherever applicable. Additional meta field **MAY** be added without the need to be referenced or registered in advance.
+Meta contains a list of custom defined JSON key value pairs. Users **SHOULD** reuse commonly used keys such as complexity, effectiveness, country, possible_issues, colour, motive, impact, refs, synonyms, status, date, encryption, extensions, ransomnotes, ransomnotes-filenames, ransomnotes-refs, suspected-victims, suspected-state-sponsor, type-of-incident, target-category, cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-category, suspected-victims, suspected-state-sponsor, attribution-confidence, payment-method, price, spoken-language, official-refs wherever applicable. Additional meta field **MAY** be added without the need to be referenced or registered in advance.
 
 refs, synonyms, official-refs **SHALL** be used to give further informations. refs is represented as an array containing one or more strings and **SHALL** be present. synonyms is represented as an array containing one or more strings and **SHALL** be present. official-refs is represented as an array containing one or more strings and **SHALL** be present.
 

misp-galaxy-format/raw.md.txt

@@ -195,14 +195,17 @@ Internet-Draft             MISP galaxy format               October 2019
    filenames, ransomnotes-refs, suspected-victims, suspected-state-
    sponsor, type-of-incident, target-category, cfr-suspected-victims,
    cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-
-   category, attribution-confidence, payment-method, price wherever
+   category, suspected-victims, suspected-state-sponsor, attribution-
-   applicable.  Additional meta field MAY be added without the need to
+   confidence, payment-method, price, spoken-language, official-refs
-   be referenced or registered in advance.
+   wherever applicable.  Additional meta field MAY be added without the
+   need to be referenced or registered in advance.
 
-   refs, synonyms SHALL be used to give further informations. refs is
+   refs, synonyms, official-refs SHALL be used to give further
+   informations. refs is represented as an array containing one or more
+   strings and SHALL be present. synonyms is represented as an array
+   containing one or more strings and SHALL be present. official-refs is
    represented as an array containing one or more strings and SHALL be
-   present. synonyms is represented as an array containing one or more
+   present.
-   strings and SHALL be present.
 
    date, status MAY be used to give time information about an cluster.
    date is represented as a string describing a time or period and SHALL
@@ -215,9 +218,6 @@ Internet-Draft             MISP galaxy format               October 2019
    field is described as an RGB colour fill in hexadecimal
    representation.
 
-   complexity, effectiveness, impact, possible_issues MAY be used to
-   give further information in preventive-measure galaxy. complexity is
-   represented by an enumerated value from a fixed vocabulary and SHALL
 
 
 
@@ -226,6 +226,9 @@ Dulaunoy, et al.          Expires April 6, 2020                 [Page 4]
 Internet-Draft             MISP galaxy format               October 2019
 
 
+   complexity, effectiveness, impact, possible_issues MAY be used to
+   give further information in preventive-measure galaxy. complexity is
+   represented by an enumerated value from a fixed vocabulary and SHALL
    be present. effectiveness is represented by an enumerated value from
    a fixed vocabulary and SHALL be present. impact is represented by an
    enumerated value from a fixed vocabulary and SHALL be present.
@@ -252,9 +255,12 @@ Internet-Draft             MISP galaxy format               October 2019
   "uuid": "e6df1619-f8b3-476c-b5cf-22b4c9e9dd7f"
 }
 
-   country, motive MAY be used to give further information in threat-
+   country, motive, spoken-language MAY be used to give further
-   actor galaxy. country is represented as a string and SHOULD be
+   information in threat-actor galaxy. country is represented as a
-   present. motive is represented as a string and SHOULD be present.
+   string and SHOULD be present. motive is represented as a string and
+   SHOULD be present. spoken-language is represented as an array
+   containing one or more strings describing a language using ISO 639-2
+   code and SHALL be present.
 
    Example use of the country, motive fields in the threat-actor galaxy:
 
@@ -271,12 +277,6 @@ Internet-Draft             MISP galaxy format               October 2019
 
 
 
-
-
-
-
-
-
 Dulaunoy, et al.          Expires April 6, 2020                 [Page 5]
 
 Internet-Draft             MISP galaxy format               October 2019