MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [misp-objects] updated to the latest version

iglocska-patch-1
Alexandre Dulaunoy 2019-04-22 15:39:40 +02:00
parent 0ddaaa8af7
commit 3f1c97cc3b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 1616 additions and 1631 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
objects.html
View File

@ -476,7 +476,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_credential">credential</a></li>
<li><a href="#_credit_card">credit-card</a></li>
<li><a href="#_ddos">ddos</a></li>
<li><a href="#_device">Device</a></li>
<li><a href="#_device">device</a></li>
<li><a href="#_diameter_attack">diameter-attack</a></li>
<li><a href="#_domain_ip">domain-ip</a></li>
<li><a href="#_elf">elf</a></li>
@ -618,7 +618,7 @@ The following document is generated from the machine-readable JSON describing th
<h2 id="_tsk_chats"><a class="anchor" href="#_tsk_chats"></a><a class="link" href="#_tsk_chats">tsk-chats</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation..</p>
<p>An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.</p>
</div>
<div class="admonitionblock note">
<table>
@ -788,7 +788,7 @@ tsk-chats is a MISP object available in JSON format at <a href="https://github.c
<h2 id="_tsk_web_bookmark"><a class="anchor" href="#_tsk_web_bookmark"></a><a class="link" href="#_tsk_web_bookmark">tsk-web-bookmark</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An Object Template to add evidential bookmarks identified during a digital forensic investigation..</p>
<p>An Object Template to add evidential bookmarks identified during a digital forensic investigation.</p>
</div>
<div class="admonitionblock note">
<table>
@ -932,7 +932,7 @@ tsk-web-bookmark is a MISP object available in JSON format at <a href="https://g
<h2 id="_tsk_web_cookie"><a class="anchor" href="#_tsk_web_cookie"></a><a class="link" href="#_tsk_web_cookie">tsk-web-cookie</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation..</p>
<p>An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.</p>
</div>
<div class="admonitionblock note">
<table>
@ -1469,7 +1469,7 @@ tsk-web-search-query is a MISP object available in JSON format at <a href="https
<h2 id="_ail_leak"><a class="anchor" href="#_ail_leak"></a><a class="link" href="#_ail_leak">ail-leak</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An information leak as defined by the AIL Analysis Information Leak framework..</p>
<p>An information leak as defined by the AIL Analysis Information Leak framework.</p>
</div>
<div class="admonitionblock note">
<table>
@ -1626,7 +1626,7 @@ ail-leak is a MISP object available in JSON format at <a href="https://github.co
<h2 id="_ais_info"><a class="anchor" href="#_ais_info"></a><a class="link" href="#_ais_info">ais-info</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Automated Indicator Sharing (AIS) Information Source Markings..</p>
<p>Automated Indicator Sharing (AIS) Information Source Markings.</p>
</div>
<div class="admonitionblock note">
<table>
@ -1718,7 +1718,7 @@ ais-info is a MISP object available in JSON format at <a href="https://github.co
<h2 id="_android_permission"><a class="anchor" href="#_android_permission"></a><a class="link" href="#_android_permission">android-permission</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app)..</p>
<p>A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app).</p>
</div>
<div class="admonitionblock note">
<table>
@ -1784,7 +1784,7 @@ android-permission is a MISP object available in JSON format at <a href="https:/
<h2 id="_annotation"><a class="anchor" href="#_annotation"></a><a class="link" href="#_annotation">annotation</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes..</p>
<p>An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes.</p>
</div>
<div class="admonitionblock note">
<table>
@ -2059,7 +2059,7 @@ anonymisation is a MISP object available in JSON format at <a href="https://gith
<h2 id="_asn"><a class="anchor" href="#_asn"></a><a class="link" href="#_asn">asn</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike..</p>
<p>Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.</p>
</div>
<div class="admonitionblock note">
<table>
@ -2321,7 +2321,7 @@ av-signature is a MISP object available in JSON format at <a href="https://githu
<h2 id="_bank_account"><a class="anchor" href="#_bank_account"></a><a class="link" href="#_bank_account">bank-account</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing bank account information based on account description from goAML 4.0..</p>
<p>An object describing bank account information based on account description from goAML 4.0.</p>
</div>
<div class="admonitionblock note">
<table>
