chg: [objects] templates updated to the latest version

pull/8/head
Alexandre Dulaunoy 2018-12-04 16:34:33 +01:00
parent 7fa417dd5e
commit 1f1c44e4f0
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 24410 additions and 19820 deletions

View File

@ -463,6 +463,8 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_cap_resource">cap-resource</a></li> <li><a href="#_cap_resource">cap-resource</a></li>
<li><a href="#_coin_address">coin-address</a></li> <li><a href="#_coin_address">coin-address</a></li>
<li><a href="#_cookie">cookie</a></li> <li><a href="#_cookie">cookie</a></li>
<li><a href="#_cortex">cortex</a></li>
<li><a href="#_cortex_taxonomy">cortex-taxonomy</a></li>
<li><a href="#_course_of_action">course-of-action</a></li> <li><a href="#_course_of_action">course-of-action</a></li>
<li><a href="#_cowrie">cowrie</a></li> <li><a href="#_cowrie">cowrie</a></li>
<li><a href="#_credential">credential</a></li> <li><a href="#_credential">credential</a></li>
@ -538,6 +540,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_threatgrid_report">threatgrid-report</a></li> <li><a href="#_threatgrid_report">threatgrid-report</a></li>
<li><a href="#_timecode">timecode</a></li> <li><a href="#_timecode">timecode</a></li>
<li><a href="#_timesketch_timeline">timesketch-timeline</a></li> <li><a href="#_timesketch_timeline">timesketch-timeline</a></li>
<li><a href="#_timesketch_message">timesketch_message</a></li>
<li><a href="#_timestamp">timestamp</a></li> <li><a href="#_timestamp">timestamp</a></li>
<li><a href="#_tor_node">tor-node</a></li> <li><a href="#_tor_node">tor-node</a></li>
<li><a href="#_tracking_id">tracking-id</a></li> <li><a href="#_tracking_id">tracking-id</a></li>
@ -3500,6 +3503,229 @@ cookie is a MISP object available in JSON format at <a href="https://github.com/
</div> </div>
</div> </div>
<div class="sect1"> <div class="sect1">
<h2 id="_cortex"><a class="anchor" href="#_cortex"></a><a class="link" href="#_cortex">cortex</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object..</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cortex is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cortex/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">summary</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex summary object (summary) in JSON</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">full</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex report object (full report) in JSON</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">start-date</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>When the Cortex analyser was started</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex analyser/worker name</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">server-name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Name of the cortex server</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">success</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Result of the cortex job</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_cortex_taxonomy"><a class="anchor" href="#_cortex_taxonomy"></a><a class="link" href="#_cortex_taxonomy">cortex-taxonomy</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Cortex object describing an Cortex Taxonomy (or mini report).</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cortex-taxonomy is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/cortex-taxonomy/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">namespace</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex Taxonomy Namespace</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">predicate</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex Taxonomy Predicate</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">value</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex Taxonomy Value</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">level</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Cortex Taxonomy Level ['info', 'safe', 'suspicious', 'malicious']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">cortex_url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>URL to the Cortex job</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_course_of_action"><a class="anchor" href="#_course_of_action"></a><a class="link" href="#_course_of_action">course-of-action</a></h2> <h2 id="_course_of_action"><a class="anchor" href="#_course_of_action"></a><a class="link" href="#_course_of_action">course-of-action</a></h2>
<div class="sectionbody"> <div class="sectionbody">
<div class="paragraph"> <div class="paragraph">
@ -8142,7 +8368,7 @@ microblog is a MISP object available in JSON format at <a href="https://github.c
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph"> <td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Username who posted the microblog post</p> <p>Username who posted the microblog post (without the @ prefix)</p>
</div></div></td> </div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph"> <td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p> <p><span class="icon"><i class="fa fa-minus"></i></span></p>
@ -10191,6 +10417,32 @@ person is a MISP object available in JSON format at <a href="https://github.com/
</div></div></td> </div></div></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">birth-certificate-number</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Birth Certificate Number</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ofac-identification-number</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>ofac-identification Number</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">nationality</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph"> <td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
@ -16133,6 +16385,72 @@ timesketch-timeline is a MISP object available in JSON format at <a href="https:
</div> </div>
</div> </div>
<div class="sect1"> <div class="sect1">
<h2 id="_timesketch_message"><a class="anchor" href="#_timesketch_message"></a><a class="link" href="#_timesketch_message">timesketch_message</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A timesketch message entry..</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
timesketch_message is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/timesketch_message/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">datetime</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>datetime of the message</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">message</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>message</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_timestamp"><a class="anchor" href="#_timestamp"></a><a class="link" href="#_timestamp">timestamp</a></h2> <h2 id="_timestamp"><a class="anchor" href="#_timestamp"></a><a class="link" href="#_timestamp">timestamp</a></h2>
<div class="sectionbody"> <div class="sectionbody">
<div class="paragraph"> <div class="paragraph">
@ -18981,7 +19299,7 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2018-11-02 08:56:53 CET Last updated 2018-12-04 16:07:25 CET
</div> </div>
</div> </div>
</body> </body>

43908
objects.pdf

File diff suppressed because it is too large Load Diff