You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -147,6 +147,9 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
147
147
-[objects/command-line](https://github.com/MISP/misp-objects/blob/main/objects/command-line/definition.json) - Command line and options related to a specific command executed by a program, whether it is malicious or not.
148
148
-[objects/concordia-mtmf-intrusion-set](https://github.com/MISP/misp-objects/blob/main/objects/concordia-mtmf-intrusion-set/definition.json) - Intrusion Set - Phase Description.
149
149
-[objects/confidentiality-impact](https://github.com/MISP/misp-objects/blob/main/objects/confidentiality-impact/definition.json) - Confidentiality Impact object as described in STIX 2.1 Incident object extension.
150
+
-[objects/container-image](https://github.com/MISP/misp-objects/blob/main/objects/container-image/definition.json) - Generic container-image object template to represent container images across platforms.
-[objects/cookie](https://github.com/MISP/misp-objects/blob/main/objects/cookie/definition.json) - An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol. As defined by the Mozilla foundation.
151
154
-[objects/cortex](https://github.com/MISP/misp-objects/blob/main/objects/cortex/definition.json) - Cortex object describing a complete Cortex analysis. Observables would be attribute with a relationship from this object.
152
155
-[objects/cortex-taxonomy](https://github.com/MISP/misp-objects/blob/main/objects/cortex-taxonomy/definition.json) - Cortex object describing a Cortex Taxonomy (or mini report).
@@ -263,6 +266,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
-[objects/game-cheat](https://github.com/MISP/misp-objects/blob/main/objects/game-cheat/definition.json) - Describes a game cheat or a cheatware.
265
268
-[objects/Generalizing Persuasion Framework](https://github.com/MISP/misp-objects/blob/main/objects/Generalizing Persuasion Framework/definition.json) - By placing their work within the GP Framework, scholars will help the field resolve inconsistencies, identify and address open questions, and ensure collective progress. The GP Framework is not meant to compete with other theories (such as the ELM) but rather to fill in two gaps. First, it allows one to consider how individual persuasion studies connect to one another and why studies may arrive at contradictory conclusions. Second, it highlights the sources of variations that should be studied. (James N. Druckman).
269
+
-[objects/geojson](https://github.com/MISP/misp-objects/blob/main/objects/geojson/definition.json) - An object to describe a GeoJSON file containing geographic data structures such as points, lines, and polygons as defined in RFC 7946.
266
270
-[objects/geolocation](https://github.com/MISP/misp-objects/blob/main/objects/geolocation/definition.json) - An object to describe a geographic location.
-[objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json) - Export from git-vuln-finder.
@@ -273,6 +277,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
273
277
-[objects/google-account](https://github.com/MISP/misp-objects/blob/main/objects/google-account/definition.json) - An object containing subscriber information received from Google.
274
278
-[objects/google-safe-browsing](https://github.com/MISP/misp-objects/blob/main/objects/google-safe-browsing/definition.json) - Google Safe checks a URL against Google's constantly updated list of unsafe web resources.
275
279
-[objects/google-threat-intelligence-report](https://github.com/MISP/misp-objects/blob/main/objects/google-threat-intelligence-report/definition.json) - Google Threat Intelligence report that provides an assessment (verdict, severity and scoring) and combined information from VirusTotal and Mandiant.
280
+
-[objects/gpx](https://github.com/MISP/misp-objects/blob/main/objects/gpx/definition.json) - An object to describe a GPX (GPS Exchange Format) file, including file metadata, GPX metadata, spatial bounds, and counts of waypoints, routes, and tracks.
276
281
-[objects/greynoise-ip](https://github.com/MISP/misp-objects/blob/main/objects/greynoise-ip/definition.json) - GreyNoise IP Information.
277
282
-[objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json) - GTP attack object as attack as seen on the GTP signaling protocol supporting GPRS/LTE networks.
278
283
-[objects/hashlookup](https://github.com/MISP/misp-objects/blob/main/objects/hashlookup/definition.json) - hashlookup object as described on hashlookup services from circl.lu - https://www.circl.lu/services/hashlookup.
@@ -317,6 +322,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
317
322
-[objects/malware-analysis](https://github.com/MISP/misp-objects/blob/main/objects/malware-analysis/definition.json) - Malware Analysis captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family.
318
323
-[objects/malware-config](https://github.com/MISP/misp-objects/blob/main/objects/malware-config/definition.json) - Malware configuration recovered or extracted from a malicious binary.
319
324
-[objects/meme-image](https://github.com/MISP/misp-objects/blob/main/objects/meme-image/definition.json) - Object describing a meme (image).
325
+
-[objects/mfa-auth](https://github.com/MISP/misp-objects/blob/main/objects/mfa-auth/definition.json) - Object describing a multi-factor authentication (MFA) event, including anonymized user identifiers, authentication method, network source information, device context, and analyst-derived outcome and reasoning.
320
326
-[objects/microblog](https://github.com/MISP/misp-objects/blob/main/objects/microblog/definition.json) - Microblog post like a Twitter tweet or a post on a Facebook wall.
321
327
-[objects/monetary-impact](https://github.com/MISP/misp-objects/blob/main/objects/monetary-impact/definition.json) - Monetary Impact object as described in STIX 2.1 Incident object extension.
322
328
-[objects/mutex](https://github.com/MISP/misp-objects/blob/main/objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
@@ -409,6 +415,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
409
415
-[objects/scrippsco2-o18-monthly](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-o18-monthly/definition.json) - Monthly average O18 concentrations (ppm) derived from flask air samples.
410
416
-[objects/script](https://github.com/MISP/misp-objects/blob/main/objects/script/definition.json) - Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts.
411
417
-[objects/security-playbook](https://github.com/MISP/misp-objects/blob/main/objects/security-playbook/definition.json) - The security-playbook object provides meta-information and allows managing, storing, and sharing cybersecurity playbooks and orchestration workflows.
418
+
-[objects/service](https://github.com/MISP/misp-objects/blob/main/objects/service/definition.json) - Generic service object template to represent services that may be attacked or compromised.
-[objects/shadowserver-malware-url-report](https://github.com/MISP/misp-objects/blob/main/objects/shadowserver-malware-url-report/definition.json) - This report identifies URLs that were observed in exploitation attempts in the last 24 hours. They are assumed to contain a malware payload or serve as C2 controllers. If a payload was successfully downloaded in the last 24 hours, it’s SHA256 hash will also be published. The data is primarily sourced from honeypots (in which case they will often be IoT related), but other sources are possible. As always, you only receive information on IPs found on your network/constituency or in the case of a National CSIRT, your country. Ref: https://www.shadowserver.org/what-we-do/network-reporting/malware-url-report/.
@@ -423,6 +430,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
423
430
-[objects/sigmf-recording](https://github.com/MISP/misp-objects/blob/main/objects/sigmf-recording/definition.json) - An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF).
424
431
-[objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel.
425
432
-[objects/software](https://github.com/MISP/misp-objects/blob/main/objects/software/definition.json) - The Software object represents high-level properties associated with software, including software products. STIX 2.1 - 6.14.
433
+
-[objects/software-package](https://github.com/MISP/misp-objects/blob/main/objects/software-package/definition.json) - Generic software package object template to represent software packages and their state.
426
434
-[objects/spambee-report](https://github.com/MISP/misp-objects/blob/main/objects/spambee-report/definition.json) - A Spambee analysis report.
-[objects/spearphishing-campaign](https://github.com/MISP/misp-objects/blob/main/objects/spearphishing-campaign/definition.json) - Spearphishing template to describe a campaign from the email to the TA connect back IOC.
@@ -480,6 +488,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
-[objects/vulnerability](https://github.com/MISP/misp-objects/blob/main/objects/vulnerability/definition.json) - Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.
491
+
-[objects/wazuh-rule](https://github.com/MISP/misp-objects/blob/main/objects/wazuh-rule/definition.json) - An object describing a Wazuh XML rule using common fields from the official Wazuh rule syntax.
483
492
-[objects/weakness](https://github.com/MISP/misp-objects/blob/main/objects/weakness/definition.json) - Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.
484
493
-[objects/whois](https://github.com/MISP/misp-objects/blob/main/objects/whois/definition.json) - Whois records information for a domain name or an IP address.
485
494
-[objects/wifi-connection](https://github.com/MISP/misp-objects/blob/main/objects/wifi-connection/definition.json) - Wireless network connection parameters including SSID, authentication, encryption and configuration details.
0 commit comments