MISP
/
misp-standard.org
mirror of https://github.com/MISP/misp-standard.org
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [galaxy format] updated

pull/2/head
Alexandre Dulaunoy 2019-11-11 09:33:00 +01:00
parent 6198bb38ae
commit c1ba65cc2f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
rfc/misp-standard-galaxy-format.html
View File

@ -396,7 +396,7 @@
<meta name="dct.creator" content="Dulaunoy, A., Iklody, A., and D. Servili" />
<meta name="dct.identifier" content="urn:ietf:id:" />
<meta name="dct.issued" scheme="ISO8601" content="2018-09-20" />
<meta name="dct.issued" scheme="ISO8601" content="2019-10-04" />
<meta name="dct.abstract" content="This document describes the MISP galaxy format which describes a simple JSON format to represent galaxies and clusters that can be attached to MISP events or attributes. A public directory of MISP galaxies is available and relies on the MISP galaxy format. MISP galaxies are used to add further informations on a MISP event. MISP galaxy is a public repository of known malware, threats actors and various other collections of data that can be used to mark, classify or label data in threat information sharing." />
<meta name="description" content="This document describes the MISP galaxy format which describes a simple JSON format to represent galaxies and clusters that can be attached to MISP events or attributes. A public directory of MISP galaxies is available and relies on the MISP galaxy format. MISP galaxies are used to add further informations on a MISP event. MISP galaxy is a public repository of known malware, threats actors and various other collections of data that can be used to mark, classify or label data in threat information sharing." />
@ -416,7 +416,7 @@
<td class="right">A. Iklody</td>
</tr>
<tr>
<td class="left">Expires: March 24, 2019</td>
<td class="left">Expires: April 6, 2020</td>
<td class="right">D. Servili</td>
</tr>
<tr>
@ -425,7 +425,7 @@
</tr>
<tr>
<td class="left"></td>
<td class="right">September 20, 2018</td>
<td class="right">October 4, 2019</td>
</tr>
@ -441,9 +441,9 @@
<p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
<p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.</p>
<p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."</p>
<p>This Internet-Draft will expire on March 24, 2019.</p>
<p>This Internet-Draft will expire on April 6, 2020.</p>
<h1 id="rfc.copyrightnotice"><a href="#rfc.copyrightnotice">Copyright Notice</a></h1>
<p>Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
<p>Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
<p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.</p>
@ -522,7 +522,7 @@
<h1 id="rfc.section.2.4">
<a href="#rfc.section.2.4">2.4.</a> <a href="#meta" id="meta">meta</a>
</h1>
<p id="rfc.section.2.4.p.1">Meta contains a list of custom defined JSON key value pairs. Users SHOULD reuse commonly used keys such as complexity, effectiveness, country, possible_issues, colour, motive, impact, refs, synonyms, status, date, encryption, extensions, ransomnotes, ransomnotes-filenames, ransomnotes-refs, suspected-victims, suspected-state-sponsor, type-of-incident, target-category, cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-category, attribution-confidence, payment-method, price wherever applicable.</p>
<p id="rfc.section.2.4.p.1">Meta contains a list of custom defined JSON key value pairs. Users SHOULD reuse commonly used keys such as complexity, effectiveness, country, possible_issues, colour, motive, impact, refs, synonyms, status, date, encryption, extensions, ransomnotes, ransomnotes-filenames, ransomnotes-refs, suspected-victims, suspected-state-sponsor, type-of-incident, target-category, cfr-suspected-victims, cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-category, attribution-confidence, payment-method, price wherever applicable. Additional meta field MAY be added without the need to be referenced or registered in advance.</p>
<p id="rfc.section.2.4.p.2">refs, synonyms SHALL be used to give further informations. refs is represented as an array containing one or more strings and SHALL be present. synonyms is represented as an array containing one or more strings and SHALL be present.</p>
<p id="rfc.section.2.4.p.3">date, status MAY be used to give time information about an cluster. date is represented as a string describing a time or period and SHALL be present. status is represented as a string describing the current status of the clusters. It MAY also describe a time or period and SHALL be present.</p>
<p id="rfc.section.2.4.p.4">colour fields MAY be used at predicates or values level to set a specify colour that MAY be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation.</p>

