chg: [core] export updated

Correct `Event` and `ShadowAttribute`'s `Orgc` and `Org`

misp-core-format/Makefile

@@ -1,4 +1,4 @@
-MMARK:=mmark -xml2 -page
+MMARK:=mmark
 
 docs = $(wildcard *.md)
 

misp-core-format/raw.md

@@ -5,8 +5,13 @@ category = "info"
 docName = "draft-dulaunoy-misp-core-format"
 ipr= "trust200902"
 area = "Security"
+submissiontype = "independent"
 
-date = 2020-10-21T00:00:00Z
+[seriesInfo]
+name = "Internet-Draft"
+value = "draft-00"
+stream = "independent"
+status = "informational"
 
 [[author]]
 initials="A."
@@ -218,9 +223,9 @@ extends\_uuid represents which event is extended by this event. The extends\_uui
 
 extends\_uuid is represented as a JSON string. extends\_uuid **SHOULD** be present.
 
-## Objects
+### Event Objects
 
-### Org
+#### Org
 
 An Org object is composed of an uuid, name and id.
 
@@ -233,7 +238,7 @@ A human-readable identifier **MUST** be represented as an unsigned integer.
 
 uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
 
-#### Sample Org Object
+##### Sample Org Object
 
 ~~~~
 "Org": {
@@ -243,7 +248,7 @@ uuid, name and id are represented as a JSON string. uuid, name and id **MUST** b
        }
 ~~~~
 
-### Orgc
+#### Orgc
 
 An Orgc object is composed of an uuid, name and id.
 
@@ -328,7 +333,7 @@ Internal reference
 :   text, link, comment, other, hex, anonymised, git-commit-id
 
 Network activity
-:   ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, filename-pattern, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, jarm-fingerprint, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject, favicon-mmh3, dkim, dkim-signature
+:   ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, filename-pattern, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, jarm-fingerprint, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject, favicon-mmh3, dkim, dkim-signature, ssh-fingerprint
 
 Other
 :   comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key
@@ -538,7 +543,7 @@ Internal reference
 :   text, link, comment, other, hex, anonymised, git-commit-id
 
 Network activity
-:   ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, filename-pattern, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, jarm-fingerprint, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject, favicon-mmh3, dkim, dkim-signature
+:   ip-src, ip-dst, ip-dst|port, ip-src|port, port, hostname, domain, domain|ip, mac-address, mac-eui-64, email, email-dst, email-src, eppn, url, uri, user-agent, http-method, AS, snort, pattern-in-file, filename-pattern, stix2-pattern, pattern-in-traffic, attachment, comment, text, x509-fingerprint-md5, x509-fingerprint-sha1, x509-fingerprint-sha256, ja3-fingerprint-md5, jarm-fingerprint, hassh-md5, hasshserver-md5, other, hex, cookie, hostname|port, bro, zeek, anonymised, community-id, email-subject, favicon-mmh3, dkim, dkim-signature, ssh-fingerprint
 
 Other
 :   comment, text, other, size-in-bytes, counter, datetime, cpe, port, float, hex, phone-number, boolean, anonymised, pgp-public-key, pgp-private-key
@@ -650,7 +655,15 @@ last_seen represents a reference time when the attribute was last seen. last_see
 
 last_seen is represented as a JSON string. last_seen **MAY** be present.
 
-### Org
+#### value
+
+value represents the payload of an attribute. The format of the value is dependent on the type of the attribute.
+
+value is represented by a JSON string. value **MUST** be present.
+
+### ShadowAttribute Objects
+
+#### Org
 
 An Org object is composed of an uuid, name and id.
 
@@ -663,7 +676,7 @@ A human-readable identifier **MUST** be represented as an unsigned integer.
 
 uuid, name and id are represented as a JSON string. uuid, name and id **MUST** be present.
 
-#### Sample Org Object
+##### Sample Org Object
 
 ~~~~
 "Org": {
@@ -673,12 +686,6 @@ uuid, name and id are represented as a JSON string. uuid, name and id **MUST** b
        }
 ~~~~
 
-#### value
-
-value represents the payload of an attribute. The format of the value is dependent on the type of the attribute.
-
-value is represented by a JSON string. value **MUST** be present.
-
 ## Object
 
 Objects serve as a contextual bond between a list of attributes within an event. Their main purpose is to describe more complex structures than can be described by a single attribute
@@ -1071,7 +1078,7 @@ date_sighting **MUST** be present. date_sighting is expressed in seconds (decima
 
 source **MAY** be present. source is represented as a JSON string and represents the human-readable version of the sighting source, which can be a given piece of software (e.g. SIEM), device or a specific analytical process.
 
-id, event_id and attribute_id **MAY** be present.
+id, event_id and attribute_id are represented as a JSON string and **MAY** be present.
 
 id represents the human-readable identifier of the sighting reference which belongs to a specific MISP instance.
 event_id represents the human-readable identifier of the event referenced by the sighting and belongs to a specific MISP instance.
@@ -1081,7 +1088,7 @@ org_id **MAY** be present along the JSON object describing the organisation. If
 
 org_id represents the human-readable identifier of the organisation which did the sighting and belongs to a specific MISP instance.
 
-A human-readable identifier **MUST** be represented as an unsigned integer.
+A human-readable identifier **MUST** be considered as an unsigned integer.
 
 ### Sample Sighting