mirror of https://github.com/MISP/misp-website
chg: [misp-objects] updated
parent
d0011edb89
commit
372317a637
226
objects.html
226
objects.html
|
|
@ -466,6 +466,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
|
|||
<li><a href="#_elf">elf</a></li>
|
||||
<li><a href="#_elf_section">elf-section</a></li>
|
||||
<li><a href="#_email">email</a></li>
|
||||
<li><a href="#_exploit_poc">exploit-poc</a></li>
|
||||
<li><a href="#_fail2ban">fail2ban</a></li>
|
||||
<li><a href="#_file">file</a></li>
|
||||
<li><a href="#_geolocation">geolocation</a></li>
|
||||
|
|
@ -1925,7 +1926,17 @@ coin-address is a MISP object available in JSON format at <a href="https://githu
|
|||
<td class="tableblock halign-left valign-top"><p class="tableblock">address</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">btc</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Address used as a payment destination in a cryptocurrency</p>
|
||||
<p>Bitcoin address used as a payment destination in a cryptocurrency</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">address-xmr</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">xmr</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Monero address used as a payment destination in a cryptocurrency</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
|
|
@ -3534,6 +3545,94 @@ email is a MISP object available in JSON format at <a href="https://github.com/M
|
|||
</div>
|
||||
</div>
|
||||
<div class="sect1">
|
||||
<h2 id="_exploit_poc"><a class="anchor" href="#_exploit_poc"></a><a class="link" href="#_exploit_poc">exploit-poc</a></h2>
|
||||
<div class="sectionbody">
|
||||
<div class="paragraph">
|
||||
<p>Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object..</p>
|
||||
</div>
|
||||
<div class="admonitionblock note">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="icon">
|
||||
<i class="fa icon-note" title="Note"></i>
|
||||
</td>
|
||||
<td class="content">
|
||||
exploit-poc is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/exploit-poc/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<table class="tableblock frame-all grid-all stretch">
|
||||
<colgroup>
|
||||
<col style="width: 25%;">
|
||||
<col style="width: 25%;">
|
||||
<col style="width: 25%;">
|
||||
<col style="width: 25%;">
|
||||
</colgroup>
|
||||
<thead>
|
||||
<tr>
|
||||
<th class="tableblock halign-left valign-top">Object attribute</th>
|
||||
<th class="tableblock halign-left valign-top">MISP attribute type</th>
|
||||
<th class="tableblock halign-left valign-top">Description</th>
|
||||
<th class="tableblock halign-left valign-top">Disable correlation</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Description of the exploit - proof of concept</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerable_configuration</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>The vulnerable configuration described in CPE format where the exploit/proof of concept is valid</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">author</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Author of the exploit - proof of concept</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">references</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>External references</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">poc</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Proof of Concept or exploit (as a script, binary or described process)</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect1">
|
||||
<h2 id="_fail2ban"><a class="anchor" href="#_fail2ban"></a><a class="link" href="#_fail2ban">fail2ban</a></h2>
|
||||
<div class="sectionbody">
|
||||
<div class="paragraph">
|
||||
|
|
@ -8151,7 +8250,7 @@ stix2-pattern is a MISP object available in JSON format at <a href="https://gith
|
|||
<h2 id="_suricata"><a class="anchor" href="#_suricata"></a><a class="link" href="#_suricata">suricata</a></h2>
|
||||
<div class="sectionbody">
|
||||
<div class="paragraph">
|
||||
<p>An object describing a Suricata rule along with its version and context.</p>
|
||||
<p>An object describing one or more Suricata rule(s) along with version and contextual information..</p>
|
||||
</div>
|
||||
<div class="admonitionblock note">
|
||||
<table>
|
||||
|
|
@ -8185,7 +8284,7 @@ suricata is a MISP object available in JSON format at <a href="https://github.co
|
|||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>A description of the Suricata rule.</p>
|
||||
<p>A description of the Suricata rule(s).</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
|
|
@ -8193,7 +8292,7 @@ suricata is a MISP object available in JSON format at <a href="https://github.co
|
|||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">suricata</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">suricata</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">snort</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Suricata rule.</p>
|
||||
</div></div></td>
|
||||
|
|
@ -9321,7 +9420,7 @@ virustotal-report is a MISP object available in JSON format at <a href="https://
|
|||
<h2 id="_vulnerability"><a class="anchor" href="#_vulnerability"></a><a class="link" href="#_vulnerability">vulnerability</a></h2>
|
||||
<div class="sectionbody">
|
||||
<div class="paragraph">
|
||||
<p>Vulnerability object describing a common vulnerability enumeration which can describe unpublished, under review or embargo vulnerability for software, equipments or hardware..</p>
|
||||
<p>Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware..</p>
|
||||
</div>
|
||||
<div class="admonitionblock note">
|
||||
<table>
|
||||
|
|
@ -9353,16 +9452,16 @@ vulnerability is a MISP object available in JSON format at <a href="https://gith
|
|||
<tbody>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">id</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerability</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.</p>
|
||||
<p>Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can be update or assigned later.</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Description of the vulnerability</p>
|
||||
|
|
@ -9441,6 +9540,36 @@ vulnerability is a MISP object available in JSON format at <a href="https://gith
|
|||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">cvss-score</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">float</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Score of the Common Vulnerability Scoring System (version 3).</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">cvss-string</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>String of the Common Vulnerability Scoring System (version 3).</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">credit</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p>Who reported/found the vulnerability such as an organisation, person or nickname.</p>
|
||||
</div></div></td>
|
||||
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
|
||||
<p><span class="icon"><i class="fa fa-check"></i></span></p>
|
||||
</div></div></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
|
@ -10051,8 +10180,78 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
|
|||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">connected-from</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is connected from the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">contains</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The references source is containing the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is containing the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">contained-by</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is contained by the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">contained-within</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is contained within the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">characterized-by</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is characterized by the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">characterizes</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is characterizing the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">properties-queried</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source has queried the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">properties-queried-by</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is queried by the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">extracted-from</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is extracted from the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">supra-domain-of</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is a supra domain of the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">sub-domain-of</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is a sub domain of the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">dropped</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source has dropped the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">dropped-by</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source is dropped by the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">downloaded</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source has downloaded the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">downloaded-from</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">The referenced source has been downloaded from the target object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-1.1']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -10092,7 +10291,7 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
|
|||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">impersonates</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describe a source object which impersonates the target object</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes a source object which impersonates the target object</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'stix-2.0']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -10375,6 +10574,11 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
|
|||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object which release another object.</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['cert-eu']</p></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">exploits</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationships describes an object (like a PoC/exploit) which exploits another object (such as a vulnerability object).</p></td>
|
||||
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
|
@ -10382,7 +10586,7 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
|
|||
</div>
|
||||
<div id="footer">
|
||||
<div id="footer-text">
|
||||
Last updated 2018-06-19 22:09:32 CEST
|
||||
Last updated 2018-07-10 11:37:18 CEST
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
|||
108618
objects.pdf
108618
objects.pdf
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue