MISP
/
misp-standard.org
mirror of https://github.com/MISP/misp-standard.org
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [rfc] updated to the latest version

master
Alexandre Dulaunoy 2023-12-24 14:44:50 +01:00
parent 1f424a5a8b
commit 5b3f32c5dd
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
4 changed files with 1212 additions and 692 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
rfc/misp-standard-core.html
View File

@ -15,7 +15,7 @@ respective key. The format is described to support other implementations which r
format and ensuring an interoperability with existing MISP software and other Threat Intelligence Platforms.
" name="description">
<meta content="xml2rfc 3.12.1" name="generator">
<meta content="draft-16" name="ietf.draft">
<meta content="draft-17" name="ietf.draft">
<!-- Generator version information:
xml2rfc 3.12.1
Python 3.8.10
@ -26,13 +26,13 @@ format and ensuring an interoperability with existing MISP software and other
intervaltree 3.1.0
Jinja2 3.1.2
kitchen 1.2.6
lxml 4.9.1
lxml 4.9.2
pycairo 1.16.2
pycountry 22.3.5
pyflakes 2.4.0
PyYAML 6.0
requests 2.28.1
setuptools 65.4.0
requests 2.31.0
setuptools 68.1.2
six 1.16.0
-->
<link href="raw.md.xml" rel="alternate" type="application/rfc+xml">
@ -1190,11 +1190,11 @@ li > p:last-of-type {
<thead><tr>
<td class="left">Internet-Draft</td>
<td class="center">MISP core format</td>
<td class="right">February 2023</td>
<td class="right">December 2023</td>
</tr></thead>
<tfoot><tr>
<td class="left">Dulaunoy &amp; Iklody</td>
<td class="center">Expires 30 August 2023</td>
<td class="center">Expires 26 June 2024</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
@ -1204,15 +1204,15 @@ li > p:last-of-type {
<dt class="label-workgroup">Workgroup:</dt>
<dd class="workgroup">Network Working Group</dd>
<dt class="label-internet-draft">Internet-Draft:</dt>
<dd class="internet-draft">draft-16</dd>
<dd class="internet-draft">draft-17</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2023-02-26" class="published">26 February 2023</time>
<time datetime="2023-12-24" class="published">24 December 2023</time>
</dd>
<dt class="label-intended-status">Intended Status:</dt>
<dd class="intended-status">Informational</dd>
<dt class="label-expires">Expires:</dt>
<dd class="expires"><time datetime="2023-08-30">30 August 2023</time></dd>
<dd class="expires"><time datetime="2024-06-26">26 June 2024</time></dd>
<dt class="label-authors">Authors:</dt>
<dd class="authors">
<div class="author">
@ -1254,7 +1254,7 @@ format and ensuring an interoperability with existing MISP <span>[<a href="#MISP
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow"></a></p>
<p id="section-boilerplate.1-4">
This Internet-Draft will expire on 30 August 2023.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
This Internet-Draft will expire on 26 June 2024.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="copyright">
@ -2918,6 +2918,10 @@ be anonymised. Sighting is composed of a JSON array in which each element descri
<td class="text-left" rowspan="1" colspan="1">2</td>
<td class="text-center" rowspan="1" colspan="1">denotes an attribute which will be expired at the time of the sighting</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">3</td>
<td class="text-center" rowspan="1" colspan="1">denotes an attribute which has been seen and confirmed as a true-positive</td>
</tr>
</tbody>
</table>
<p id="section-2.9-4">uuid <span class="bcp14">MUST</span> be present. uuid references the uuid of the sighted attribute.<a href="#section-2.9-4" class="pilcrow"></a></p>

