chg: [rfc] updated to the latest version
parent
1f424a5a8b
commit
5b3f32c5dd
|
@ -15,7 +15,7 @@ respective key. The format is described to support other implementations which r
|
||||||
format and ensuring an interoperability with existing MISP software and other Threat Intelligence Platforms.
|
format and ensuring an interoperability with existing MISP software and other Threat Intelligence Platforms.
|
||||||
" name="description">
|
" name="description">
|
||||||
<meta content="xml2rfc 3.12.1" name="generator">
|
<meta content="xml2rfc 3.12.1" name="generator">
|
||||||
<meta content="draft-16" name="ietf.draft">
|
<meta content="draft-17" name="ietf.draft">
|
||||||
<!-- Generator version information:
|
<!-- Generator version information:
|
||||||
xml2rfc 3.12.1
|
xml2rfc 3.12.1
|
||||||
Python 3.8.10
|
Python 3.8.10
|
||||||
|
@ -26,13 +26,13 @@ format and ensuring an interoperability with existing MISP software and other
|
||||||
intervaltree 3.1.0
|
intervaltree 3.1.0
|
||||||
Jinja2 3.1.2
|
Jinja2 3.1.2
|
||||||
kitchen 1.2.6
|
kitchen 1.2.6
|
||||||
lxml 4.9.1
|
lxml 4.9.2
|
||||||
pycairo 1.16.2
|
pycairo 1.16.2
|
||||||
pycountry 22.3.5
|
pycountry 22.3.5
|
||||||
pyflakes 2.4.0
|
pyflakes 2.4.0
|
||||||
PyYAML 6.0
|
PyYAML 6.0
|
||||||
requests 2.28.1
|
requests 2.31.0
|
||||||
setuptools 65.4.0
|
setuptools 68.1.2
|
||||||
six 1.16.0
|
six 1.16.0
|
||||||
-->
|
-->
|
||||||
<link href="raw.md.xml" rel="alternate" type="application/rfc+xml">
|
<link href="raw.md.xml" rel="alternate" type="application/rfc+xml">
|
||||||
|
@ -1190,11 +1190,11 @@ li > p:last-of-type {
|
||||||
<thead><tr>
|
<thead><tr>
|
||||||
<td class="left">Internet-Draft</td>
|
<td class="left">Internet-Draft</td>
|
||||||
<td class="center">MISP core format</td>
|
<td class="center">MISP core format</td>
|
||||||
<td class="right">February 2023</td>
|
<td class="right">December 2023</td>
|
||||||
</tr></thead>
|
</tr></thead>
|
||||||
<tfoot><tr>
|
<tfoot><tr>
|
||||||
<td class="left">Dulaunoy & Iklody</td>
|
<td class="left">Dulaunoy & Iklody</td>
|
||||||
<td class="center">Expires 30 August 2023</td>
|
<td class="center">Expires 26 June 2024</td>
|
||||||
<td class="right">[Page]</td>
|
<td class="right">[Page]</td>
|
||||||
</tr></tfoot>
|
</tr></tfoot>
|
||||||
</table>
|
</table>
|
||||||
|
@ -1204,15 +1204,15 @@ li > p:last-of-type {
|
||||||
<dt class="label-workgroup">Workgroup:</dt>
|
<dt class="label-workgroup">Workgroup:</dt>
|
||||||
<dd class="workgroup">Network Working Group</dd>
|
<dd class="workgroup">Network Working Group</dd>
|
||||||
<dt class="label-internet-draft">Internet-Draft:</dt>
|
<dt class="label-internet-draft">Internet-Draft:</dt>
|
||||||
<dd class="internet-draft">draft-16</dd>
|
<dd class="internet-draft">draft-17</dd>
|
||||||
<dt class="label-published">Published:</dt>
|
<dt class="label-published">Published:</dt>
|
||||||
<dd class="published">
|
<dd class="published">
|
||||||
<time datetime="2023-02-26" class="published">26 February 2023</time>
|
<time datetime="2023-12-24" class="published">24 December 2023</time>
|
||||||
</dd>
|
</dd>
|
||||||
<dt class="label-intended-status">Intended Status:</dt>
|
<dt class="label-intended-status">Intended Status:</dt>
|
||||||
<dd class="intended-status">Informational</dd>
|
<dd class="intended-status">Informational</dd>
|
||||||
<dt class="label-expires">Expires:</dt>
|
<dt class="label-expires">Expires:</dt>
|
||||||
<dd class="expires"><time datetime="2023-08-30">30 August 2023</time></dd>
|
<dd class="expires"><time datetime="2024-06-26">26 June 2024</time></dd>
|
||||||
<dt class="label-authors">Authors:</dt>
|
<dt class="label-authors">Authors:</dt>
|
||||||
<dd class="authors">
|
<dd class="authors">
|
||||||
<div class="author">
|
<div class="author">
|
||||||
|
@ -1254,7 +1254,7 @@ format and ensuring an interoperability with existing MISP <span>[<a href="#MISP
|
||||||
time. It is inappropriate to use Internet-Drafts as reference
|