76
rfc/misp-standard-galaxy-format.txt
View File

@ -4,9 +4,9 @@
Network Working Group A. Dulaunoy
Internet-Draft A. Iklody
Expires: March 24, 2019 D. Servili
Expires: April 6, 2020 D. Servili
CIRCL
September 20, 2018
October 4, 2019
MISP galaxy format
@ -37,11 +37,11 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 24, 2019.
This Internet-Draft will expire on April 6, 2020.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
@ -53,9 +53,9 @@ Copyright Notice
Dulaunoy, et al. Expires March 24, 2019 [Page 1]
Dulaunoy, et al. Expires April 6, 2020 [Page 1]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
include Simplified BSD License text as described in Section 4.e of
@ -109,9 +109,9 @@ Table of Contents
Dulaunoy, et al. Expires March 24, 2019 [Page 2]
Dulaunoy, et al. Expires April 6, 2020 [Page 2]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
2. Format
@ -165,9 +165,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 3]
Dulaunoy, et al. Expires April 6, 2020 [Page 3]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
dest-uuid represents the target UUID which encompasses a relation of
@ -196,7 +196,8 @@ Internet-Draft MISP galaxy format September 2018
sponsor, type-of-incident, target-category, cfr-suspected-victims,
cfr-suspected-state-sponsor, cfr-type-of-incident, cfr-target-
category, attribution-confidence, payment-method, price wherever
applicable.
applicable. Additional meta field MAY be added without the need to
be referenced or registered in advance.
refs, synonyms SHALL be used to give further informations. refs is
represented as an array containing one or more strings and SHALL be
@ -217,15 +218,15 @@ Internet-Draft MISP galaxy format September 2018
complexity, effectiveness, impact, possible_issues MAY be used to
give further information in preventive-measure galaxy. complexity is
represented by an enumerated value from a fixed vocabulary and SHALL
be present. effectiveness is represented by an enumerated value from
Dulaunoy, et al. Expires March 24, 2019 [Page 4]
Dulaunoy, et al. Expires April 6, 2020 [Page 4]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
be present. effectiveness is represented by an enumerated value from
a fixed vocabulary and SHALL be present. impact is represented by an
enumerated value from a fixed vocabulary and SHALL be present.
possible_issues is represented as a string and SHOULD be present.
@ -276,10 +277,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 5]
Dulaunoy, et al. Expires April 6, 2020 [Page 5]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
{
@ -333,9 +333,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 6]
Dulaunoy, et al. Expires April 6, 2020 [Page 6]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
{
@ -389,9 +389,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 7]
Dulaunoy, et al. Expires April 6, 2020 [Page 7]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
Example use of the source-uuid, target-uuid fields in the mitre-
@ -445,9 +445,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 8]
Dulaunoy, et al. Expires April 6, 2020 [Page 8]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
{
@ -501,9 +501,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 9]
Dulaunoy, et al. Expires April 6, 2020 [Page 9]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
{
@ -557,9 +557,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 10]
Dulaunoy, et al. Expires April 6, 2020 [Page 10]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
"additionalProperties": false,
@ -613,9 +613,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 11]
Dulaunoy, et al. Expires April 6, 2020 [Page 11]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
},
@ -669,9 +669,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 12]
Dulaunoy, et al. Expires April 6, 2020 [Page 12]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
"items": {
@ -725,9 +725,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 13]
Dulaunoy, et al. Expires April 6, 2020 [Page 13]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
}
@ -781,9 +781,9 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 14]
Dulaunoy, et al. Expires April 6, 2020 [Page 14]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
[JSON-SCHEMA]
@ -837,9 +837,9 @@ Authors' Addresses
Dulaunoy, et al. Expires March 24, 2019 [Page 15]
Dulaunoy, et al. Expires April 6, 2020 [Page 15]
Internet-Draft MISP galaxy format September 2018
Internet-Draft MISP galaxy format October 2019
Deborah Servili
@ -893,4 +893,4 @@ Internet-Draft MISP galaxy format September 2018
Dulaunoy, et al. Expires March 24, 2019 [Page 16]
Dulaunoy, et al. Expires April 6, 2020 [Page 16]