244
rfc/misp-standard-core.txt
View File

@ -5,11 +5,11 @@
Network Working Group A. Dulaunoy
Internet-Draft A. Iklody
Intended status: Informational CIRCL
Expires: 30 August 2023 26 February 2023
Expires: 26 June 2024 24 December 2023
MISP core format
draft-16
draft-17
Abstract
@ -37,7 +37,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 August 2023.
This Internet-Draft will expire on 26 June 2024.
Copyright Notice
@ -53,9 +53,9 @@ Copyright Notice
Dulaunoy & Iklody Expires 30 August 2023 [Page 1]
Dulaunoy & Iklody Expires 26 June 2024 [Page 1]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
Table of Contents
@ -109,9 +109,9 @@ Table of Contents
Dulaunoy & Iklody Expires 30 August 2023 [Page 2]
Dulaunoy & Iklody Expires 26 June 2024 [Page 2]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53
@ -165,9 +165,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 3]
Dulaunoy & Iklody Expires 26 June 2024 [Page 3]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
uuid is represented as a JSON string. uuid MUST be present.
@ -221,9 +221,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 4]
Dulaunoy & Iklody Expires 26 June 2024 [Page 4]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
1: Ongoing
@ -277,9 +277,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 5]
Dulaunoy & Iklody Expires 26 June 2024 [Page 5]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
org_id is represented as a JSON string. org_id MUST be present.
@ -333,9 +333,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 6]
Dulaunoy & Iklody Expires 26 June 2024 [Page 6]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.2.1.15. extends_uuid
@ -389,9 +389,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 7]
Dulaunoy & Iklody Expires 26 June 2024 [Page 7]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
uuid, name and id are represented as a JSON string. uuid, name and id
@ -445,9 +445,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 8]
Dulaunoy & Iklody Expires 26 June 2024 [Page 8]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.3.2.2. id
@ -501,9 +501,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 9]
Dulaunoy & Iklody Expires 26 June 2024 [Page 9]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
pattern-in-traffic, pattern-in-memory, filename-pattern,
@ -557,9 +557,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 10]
Dulaunoy & Iklody Expires 26 June 2024 [Page 10]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
@ -613,9 +613,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 11]
Dulaunoy & Iklody Expires 26 June 2024 [Page 11]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
category is represented as a JSON string. category MUST be present
@ -669,9 +669,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 12]
Dulaunoy & Iklody Expires 26 June 2024 [Page 12]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.3.2.9. comment
@ -725,9 +725,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 13]
Dulaunoy & Iklody Expires 26 June 2024 [Page 13]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.3.2.14. ShadowAttribute
@ -781,9 +781,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 14]
Dulaunoy & Iklody Expires 26 June 2024 [Page 14]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.4.1. Sample Attribute Object
@ -837,9 +837,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 15]
Dulaunoy & Iklody Expires 26 June 2024 [Page 15]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
type is represented as a JSON string. type MUST be present and it
@ -893,9 +893,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 16]
Dulaunoy & Iklody Expires 26 June 2024 [Page 16]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
hostname, domain, domain|ip, mac-address, mac-eui-64, email,
@ -949,9 +949,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 17]
Dulaunoy & Iklody Expires 26 June 2024 [Page 17]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 18]
Dulaunoy & Iklody Expires 26 June 2024 [Page 18]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
category is represented as a JSON string. category MUST be present
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 19]
Dulaunoy & Iklody Expires 26 June 2024 [Page 19]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.4.2.9. comment
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 20]
Dulaunoy & Iklody Expires 26 June 2024 [Page 20]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.4.2.14. first_seen
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 21]
Dulaunoy & Iklody Expires 26 June 2024 [Page 21]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"Org": {
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 22]
Dulaunoy & Iklody Expires 26 June 2024 [Page 22]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"Object": {
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 23]
Dulaunoy & Iklody Expires 26 June 2024 [Page 23]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.5.2.1. uuid
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 24]
Dulaunoy & Iklody Expires 26 June 2024 [Page 24]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
template_uuid is represented as a JSON string. template_uuid MUST be
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 25]
Dulaunoy & Iklody Expires 26 June 2024 [Page 25]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.5.2.11. sharing_group_id
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 26]
Dulaunoy & Iklody Expires 26 June 2024 [Page 26]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
last_seen is represented as a JSON string. last_seen MAY be present.
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 27]
Dulaunoy & Iklody Expires 26 June 2024 [Page 27]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.6.2.3. timestamp
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 28]
Dulaunoy & Iklody Expires 26 June 2024 [Page 28]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
relationship_type is represented as a JSON string. relationship_type
