chg: [misp] ids predicate added following discussion in a MISP user-group.
A new predicate has been added to potentially influence IDS flag at event or attribute level. This is often a desired option to overwrite existing IDS flag set by the event creator by a local preference. - `misp:ids="true"` -> set the IDS flag - `misp:ids="force"` -> force the use of the ids predicate (over the IDS flag set) - `misp:ids="false"` -> unset the IDS flag This predicates is not currently used in MISP directly but must be used for external tools using it. Those tags can be set at local or global level depending of the use-case.pull/176/head
parent
d0e03885fa
commit
9cff26078e
|
@ -153,6 +153,26 @@
|
||||||
"value": "invalid"
|
"value": "invalid"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "ids",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"expanded": "force",
|
||||||
|
"value": "force",
|
||||||
|
"description": "Force the IDS flag to be the one from the tag."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"expanded": "true",
|
||||||
|
"value": "true",
|
||||||
|
"description": "Overwrite the current IDS flag of the information tag by IDS true."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"expanded": "false",
|
||||||
|
"value": "false",
|
||||||
|
"description": "Overwrite the current IDS flag of the information tag by IDS false."
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"predicates": [
|
"predicates": [
|
||||||
|
@ -164,6 +184,10 @@
|
||||||
"expanded": "API related tag influencing the MISP behavior of the API.",
|
"expanded": "API related tag influencing the MISP behavior of the API.",
|
||||||
"value": "api"
|
"value": "api"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"expanded": "IDS related tag unfluencing the MISP behavior of the IDS flag.",
|
||||||
|
"value": "ids"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Expansion tag incluencing the MISP behavior using expansion modules",
|
"description": "Expansion tag incluencing the MISP behavior using expansion modules",
|
||||||
"expanded": "Expansion",
|
"expanded": "Expansion",
|
||||||
|
@ -204,7 +228,7 @@
|
||||||
"exclusive": true
|
"exclusive": true
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 10,
|
"version": 11,
|
||||||
"description": "MISP taxonomy to infer with MISP behavior or operation.",
|
"description": "MISP taxonomy to infer with MISP behavior or operation.",
|
||||||
"expanded": "MISP",
|
"expanded": "MISP",
|
||||||
"namespace": "misp"
|
"namespace": "misp"
|
||||||
|
|
Loading…
Reference in New Issue