|
|
|
@ -76,8 +76,8 @@ Table of Contents
@@ -76,8 +76,8 @@ Table of Contents
|
|
|
|
|
3. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 |
|
|
|
|
3.1. Normative References . . . . . . . . . . . . . . . . . . 6 |
|
|
|
|
3.2. Informative References . . . . . . . . . . . . . . . . . 6 |
|
|
|
|
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 |
|
|
|
|
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 |
|
|
|
|
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 7 |
|
|
|
|
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 |
|
|
|
|
|
|
|
|
|
1. Introduction |
|
|
|
|
|
|
|
|
@ -264,15 +264,15 @@ Internet-Draft MISP core format October 2016
@@ -264,15 +264,15 @@ Internet-Draft MISP core format October 2016
|
|
|
|
|
An Org object is composed of an uuid, name and id. |
|
|
|
|
|
|
|
|
|
The uuid represents the Universally Unique IDentifier (UUID) |
|
|
|
|
[RFC4122] of the organization. The uuid is globally assigned to an |
|
|
|
|
organization and SHALL be kept overtime. |
|
|
|
|
|
|
|
|
|
uuid is represented as a JSON string. uuid MUST be present. |
|
|
|
|
[RFC4122] of the organization. The organization UUID is globally |
|
|
|
|
assigned to an organization and SHALL be kept overtime. |
|
|
|
|
|
|
|
|
|
The name is a readable description of the organization and SHOULD be |
|
|
|
|
present. |
|
|
|
|
|
|
|
|
|
present. The id is a human-readable identifier generated by the |
|
|
|
|
instance and used as reference in the event. |
|
|
|
|
|
|
|
|
|
uuid, name and id are represented as a JSON string. uuid, name and id |
|
|
|
|
MUST be present. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -282,19 +282,29 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
@@ -282,19 +282,29 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 5]
|
|
|
|
|
Internet-Draft MISP core format October 2016 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.3.1.1. Sample Org Object |
|
|
|
|
|
|
|
|
|
"Org": { |
|
|
|
|
"id": "2", |
|
|
|
|
"name": "CIRCL", |
|
|
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
2.3.2. Orgc |
|
|
|
|
|
|
|
|
|
An Orgc object is composed of an uuid, name and id. |
|
|
|
|
|
|
|
|
|
The uuid MUST be preserved for any updates or transfer of the same |
|
|
|
|
event. UUID version 4 is RECOMMENDED when assigning it to a new |
|
|
|
|
event. orgc_id is globally assigned to an organization and SHALL be |
|
|
|
|
kept overtime. |
|
|
|
|
event. The organization UUID is globally assigned to an organization |
|
|
|
|
and SHALL be kept overtime. |
|
|
|
|
|
|
|
|
|
The name is a readable description of the organization and SHOULD be |
|
|
|
|
present. |
|
|
|
|
present. The id is a human-readable identifier generated by the |
|
|
|
|
instance and used as reference in the event. |
|
|
|
|
|
|
|
|
|
orgc_id is represented as a JSON string. orgc_id SHOULD be present. |
|
|
|
|
uuid, name and id are represented as a JSON string. uuid, name and id |
|
|
|
|
MUST be present. |
|
|
|
|
|
|
|
|
|
3. References |
|
|
|
|
|
|
|
|
@ -320,16 +330,6 @@ Internet-Draft MISP core format October 2016
@@ -320,16 +330,6 @@ Internet-Draft MISP core format October 2016
|
|
|
|
|
[MISP-P] MISP, , "MISP Project - Malware Information Sharing |
|
|
|
|
Platform and Threat Sharing", <https://github.com/MISP>. |
|
|
|
|
|
|
|
|
|
Appendix A. Acknowledgements |
|
|
|
|
|
|
|
|
|
The authors wish to thank all the MISP community to support the |
|
|
|
|
creation of open standards in threat intelligence sharing. |
|
|
|
|
|
|
|
|
|
Authors' Addresses |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -338,6 +338,13 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 6]
@@ -338,6 +338,13 @@ Dulaunoy & Iklody Expires April 4, 2017 [Page 6]
|
|
|
|
|
Internet-Draft MISP core format October 2016 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Appendix A. Acknowledgements |
|
|
|
|
|
|
|
|
|
The authors wish to thank all the MISP community to support the |
|
|
|
|
creation of open standards in threat intelligence sharing. |
|
|
|
|
|
|
|
|
|
Authors' Addresses |
|
|
|
|
|
|
|
|
|
Alexandre Dulaunoy |
|
|
|
|
Computer Incident Response Center Luxembourg |
|
|
|
|
41, avenue de la gare |
|
|
|
@ -369,13 +376,6 @@ Internet-Draft MISP core format October 2016
@@ -369,13 +376,6 @@ Internet-Draft MISP core format October 2016
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|