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 29]
Dulaunoy & Iklody Expires 26 June 2024 [Page 29]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.7.2. UUID
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 30]
Dulaunoy & Iklody Expires 26 June 2024 [Page 30]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2 Connected Communities
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 31]
Dulaunoy & Iklody Expires 26 June 2024 [Page 31]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
2.8.1. Sample Tag
@ -1768,6 +1768,9 @@ Internet-Draft MISP core format February 2023
+---------------+------------------------------------------+
| 2 | denotes an attribute which will be |
| | expired at the time of the sighting |
+---------------+------------------------------------------+
| 3 | denotes an attribute which has been seen |
| | and confirmed as a true-positive |
+---------------+------------------------------------------+
Table 1
@ -1780,20 +1783,22 @@ Internet-Draft MISP core format February 2023
date_sighting represents when the referenced attribute, designated by
its uuid, is sighted.
Dulaunoy & Iklody Expires 26 June 2024 [Page 32]
Internet-Draft MISP core format December 2023
source MAY be present. source is represented as a JSON string and
represents the human-readable version of the sighting source, which
can be a given piece of software (e.g. SIEM), device or a specific
analytical process.
Dulaunoy & Iklody Expires 30 August 2023 [Page 32]
Internet-Draft MISP core format February 2023
id, event_id and attribute_id are represented as a JSON string and
MAY be present.
@ -1840,14 +1845,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 33]
Dulaunoy & Iklody Expires 26 June 2024 [Page 33]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"Sighting": [
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 34]
Dulaunoy & Iklody Expires 26 June 2024 [Page 34]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"Galaxy": [ {
@ -1957,9 +1957,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 35]
Dulaunoy & Iklody Expires 26 June 2024 [Page 35]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
3. JSON Schema
@ -2013,9 +2013,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 36]
Dulaunoy & Iklody Expires 26 June 2024 [Page 36]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "object",
@ -2069,9 +2069,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 37]
Dulaunoy & Iklody Expires 26 June 2024 [Page 37]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"items": {
@ -2125,9 +2125,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 38]
Dulaunoy & Iklody Expires 26 June 2024 [Page 38]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "string"
@ -2181,9 +2181,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 39]
Dulaunoy & Iklody Expires 26 June 2024 [Page 39]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "string"
@ -2237,9 +2237,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 40]
Dulaunoy & Iklody Expires 26 June 2024 [Page 40]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"properties": {
@ -2293,9 +2293,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 41]
Dulaunoy & Iklody Expires 26 June 2024 [Page 41]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"properties": {
@ -2349,9 +2349,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 42]
Dulaunoy & Iklody Expires 26 June 2024 [Page 42]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"properties": {
@ -2405,9 +2405,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 43]
Dulaunoy & Iklody Expires 26 June 2024 [Page 43]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
},
@ -2461,9 +2461,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 44]
Dulaunoy & Iklody Expires 26 June 2024 [Page 44]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
},
@ -2517,9 +2517,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 45]
Dulaunoy & Iklody Expires 26 June 2024 [Page 45]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "string"
@ -2573,9 +2573,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 46]
Dulaunoy & Iklody Expires 26 June 2024 [Page 46]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"uniqueItems": true,
@ -2629,9 +2629,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 47]
Dulaunoy & Iklody Expires 26 June 2024 [Page 47]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "boolean"
@ -2685,9 +2685,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 48]
Dulaunoy & Iklody Expires 26 June 2024 [Page 48]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"type": "object",
@ -2741,9 +2741,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 49]
Dulaunoy & Iklody Expires 26 June 2024 [Page 49]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"Event": {
@ -2797,9 +2797,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 50]
Dulaunoy & Iklody Expires 26 June 2024 [Page 50]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
If a detached PGP signature is used for each MISP event, a detached
@ -2853,9 +2853,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 51]
Dulaunoy & Iklody Expires 26 June 2024 [Page 51]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
"name": "malware_classification:malware-category=\"Ransomware\""
@ -2909,9 +2909,9 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 52]
Dulaunoy & Iklody Expires 26 June 2024 [Page 52]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
@ -2965,9 +2965,9 @@ Authors' Addresses
Dulaunoy & Iklody Expires 30 August 2023 [Page 53]
Dulaunoy & Iklody Expires 26 June 2024 [Page 53]
Internet-Draft MISP core format February 2023
Internet-Draft MISP core format December 2023
Andras Iklody
@ -3021,4 +3021,4 @@ Internet-Draft MISP core format February 2023
Dulaunoy & Iklody Expires 30 August 2023 [Page 54]
Dulaunoy & Iklody Expires 26 June 2024 [Page 54]

776
rfc/misp-standard-object-template-format.html
View File

File diff suppressed because it is too large Load Diff

860
rfc/misp-standard-object-template-format.txt
View File

File diff suppressed because it is too large Load Diff