time. It is inappropriate to use Internet-Drafts as reference
|
||||||
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
|
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
|
||||||
<p id="section-boilerplate.1-4">
|
<p id="section-boilerplate.1-4">
|
||||||
This Internet-Draft will expire on 30 August 2023.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
|
This Internet-Draft will expire on 26 June 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
|
||||||
</section>
|
</section>
|
||||||
</div>
|
</div>
|
||||||
<div id="copyright">
|
<div id="copyright">
|
||||||
|
@ -2918,6 +2918,10 @@ be anonymised. Sighting is composed of a JSON array in which each element descri
|
||||||
<td class="text-left" rowspan="1" colspan="1">2</td>
|
<td class="text-left" rowspan="1" colspan="1">2</td>
|
||||||
<td class="text-center" rowspan="1" colspan="1">denotes an attribute which will be expired at the time of the sighting</td>
|
<td class="text-center" rowspan="1" colspan="1">denotes an attribute which will be expired at the time of the sighting</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="text-left" rowspan="1" colspan="1">3</td>
|
||||||
|
<td class="text-center" rowspan="1" colspan="1">denotes an attribute which has been seen and confirmed as a true-positive</td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
<p id="section-2.9-4">uuid <span class="bcp14">MUST</span> be present. uuid references the uuid of the sighted attribute.<a href="#section-2.9-4" class="pilcrow">¶</a></p>
|
<p id="section-2.9-4">uuid <span class="bcp14">MUST</span> be present. uuid references the uuid of the sighted attribute.<a href="#section-2.9-4" class="pilcrow">¶</a></p>
|
||||||
|
|
|
@ -5,11 +5,11 @@
|
||||||
Network Working Group A. Dulaunoy
|
Network Working Group A. Dulaunoy
|
||||||
Internet-Draft A. Iklody
|
Internet-Draft A. Iklody
|
||||||
Intended status: Informational CIRCL
|
Intended status: Informational CIRCL
|
||||||
Expires: 30 August 2023 26 February 2023
|
Expires: 26 June 2024 24 December 2023
|
||||||
|
|
||||||
|
|
||||||
MISP core format
|
MISP core format
|
||||||
draft-16
|
draft-17
|
||||||
|
|
||||||
Abstract
|
Abstract
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ Status of This Memo
|
||||||
time. It is inappropriate to use Internet-Drafts as reference
|
time. It is inappropriate to use Internet-Drafts as reference
|
||||||
material or to cite them other than as "work in progress."
|
material or to cite them other than as "work in progress."
|
||||||
|
|
||||||
This Internet-Draft will expire on 30 August 2023.
|
This Internet-Draft will expire on 26 June 2024.
|
||||||
|
|
||||||
Copyright Notice
|
Copyright Notice
|
||||||
|
|
||||||
|
@ -53,9 +53,9 @@ Copyright Notice
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 1]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 1]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
Table of Contents
|
Table of Contents
|
||||||
|
@ -109,9 +109,9 @@ Table of Contents
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 2]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 2]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53
|
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53
|
||||||
|
@ -165,9 +165,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 3]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 3]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
uuid is represented as a JSON string. uuid MUST be present.
|
uuid is represented as a JSON string. uuid MUST be present.
|
||||||
|
@ -221,9 +221,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 4]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 4]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
1: Ongoing
|
1: Ongoing
|
||||||
|
@ -277,9 +277,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 5]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 5]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
org_id is represented as a JSON string. org_id MUST be present.
|
org_id is represented as a JSON string. org_id MUST be present.
|
||||||
|
@ -333,9 +333,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 6]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 6]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.2.1.15. extends_uuid
|
2.2.1.15. extends_uuid
|
||||||
|
@ -389,9 +389,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 7]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 7]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
uuid, name and id are represented as a JSON string. uuid, name and id
|
uuid, name and id are represented as a JSON string. uuid, name and id
|
||||||
|
@ -445,9 +445,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 8]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 8]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.3.2.2. id
|
2.3.2.2. id
|
||||||
|
@ -501,9 +501,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 9]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 9]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
pattern-in-traffic, pattern-in-memory, filename-pattern,
|
pattern-in-traffic, pattern-in-memory, filename-pattern,
|
||||||
|
@ -557,9 +557,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 10]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 10]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
|
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
|
||||||
|
@ -613,9 +613,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 11]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 11]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
category is represented as a JSON string. category MUST be present
|
category is represented as a JSON string. category MUST be present
|
||||||
|
@ -669,9 +669,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 12]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 12]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.3.2.9. comment
|
2.3.2.9. comment
|
||||||
|
@ -725,9 +725,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 13]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 13]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.3.2.14. ShadowAttribute
|
2.3.2.14. ShadowAttribute
|
||||||
|
@ -781,9 +781,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 14]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 14]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.4.1. Sample Attribute Object
|
2.4.1. Sample Attribute Object
|
||||||
|
@ -837,9 +837,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 15]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 15]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
type is represented as a JSON string. type MUST be present and it
|
type is represented as a JSON string. type MUST be present and it
|
||||||
|
@ -893,9 +893,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 16]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 16]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
hostname, domain, domain|ip, mac-address, mac-eui-64, email,
|
hostname, domain, domain|ip, mac-address, mac-eui-64, email,
|
||||||
|
@ -949,9 +949,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 17]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 17]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
|
sha512/224, sha512/256, sha3-224, sha3-256, sha3-384, sha3-512,
|
||||||
|
@ -1005,9 +1005,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 18]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 18]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
category is represented as a JSON string. category MUST be present
|
category is represented as a JSON string. category MUST be present
|
||||||
|
@ -1061,9 +1061,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 19]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 19]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.4.2.9. comment
|
2.4.2.9. comment
|
||||||
|
@ -1117,9 +1117,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 20]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 20]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.4.2.14. first_seen
|
2.4.2.14. first_seen
|
||||||
|
@ -1173,9 +1173,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 21]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 21]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"Org": {
|
"Org": {
|
||||||
|
@ -1229,9 +1229,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 22]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 22]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"Object": {
|
"Object": {
|
||||||
|
@ -1285,9 +1285,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 23]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 23]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.5.2.1. uuid
|
2.5.2.1. uuid
|
||||||
|
@ -1341,9 +1341,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 24]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 24]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
template_uuid is represented as a JSON string. template_uuid MUST be
|
template_uuid is represented as a JSON string. template_uuid MUST be
|
||||||
|
@ -1397,9 +1397,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 25]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 25]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.5.2.11. sharing_group_id
|
2.5.2.11. sharing_group_id
|
||||||
|
@ -1453,9 +1453,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 26]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 26]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
last_seen is represented as a JSON string. last_seen MAY be present.
|
last_seen is represented as a JSON string. last_seen MAY be present.
|
||||||
|
@ -1509,9 +1509,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 27]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 27]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.6.2.3. timestamp
|
2.6.2.3. timestamp
|
||||||
|
@ -1565,9 +1565,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 28]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 28]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
relationship_type is represented as a JSON string. relationship_type
|
relationship_type is represented as a JSON string. relationship_type
|
||||||
|
@ -1621,9 +1621,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 29]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 29]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.7.2. UUID
|
2.7.2. UUID
|
||||||
|
@ -1677,9 +1677,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 30]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 30]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2 Connected Communities
|
2 Connected Communities
|
||||||
|
@ -1733,9 +1733,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 31]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 31]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
2.8.1. Sample Tag
|
2.8.1. Sample Tag
|
||||||
|
@ -1768,6 +1768,9 @@ Internet-Draft MISP core format February 2023
|
||||||
+---------------+------------------------------------------+
|
+---------------+------------------------------------------+
|
||||||
| 2 | denotes an attribute which will be |
|
| 2 | denotes an attribute which will be |
|
||||||
| | expired at the time of the sighting |
|
| | expired at the time of the sighting |
|
||||||
|
+---------------+------------------------------------------+
|
||||||
|
| 3 | denotes an attribute which has been seen |
|
||||||
|
| | and confirmed as a true-positive |
|
||||||
+---------------+------------------------------------------+
|
+---------------+------------------------------------------+
|
||||||
|
|
||||||
Table 1
|
Table 1
|
||||||
|
@ -1780,20 +1783,22 @@ Internet-Draft MISP core format February 2023
|
||||||
date_sighting represents when the referenced attribute, designated by
|
date_sighting represents when the referenced attribute, designated by
|
||||||
its uuid, is sighted.