@ -3575,7 +3575,7 @@ coin-address is a MISP object available in JSON format at <a href="https://githu
<h2 id="_cookie"><a class="anchor" href="#_cookie"></a><a class="link" href="#_cookie">cookie</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user&#8217;s web browser. The browser may store it and send it back with the next request to the same server. Typically, it&#8217;s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation..</p>
<p>An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user&#8217;s web browser. The browser may store it and send it back with the next request to the same server. Typically, it&#8217;s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. (as defined by the Mozilla foundation.</p>
</div>
<div class="admonitionblock note">
<table>
@ -3680,7 +3680,7 @@ cookie is a MISP object available in JSON format at <a href="https://github.com/
<h2 id="_cortex"><a class="anchor" href="#_cortex"></a><a class="link" href="#_cortex">cortex</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object..</p>
<p>Cortex object describing a complete cortex analysis. Observables would be attribute with a relationship from this object.</p>
</div>
<div class="admonitionblock note">
<table>
@ -3903,7 +3903,7 @@ cortex-taxonomy is a MISP object available in JSON format at <a href="https://gi
<h2 id="_course_of_action"><a class="anchor" href="#_course_of_action"></a><a class="link" href="#_course_of_action">course-of-action</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing a specific measure taken to prevent or respond to an attack..</p>
<p>An object describing a specific measure taken to prevent or respond to an attack.</p>
</div>
<div class="admonitionblock note">
<table>
@ -4334,7 +4334,7 @@ cowrie is a MISP object available in JSON format at <a href="https://github.com/
<h2 id="_credential"><a class="anchor" href="#_credential"></a><a class="link" href="#_credential">credential</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s)..</p>
<p>Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s).</p>
</div>
<div class="admonitionblock note">
<table>
@ -4465,7 +4465,7 @@ credential is a MISP object available in JSON format at <a href="https://github.
<h2 id="_credit_card"><a class="anchor" href="#_credit_card"></a><a class="link" href="#_credit_card">credit-card</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A payment card like credit card, debit card or any similar cards which can be used for financial transactions..</p>
<p>A payment card like credit card, debit card or any similar cards which can be used for financial transactions.</p>
</div>
<div class="admonitionblock note">
<table>
@ -4776,7 +4776,7 @@ ddos is a MISP object available in JSON format at <a href="https://github.com/MI
</div>
</div>
<div class="sect1">
<h2 id="_device"><a class="anchor" href="#_device"></a><a class="link" href="#_device">Device</a></h2>
<h2 id="_device"><a class="anchor" href="#_device"></a><a class="link" href="#_device">device</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object to define a device.</p>
@ -4788,7 +4788,7 @@ ddos is a MISP object available in JSON format at <a href="https://github.com/MI
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
Device is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/device/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
device is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/device/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
@ -5158,7 +5158,7 @@ diameter-attack is a MISP object available in JSON format at <a href="https://gi
<h2 id="_domain_ip"><a class="anchor" href="#_domain_ip"></a><a class="link" href="#_domain_ip">domain-ip</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A domain and IP address seen as a tuple in a specific time frame..</p>
<p>A domain and IP address seen as a tuple in a specific time frame.</p>
</div>
<div class="admonitionblock note">
<table>
@ -5929,7 +5929,7 @@ email is a MISP object available in JSON format at <a href="https://github.com/M
<h2 id="_exploit_poc"><a class="anchor" href="#_exploit_poc"></a><a class="link" href="#_exploit_poc">exploit-poc</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object..</p>
<p>Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object.</p>
</div>
<div class="admonitionblock note">
<table>
@ -6034,7 +6034,7 @@ exploit-poc is a MISP object available in JSON format at <a href="https://github
<h2 id="_facial_composite"><a class="anchor" href="#_facial_composite"></a><a class="link" href="#_facial_composite">facial-composite</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object which describes a facial composite..</p>
<p>An object which describes a facial composite.</p>
</div>
<div class="admonitionblock note">
<table>
@ -6609,7 +6609,7 @@ file is a MISP object available in JSON format at <a href="https://github.com/MI
<h2 id="_forensic_case"><a class="anchor" href="#_forensic_case"></a><a class="link" href="#_forensic_case">forensic-case</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object template to describe a digital forensic case..</p>
<p>An object template to describe a digital forensic case.</p>
</div>
<div class="admonitionblock note">
<table>
@ -6727,7 +6727,7 @@ forensic-case is a MISP object available in JSON format at <a href="https://gith
<h2 id="_forensic_evidence"><a class="anchor" href="#_forensic_evidence"></a><a class="link" href="#_forensic_evidence">forensic-evidence</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object template to describe a digital forensic evidence..</p>
<p>An object template to describe a digital forensic evidence.</p>
</div>
<div class="admonitionblock note">
<table>
@ -6871,7 +6871,7 @@ forensic-evidence is a MISP object available in JSON format at <a href="https://
<h2 id="_geolocation"><a class="anchor" href="#_geolocation"></a><a class="link" href="#_geolocation">geolocation</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object to describe a geographic location..</p>
<p>An object to describe a geographic location.</p>
</div>
<div class="admonitionblock note">
<table>
@ -7903,7 +7903,7 @@ ilr-notification-incident is a MISP object available in JSON format at <a href="
<h2 id="_internal_reference"><a class="anchor" href="#_internal_reference"></a><a class="link" href="#_internal_reference">internal-reference</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Internal reference..</p>
<p>Internal reference.</p>
</div>
<div class="admonitionblock note">
<table>
@ -7995,7 +7995,7 @@ internal-reference is a MISP object available in JSON format at <a href="https:/
<h2 id="_interpol_notice"><a class="anchor" href="#_interpol_notice"></a><a class="link" href="#_interpol_notice">interpol-notice</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object which describes a Interpol notice..</p>
<p>An object which describes a Interpol notice.</p>
</div>
<div class="admonitionblock note">
<table>
@ -8530,7 +8530,7 @@ ip-api-address is a MISP object available in JSON format at <a href="https://git
<h2 id="_ip_port"><a class="anchor" href="#_ip_port"></a><a class="link" href="#_ip_port">ip-port</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame..</p>
<p>An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.</p>
</div>
<div class="admonitionblock note">
<table>
@ -8805,7 +8805,7 @@ ja3 is a MISP object available in JSON format at <a href="https://github.com/MIS
<h2 id="_legal_entity"><a class="anchor" href="#_legal_entity"></a><a class="link" href="#_legal_entity">legal-entity</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object to describe a legal entity..</p>
<p>An object to describe a legal entity.</p>
</div>
<div class="admonitionblock note">
<table>
@ -9496,7 +9496,7 @@ lnk is a MISP object available in JSON format at <a href="https://github.com/MIS
<h2 id="_macho"><a class="anchor" href="#_macho"></a><a class="link" href="#_macho">macho</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Object describing a file in Mach-O format..</p>
<p>Object describing a file in Mach-O format.</p>
</div>
<div class="admonitionblock note">
<table>
@ -9601,7 +9601,7 @@ macho is a MISP object available in JSON format at <a href="https://github.com/M
<h2 id="_macho_section"><a class="anchor" href="#_macho_section"></a><a class="link" href="#_macho_section">macho-section</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Object describing a section of a file in Mach-O format..</p>
<p>Object describing a section of a file in Mach-O format.</p>
</div>
<div class="admonitionblock note">
<table>
@ -9928,7 +9928,7 @@ mactime-timeline-analysis is a MISP object available in JSON format at <a href="
<h2 id="_malware_config"><a class="anchor" href="#_malware_config"></a><a class="link" href="#_malware_config">malware-config</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Malware configuration recovered or extracted from a malicious binary..</p>
<p>Malware configuration recovered or extracted from a malicious binary.</p>
</div>
<div class="admonitionblock note">
<table>
@ -10046,7 +10046,7 @@ malware-config is a MISP object available in JSON format at <a href="https://git
<h2 id="_microblog"><a class="anchor" href="#_microblog"></a><a class="link" href="#_microblog">microblog</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Microblog post like a Twitter tweet or a post on a Facebook wall..</p>
<p>Microblog post like a Twitter tweet or a post on a Facebook wall.</p>
</div>
<div class="admonitionblock note">
<table>
@ -10543,7 +10543,7 @@ netflow is a MISP object available in JSON format at <a href="https://github.com
<h2 id="_network_connection"><a class="anchor" href="#_network_connection"></a><a class="link" href="#_network_connection">network-connection</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A local or remote network connection..</p>
<p>A local or remote network connection.</p>
</div>
<div class="admonitionblock note">
<table>
@ -10713,7 +10713,7 @@ network-connection is a MISP object available in JSON format at <a href="https:/
<h2 id="_network_socket"><a class="anchor" href="#_network_socket"></a><a class="link" href="#_network_socket">network-socket</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Network socket object describes a local or remote network connections based on the socket data structure..</p>
<p>Network socket object describes a local or remote network connections based on the socket data structure.</p>
</div>
<div class="admonitionblock note">
<table>
@ -10896,7 +10896,7 @@ network-socket is a MISP object available in JSON format at <a href="https://git
<h2 id="_misc"><a class="anchor" href="#_misc"></a><a class="link" href="#_misc">misc</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object which describes an organization..</p>
<p>An object which describes an organization.</p>
</div>
<div class="admonitionblock note">
<table>
@ -11053,7 +11053,7 @@ misc is a MISP object available in JSON format at <a href="https://github.com/MI
<h2 id="_original_imported_file"><a class="anchor" href="#_original_imported_file"></a><a class="link" href="#_original_imported_file">original-imported-file</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Object describing the original file used to import data in MISP..</p>
<p>Object describing the original file used to import data in MISP.</p>
</div>
<div class="admonitionblock note">
<table>
@ -11328,7 +11328,7 @@ passive-dns is a MISP object available in JSON format at <a href="https://github
<h2 id="_paste"><a class="anchor" href="#_paste"></a><a class="link" href="#_paste">paste</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Paste or similar post from a website allowing to share privately or publicly posts..</p>
<p>Paste or similar post from a website allowing to share privately or publicly posts.</p>
</div>
<div class="admonitionblock note">
<table>
@ -12086,7 +12086,7 @@ pe-section is a MISP object available in JSON format at <a href="https://github.
<h2 id="_person"><a class="anchor" href="#_person"></a><a class="link" href="#_person">person</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object which describes a person or an identity..</p>
<p>An object which describes a person or an identity.</p>
</div>
<div class="admonitionblock note">
<table>
@ -12503,7 +12503,7 @@ person is a MISP object available in JSON format at <a href="https://github.com/
<h2 id="_phishing"><a class="anchor" href="#_phishing"></a><a class="link" href="#_phishing">phishing</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Phishing template to describe a phishing website and its analysis..</p>
<p>Phishing template to describe a phishing website and its analysis.</p>
</div>
<div class="admonitionblock note">
<table>
@ -12738,7 +12738,7 @@ phishing is a MISP object available in JSON format at <a href="https://github.co
<h2 id="_phishing_kit"><a class="anchor" href="#_phishing_kit"></a><a class="link" href="#_phishing_kit">phishing-kit</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Oject to describe a phishing-kit..</p>
<p>Object to describe a phishing-kit.</p>
</div>
<div class="admonitionblock note">
<table>
@ -12934,7 +12934,7 @@ phishing-kit is a MISP object available in JSON format at <a href="https://githu
<h2 id="_phone"><a class="anchor" href="#_phone"></a><a class="link" href="#_phone">phone</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A phone or mobile phone object which describe a phone..</p>
<p>A phone or mobile phone object which describe a phone.</p>
</div>
<div class="admonitionblock note">
<table>
@ -13104,7 +13104,7 @@ phone is a MISP object available in JSON format at <a href="https://github.com/M
<h2 id="_process"><a class="anchor" href="#_process"></a><a class="link" href="#_process">process</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Object describing a system process..</p>
<p>Object describing a system process.</p>
</div>
<div class="admonitionblock note">
<table>
@ -13978,7 +13978,7 @@ r2graphity is a MISP object available in JSON format at <a href="https://github.
<h2 id="_regexp"><a class="anchor" href="#_regexp"></a><a class="link" href="#_regexp">regexp</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression..</p>
<p>An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14201,7 +14201,7 @@ registry-key is a MISP object available in JSON format at <a href="https://githu
<h2 id="_regripper_ntuser"><a class="anchor" href="#_regripper_ntuser"></a><a class="link" href="#_regripper_ntuser">regripper-NTUser</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive..</p>
<p>Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14423,7 +14423,7 @@ regripper-NTUser is a MISP object available in JSON format at <a href="https://g
<h2 id="_regripper_sam_hive_single_user"><a class="anchor" href="#_regripper_sam_hive_single_user"></a><a class="link" href="#_regripper_sam_hive_single_user">regripper-sam-hive-single-user</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to present user profile details extracted from the SAM hive..</p>
<p>Regripper Object template designed to present user profile details extracted from the SAM hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14580,7 +14580,7 @@ regripper-sam-hive-single-user is a MISP object available in JSON format at <a h
<h2 id="_regripper_sam_hive_user_group"><a class="anchor" href="#_regripper_sam_hive_user_group"></a><a class="link" href="#_regripper_sam_hive_user_group">regripper-sam-hive-user-group</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to present group profile details extracted from the SAM hive..</p>
<p>Regripper Object template designed to present group profile details extracted from the SAM hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14711,7 +14711,7 @@ regripper-sam-hive-user-group is a MISP object available in JSON format at <a hr
<h2 id="_regripper_software_hive_bho"><a class="anchor" href="#_regripper_software_hive_bho"></a><a class="link" href="#_regripper_software_hive_bho">regripper-software-hive-BHO</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the browser helper objects installed on the system..</p>
<p>Regripper Object template designed to gather information of the browser helper objects installed on the system.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14855,7 +14855,7 @@ regripper-software-hive-BHO is a MISP object available in JSON format at <a href
<h2 id="_regripper_software_hive_appinit_dlls"><a class="anchor" href="#_regripper_software_hive_appinit_dlls"></a><a class="link" href="#_regripper_software_hive_appinit_dlls">regripper-software-hive-appInit-DLLS</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the DLL files installed on the system..</p>
<p>Regripper Object template designed to gather information of the DLL files installed on the system.</p>
</div>
<div class="admonitionblock note">
<table>
@ -14986,7 +14986,7 @@ regripper-software-hive-appInit-DLLS is a MISP object available in JSON format a
<h2 id="_regripper_software_hive_application_paths"><a class="anchor" href="#_regripper_software_hive_application_paths"></a><a class="link" href="#_regripper_software_hive_application_paths">regripper-software-hive-application-paths</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the application paths..</p>
<p>Regripper Object template designed to gather information of the application paths.</p>
</div>
<div class="admonitionblock note">
<table>
@ -15104,7 +15104,7 @@ regripper-software-hive-application-paths is a MISP object available in JSON for
<h2 id="_regripper_software_hive_applications_installed"><a class="anchor" href="#_regripper_software_hive_applications_installed"></a><a class="link" href="#_regripper_software_hive_applications_installed">regripper-software-hive-applications-installed</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the applications installed on the system..</p>
<p>Regripper Object template designed to gather information of the applications installed on the system.</p>
</div>
<div class="admonitionblock note">
<table>
@ -15248,7 +15248,7 @@ regripper-software-hive-applications-installed is a MISP object available in JSO
<h2 id="_regripper_software_hive_command_shell"><a class="anchor" href="#_regripper_software_hive_command_shell"></a><a class="link" href="#_regripper_software_hive_command_shell">regripper-software-hive-command-shell</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the shell commands executed on the system..</p>
<p>Regripper Object template designed to gather information of the shell commands executed on the system.</p>
</div>
<div class="admonitionblock note">
<table>
@ -15366,7 +15366,7 @@ regripper-software-hive-command-shell is a MISP object available in JSON format
<h2 id="_regripper_software_hive_windows_general_info"><a class="anchor" href="#_regripper_software_hive_windows_general_info"></a><a class="link" href="#_regripper_software_hive_windows_general_info">regripper-software-hive-windows-general-info</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather general windows information extracted from the software-hive..</p>
<p>Regripper Object template designed to gather general windows information extracted from the software-hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -15666,7 +15666,7 @@ regripper-software-hive-windows-general-info is a MISP object available in JSON
<h2 id="_regripper_software_hive_software_run"><a class="anchor" href="#_regripper_software_hive_software_run"></a><a class="link" href="#_regripper_software_hive_software_run">regripper-software-hive-software-run</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information of the applications set to run on the system..</p>
<p>Regripper Object template designed to gather information of the applications set to run on the system.</p>
</div>
<div class="admonitionblock note">
<table>
@ -15797,7 +15797,7 @@ regripper-software-hive-software-run is a MISP object available in JSON format a
<h2 id="_regripper_software_hive_userprofile_winlogon"><a class="anchor" href="#_regripper_software_hive_userprofile_winlogon"></a><a class="link" href="#_regripper_software_hive_userprofile_winlogon">regripper-software-hive-userprofile-winlogon</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive..</p>
<p>Regripper Object template designed to gather user profile information when the user logs onto the system, gathered from the software hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -16149,7 +16149,7 @@ regripper-software-hive-userprofile-winlogon is a MISP object available in JSON
<h2 id="_regripper_system_hive_firewall_configuration"><a class="anchor" href="#_regripper_system_hive_firewall_configuration"></a><a class="link" href="#_regripper_system_hive_firewall_configuration">regripper-system-hive-firewall-configuration</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to present firewall configuration information extracted from the system-hive..</p>
<p>Regripper Object template designed to present firewall configuration information extracted from the system-hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -16254,7 +16254,7 @@ regripper-system-hive-firewall-configuration is a MISP object available in JSON
<h2 id="_regripper_system_hive_general_configuration"><a class="anchor" href="#_regripper_system_hive_general_configuration"></a><a class="link" href="#_regripper_system_hive_general_configuration">regripper-system-hive-general-configuration</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to present general system properties extracted from the system-hive..</p>
<p>Regripper Object template designed to present general system properties extracted from the system-hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -16463,7 +16463,7 @@ regripper-system-hive-general-configuration is a MISP object available in JSON f
<h2 id="_regripper_system_hive_network_information"><a class="anchor" href="#_regripper_system_hive_network_information"></a><a class="link" href="#_regripper_system_hive_network_information">regripper-system-hive-network-information.</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper object template designed to gather network information from the system-hive..</p>
<p>Regripper object template designed to gather network information from the system-hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -16724,7 +16724,7 @@ regripper-system-hive-network-information. is a MISP object available in JSON fo
<h2 id="_regripper_system_hive_services_drivers"><a class="anchor" href="#_regripper_system_hive_services_drivers"></a><a class="link" href="#_regripper_system_hive_services_drivers">regripper-system-hive-services-drivers</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Regripper Object template designed to gather information regarding the services/drivers from the system-hive..</p>
<p>Regripper Object template designed to gather information regarding the services/drivers from the system-hive.</p>
</div>
<div class="admonitionblock note">
<table>
@ -17484,7 +17484,7 @@ sb-signature is a MISP object available in JSON format at <a href="https://githu
<h2 id="_script"><a class="anchor" href="#_script"></a><a class="link" href="#_script">script</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts..</p>
<p>Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.</p>
</div>
<div class="admonitionblock note">
<table>
@ -17589,7 +17589,7 @@ script is a MISP object available in JSON format at <a href="https://github.com/
<h2 id="_short_message_service"><a class="anchor" href="#_short_message_service"></a><a class="link" href="#_short_message_service">short-message-service</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Short Message Service (SMS) object template describing one or more SMS message. Restriction of the initial format 3GPP 23.038 GSM character set doesn&#8217;t apply..</p>
<p>Short Message Service (SMS) object template describing one or more SMS message. Restriction of the initial format 3GPP 23.038 GSM character set doesn&#8217;t apply.</p>
</div>
<div class="admonitionblock note">
<table>
@ -17956,7 +17956,7 @@ splunk is a MISP object available in JSON format at <a href="https://github.com/
<h2 id="_ss7_attack"><a class="anchor" href="#_ss7_attack"></a><a class="link" href="#_ss7_attack">ss7-attack</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging..</p>
<p>SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.</p>
</div>
<div class="admonitionblock note">
<table>
@ -18334,7 +18334,7 @@ ss7-attack is a MISP object available in JSON format at <a href="https://github.
<h2 id="_stix2_pattern"><a class="anchor" href="#_stix2_pattern"></a><a class="link" href="#_stix2_pattern">stix2-pattern</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern..</p>
<p>An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.</p>
</div>
<div class="admonitionblock note">
<table>
@ -18413,7 +18413,7 @@ stix2-pattern is a MISP object available in JSON format at <a href="https://gith
<h2 id="_suricata"><a class="anchor" href="#_suricata"></a><a class="link" href="#_suricata">suricata</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing one or more Suricata rule(s) along with version and contextual information..</p>
<p>An object describing one or more Suricata rule(s) along with version and contextual information.</p>
</div>
<div class="admonitionblock note">
<table>
@ -18728,7 +18728,7 @@ threatgrid-report is a MISP object available in JSON format at <a href="https://
<h2 id="_timecode"><a class="anchor" href="#_timecode"></a><a class="link" href="#_timecode">timecode</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence..</p>
<p>Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence.</p>
</div>
<div class="admonitionblock note">
<table>
@ -18846,7 +18846,7 @@ timecode is a MISP object available in JSON format at <a href="https://github.co
<h2 id="_timesketch_timeline"><a class="anchor" href="#_timesketch_timeline"></a><a class="link" href="#_timesketch_timeline">timesketch-timeline</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A timesketch timeline object based on mandatory field in timesketch to describe a log entry..</p>
<p>A timesketch timeline object based on mandatory field in timesketch to describe a log entry.</p>
</div>
<div class="admonitionblock note">
<table>
@ -18938,7 +18938,7 @@ timesketch-timeline is a MISP object available in JSON format at <a href="https:
<h2 id="_timesketch_message"><a class="anchor" href="#_timesketch_message"></a><a class="link" href="#_timesketch_message">timesketch_message</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A timesketch message entry..</p>
<p>A timesketch message entry.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19004,7 +19004,7 @@ timesketch_message is a MISP object available in JSON format at <a href="https:/
<h2 id="_timestamp"><a class="anchor" href="#_timestamp"></a><a class="link" href="#_timestamp">timestamp</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship..</p>
<p>A generic timestamp object to represent time including first time and last time seen. Relationship will then define the kind of time relationship.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19096,7 +19096,7 @@ timestamp is a MISP object available in JSON format at <a href="https://github.c
<h2 id="_tor_hiddenservice"><a class="anchor" href="#_tor_hiddenservice"></a><a class="link" href="#_tor_hiddenservice">tor-hiddenservice</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Tor hidden service (onion service) object..</p>
<p>Tor hidden service (onion service) object.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19188,7 +19188,7 @@ tor-hiddenservice is a MISP object available in JSON format at <a href="https://
<h2 id="_tor_node"><a class="anchor" href="#_tor_node"></a><a class="link" href="#_tor_node">tor-node</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time..</p>
<p>Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19384,7 +19384,7 @@ tor-node is a MISP object available in JSON format at <a href="https://github.co
<h2 id="_tracking_id"><a class="anchor" href="#_tracking_id"></a><a class="link" href="#_tracking_id">tracking-id</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Analytics and tracking ID such as used in Google Analytics or other analytic platform..</p>
<p>Analytics and tracking ID such as used in Google Analytics or other analytic platform.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19515,7 +19515,7 @@ tracking-id is a MISP object available in JSON format at <a href="https://github
<h2 id="_transaction"><a class="anchor" href="#_transaction"></a><a class="link" href="#_transaction">transaction</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object to describe a financial transaction..</p>
<p>An object to describe a financial transaction.</p>
</div>
<div class="admonitionblock note">
<table>
@ -19737,7 +19737,7 @@ transaction is a MISP object available in JSON format at <a href="https://github
<h2 id="_url"><a class="anchor" href="#_url"></a><a class="link" href="#_url">url</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata..</p>
<p>url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.</p>
</div>
<div class="admonitionblock note">
<table>
@ -20142,7 +20142,7 @@ vehicle is a MISP object available in JSON format at <a href="https://github.com
<h2 id="_victim"><a class="anchor" href="#_victim"></a><a class="link" href="#_victim">victim</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Victim object describes the target of an attack or abuse..</p>
<p>Victim object describes the target of an attack or abuse.</p>
</div>
<div class="admonitionblock note">
<table>
@ -20443,7 +20443,7 @@ virustotal-report is a MISP object available in JSON format at <a href="https://
<h2 id="_vulnerability"><a class="anchor" href="#_vulnerability"></a><a class="link" href="#_vulnerability">vulnerability</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware..</p>
<p>Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.</p>
</div>
<div class="admonitionblock note">
<table>
@ -20639,7 +20639,7 @@ vulnerability is a MISP object available in JSON format at <a href="https://gith
<h2 id="_whois"><a class="anchor" href="#_whois"></a><a class="link" href="#_whois">whois</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Whois records information for a domain name or an IP address..</p>
<p>Whois records information for a domain name or an IP address.</p>
</div>
<div class="admonitionblock note">
<table>
@ -21240,7 +21240,7 @@ yabin is a MISP object available in JSON format at <a href="https://github.com/M
<h2 id="_yara"><a class="anchor" href="#_yara"></a><a class="link" href="#_yara">yara</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>An object describing a YARA rule along with its version..</p>
<p>An object describing a YARA rule along with its version.</p>
</div>
<div class="admonitionblock note">
<table>
@ -22008,7 +22008,7 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
</div>
<div id="footer">
<div id="footer-text">
Last updated 2019-04-21 15:39:19 +0200
Last updated 2019-04-21 15:57:45 +0200
</div>
</div>
</body>

3095
objects.pdf
View File

File diff suppressed because it is too large Load Diff