MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [datamodel] updated

pull/19/head
Alexandre Dulaunoy 2019-12-05 19:20:29 +01:00
parent 1f437442de
commit 7077bd1b81
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
_pages/datamodels.md
View File

@ -60,6 +60,7 @@ The MISP format is described as Internet-Draft in [misp-rfc](https://github.com/
|email-subject| | | | | | |
|email-thread-index| | | | | | |
|email-x-mailer| | | | | | |
|eppn| | | | | | |
|filename| | X | | X | | |
|filename|authentihash| | X | | | | |
|filename|impfuzzy| | X | | | | |
@ -219,11 +220,12 @@ The MISP format is described as Internet-Draft in [misp-rfc](https://github.com/
|email-message-id| | | X | | | |
|email-mime-boundary| | | X | | | |
|email-reply-to| | | X | | | |
|email-src| | | X | | | |
|email-src| X | | X | | | |
|email-src-display-name| | | X | | | |
|email-subject| X | | X | | | |
|email-thread-index| | | X | | | |
|email-x-mailer| | | X | | | |
|eppn| X | | | | | |
|filename| | | X | X | | X |
|filename|authentihash| | | X | X | | |
|filename|impfuzzy| | | X | X | | |
@ -388,6 +390,7 @@ The MISP format is described as Internet-Draft in [misp-rfc](https://github.com/
|email-subject| | | | |
|email-thread-index| | | | |
|email-x-mailer| | | | |
|eppn| | X | | |
|filename| | | | |
|filename|authentihash| | | | |
|filename|impfuzzy| | | | |
@ -572,6 +575,7 @@ The MISP format is described as Internet-Draft in [misp-rfc](https://github.com/
* **email-subject**: The subject of the email
* **email-thread-index**: The email thread index header
* **email-x-mailer**: Email x-mailer header
* **eppn**: eduPersonPrincipalName - eppn - the NetId of the person for the purposes of inter-institutional authentication. Should be stored in the form of user@univ.edu, where univ.edu is the name of the local security domain.
* **filename**: Filename
* **filename|authentihash**: A checksum in md5 format
* **filename|impfuzzy**: Import fuzzy hash - a fuzzy hash created based on the imports in the sample.
@ -599,16 +603,16 @@ The MISP format is described as Internet-Draft in [misp-rfc](https://github.com/
* **hasshserver-md5**: hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
* **hex**: A value in hexadecimal format
* **hostname**: A full host/dnsname of an attacker
* **hostname|port**: Hostname and port number seperated by a |
* **hostname|port**: Hostname and port number separated by a |
* **http-method**: HTTP method used by the malware (e.g. POST, GET, ...).
* **iban**: International Bank Account Number
* **identity-card-number**: Identity card number
* **impfuzzy**: A fuzzy hash of import table of Portable Executable format
* **imphash**: Import hash - a hash created based on the imports in the sample.
* **ip-dst**: A destination IP address of the attacker or C&C server
* **ip-dst|port**: IP destination and port number seperated by a |
* **ip-dst|port**: IP destination and port number separated by a |
* **ip-src**: A source IP address of the attacker
* **ip-src|port**: IP source and port number seperated by a |
* **ip-src|port**: IP source and port number separated by a |
* **issue-date-of-the-visa**: The date on which the visa was issued
* **ja3-fingerprint-md5**: JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.
* **jabber-id**: Jabber ID