|
its uuid, is sighted.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 32]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
source MAY be present. source is represented as a JSON string and
|
source MAY be present. source is represented as a JSON string and
|
||||||
represents the human-readable version of the sighting source, which
|
represents the human-readable version of the sighting source, which
|
||||||
can be a given piece of software (e.g. SIEM), device or a specific
|
can be a given piece of software (e.g. SIEM), device or a specific
|
||||||
analytical process.
|
analytical process.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 32]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
|
||||||
|
|
||||||
|
|
||||||
id, event_id and attribute_id are represented as a JSON string and
|
id, event_id and attribute_id are represented as a JSON string and
|
||||||
MAY be present.
|
MAY be present.
|
||||||
|
|
||||||
|
@ -1840,14 +1845,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 33]
|
||||||
|
|
||||||
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 33]
|
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
|
||||||
|
|
||||||
|
|
||||||
"Sighting": [
|
"Sighting": [
|
||||||
|
@ -1901,9 +1901,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 34]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 34]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"Galaxy": [ {
|
"Galaxy": [ {
|
||||||
|
@ -1957,9 +1957,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 35]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 35]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
3. JSON Schema
|
3. JSON Schema
|
||||||
|
@ -2013,9 +2013,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 36]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 36]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "object",
|
"type": "object",
|
||||||
|
@ -2069,9 +2069,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 37]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 37]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"items": {
|
"items": {
|
||||||
|
@ -2125,9 +2125,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 38]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 38]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -2181,9 +2181,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 39]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 39]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -2237,9 +2237,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 40]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 40]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"properties": {
|
"properties": {
|
||||||
|
@ -2293,9 +2293,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 41]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 41]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"properties": {
|
"properties": {
|
||||||
|
@ -2349,9 +2349,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 42]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 42]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"properties": {
|
"properties": {
|
||||||
|
@ -2405,9 +2405,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 43]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 43]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2461,9 +2461,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 44]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 44]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
},
|
},
|
||||||
|
@ -2517,9 +2517,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 45]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 45]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
@ -2573,9 +2573,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 46]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 46]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"uniqueItems": true,
|
"uniqueItems": true,
|
||||||
|
@ -2629,9 +2629,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 47]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 47]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
|
@ -2685,9 +2685,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 48]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 48]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"type": "object",
|
"type": "object",
|
||||||
|
@ -2741,9 +2741,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 49]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 49]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"Event": {
|
"Event": {
|
||||||
|
@ -2797,9 +2797,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 50]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 50]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
If a detached PGP signature is used for each MISP event, a detached
|
If a detached PGP signature is used for each MISP event, a detached
|
||||||
|
@ -2853,9 +2853,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 51]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 51]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
"name": "malware_classification:malware-category=\"Ransomware\""
|
"name": "malware_classification:malware-category=\"Ransomware\""
|
||||||
|
@ -2909,9 +2909,9 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 52]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 52]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
|
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
|
||||||
|
@ -2965,9 +2965,9 @@ Authors' Addresses
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 53]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 53]
|
||||||
|
|
||||||
Internet-Draft MISP core format February 2023
|
Internet-Draft MISP core format December 2023
|
||||||
|
|
||||||
|
|
||||||
Andras Iklody
|
Andras Iklody
|
||||||
|
@ -3021,4 +3021,4 @@ Internet-Draft MISP core format February 2023
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Iklody Expires 30 August 2023 [Page 54]
|
Dulaunoy & Iklody Expires 26 June 2024 [Page 54]
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue