From fd55d7dea719377d0ddb4f9b0208ad19da4fcca8 Mon Sep 17 00:00:00 2001
From: Andras Iklody <andras.iklody@circl.lu>
Date: Fri, 9 Feb 2018 14:04:36 +0100
Subject: [PATCH] Some minor corrections

---
 misp-core-format/raw.md | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/misp-core-format/raw.md b/misp-core-format/raw.md
index 2d6055a..f667e17 100755
--- a/misp-core-format/raw.md
+++ b/misp-core-format/raw.md
@@ -66,7 +66,7 @@ document are to be interpreted as described in RFC 2119 [@!RFC2119].
 
 The MISP core format is in the JSON [@!RFC4627] format. In MISP, an event is composed of a single JSON object.
 
-A capitalized key (like Event, Org) represent a data model and a non-capitalized key is just an attribute. This nomenclature
+A capitalized key (like Event, Org) represent a data model and a non-capitalised key is just an attribute. This nomenclature
 can support an implementation to represent the MISP format in another data structure.
 
 ## Event
@@ -161,7 +161,7 @@ publish_timestamp is represented as a JSON string. publish_timestamp **MUST** be
 
 #### org_id
 
-org_id represents a human-readable identifier referencing an Org object of the organization which generated the event.
+org_id represents a human-readable identifier referencing an Org object of the organisation which generated the event.
 
 The org_id **MUST** be updated when the event is generated by a new instance.
 
@@ -169,7 +169,7 @@ org_id is represented as a JSON string. org_id **MUST** be present.
 
 #### orgc_id
 
-orgc_id represents a human-readable identifier referencing an Orgc object of the organization which created the event.
+orgc_id represents a human-readable identifier referencing an Orgc object of the organisation which created the event.
 
 The orgc_id and Orc object **MUST** be preserved for any updates or transfer of the same event.
 
@@ -215,10 +215,10 @@ sharing\_group\_id is represented by a JSON string and **SHOULD** be present. If
 
 An Org object is composed of an uuid, name and id.
 
-The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organization.
-The organization UUID is globally assigned to an organization and **SHALL** be kept overtime.
+The uuid represents the Universally Unique IDentifier (UUID) [@!RFC4122] of the organisation.
+The organisation UUID is globally assigned to an organisation and **SHALL** be kept overtime.
 
-The name is a readable description of the organization and **SHOULD** be present.
+The name is a readable description of the organisation and **SHOULD** be present.
 The id is a human-readable identifier generated by the instance and used as reference in the event.
 
 uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
@@ -238,9 +238,9 @@ uuid, name and id are represented as a JSON string. uuid, name and id **MUST** b
 An Orgc object is composed of an uuid, name and id.
 
 The uuid **MUST** be preserved for any updates or transfer of the same event. UUID version 4 is **RECOMMENDED** when assigning it to a new event.
-The organization UUID is globally assigned to an organization and **SHALL** be kept overtime.
+The organisation UUID is globally assigned to an organisation and **SHALL** be kept overtime.
 
-The name is a readable description of the organization and **SHOULD** be present.
+The name is a readable description of the organisation and **SHOULD** be present.
 The id is a human-readable identifier generated by the instance and used as reference in the event.
 
 uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
@@ -905,23 +905,22 @@ name **MUST** be present. colour, id and exportable **SHALL** be present.
 
 ## Sighting
 
-A sighting is an ascertainment which describes if an attribute has been seen under a specific set of conditions. The sighting can include the organisation who sighted the attribute or can
-be anonymized without revealing the organisation. Sighting is composed of a JSON array where each element describes one sighting. A sighting element is a JSON object composed of the following values.
+A sighting is an ascertainment which describes whether an attribute has been seen under a given set of conditions. The sighting can include the organisation who sighted the attribute or can
+be anonymised. Sighting is composed of a JSON array in which each element describes one singular instance of a sighting. A sighting element is a JSON object composed of the following values:
 
+type **MUST** be present. type describes the type of a sighting. MISP allows 3 default types:
 
-type **MUST** be present. type describes the type of sighting. MISP allows 3 default types:
+| Sighting type |                               Description                                 |
+|---------------|:-------------------------------------------------------------------------:|
+| 0             | denotes an attribute which has been seen                                  |
+| 1             | denotes an attribute which has been seen and confirmed as false-positive  |
+| 2             | denotes an attribute which will be expired at the time of the sighting    |
 
-| Sighting type |                               Description                              |
-|---------------|:----------------------------------------------------------------------:|
-| 0             | denotes an attribute which has been seen                               |
-| 1             | denotes an attribute which has been seen as false-positive             |
-| 2             | denotes an attribute which will be expired at the time of the sighting |
+uuid **MUST** be present. uuid references the uuid of the sighted attribute.
 
-uuid **MUST** be present. uuid references the attribute uuid sighted.
+date_sighting **MUST** be present. date_sighting is expressed in seconds (decimal) elapsed since 1st of January 1970 (Unix timestamp). date_sighting represents when the referenced attribute, designated by its uuid, is sighted.
 
-date_sighting **MUST** be present. date_sighting is expressed in seconds (decimal) since 1st of January 1970 (Unix timestamp). date_sighting represents when the reference attribute uuid is sighted.
-
-source **MAY** be present. source is represented as a JSON string. source represents the human-readable of the sighting source which can be a software (e.g. SIEM), tool or even a specific analyst process.
+source **MAY** be present. source is represented as a JSON string and represents the human-readable version of the sighting source, which can be a given piece of software (e.g. SIEM), device or a specific analytical process.
 
 id, event_id and attribute_id **MAY** be present.
 
@@ -929,7 +928,7 @@ id represents the human-readable identifier of the sighting reference which belo
 event_id represents the human-readable identifier of the event referenced by the sighting and belongs to a specific MISP instance.
 attribute_id represents the human-readable identifier of the attribute referenced by the sighting and belongs to a specific MISP instance.
 
-org_id **MAY** be present along the JSON object describing the organisation. If the org_id is not present, the sighted is considered as anonymized.
+org_id **MAY** be present along the JSON object describing the organisation. If the org_id is not present, the sighting is considered as anonymised.
 
 org_id represents the human-readable identifier of the organisation which did the sighting and belongs to a specific MISP instance.