Merge branch 'main' of github.com:MISP/misp-objects

Author: chrisr3d

README.md

@@ -193,9 +193,10 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/fail2ban](https://github.com/MISP/misp-objects/blob/main/objects/fail2ban/definition.json) - Fail2ban event.
 - [objects/favicon](https://github.com/MISP/misp-objects/blob/main/objects/favicon/definition.json) - A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular website or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation.
 - [objects/file](https://github.com/MISP/misp-objects/blob/main/objects/file/definition.json) - File object describing a file with meta-information.
-- [objects/flowintel-cm-case](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-case/definition.json) - A case as defined by flowintel-cm.
-- [objects/flowintel-cm-task](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-task/definition.json) - A task as defined by flowintel-cm.
-- [objects/flowintel-cm-task-note](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-cm-task-note/definition.json) - A task's note as defined by flowintel-cm.
+- [objects/flowintel-case](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-case/definition.json) - A case as defined by flowintel.
+- [objects/flowintel-task](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-task/definition.json) - A task as defined by flowintel.
+- [objects/flowintel-task-note](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-task-note/definition.json) - A task's note as defined by flowintel.
+- [objects/flowintel-task-resource](https://github.com/MISP/misp-objects/blob/main/objects/flowintel-task-resource/definition.json) - A task's resource as defined by flowintel.
 - [objects/forensic-case](https://github.com/MISP/misp-objects/blob/main/objects/forensic-case/definition.json) - An object template to describe a digital forensic case.
 - [objects/forensic-evidence](https://github.com/MISP/misp-objects/blob/main/objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence.
 - [objects/forged-document](https://github.com/MISP/misp-objects/blob/main/objects/forged-document/definition.json) - Object describing a forged document.
@@ -255,8 +256,11 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/Generalizing Persuasion Framework](https://github.com/MISP/misp-objects/blob/main/objects/Generalizing Persuasion Framework/definition.json) - By placing their work within the GP Framework, scholars will help the field resolve inconsistencies, identify and address open questions, and ensure collective progress. The GP Framework is not meant to compete with other theories (such as the ELM) but rather to fill in two gaps. First, it allows one to consider how individual persuasion studies connect to one another and why studies may arrive at contradictory conclusions. Second, it highlights the sources of variations that should be studied. (James N. Druckman).
 - [objects/geolocation](https://github.com/MISP/misp-objects/blob/main/objects/geolocation/definition.json) - An object to describe a geographic location.
 - [objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json) - Export from git-vuln-finder.
+- [objects/github-action](https://github.com/MISP/misp-objects/blob/main/objects/github-action/definition.json) - GitHub Actions.
+- [objects/github-repo](https://github.com/MISP/misp-objects/blob/main/objects/github-repo/definition.json) - GitHub repository.
 - [objects/github-user](https://github.com/MISP/misp-objects/blob/main/objects/github-user/definition.json) - GitHub user.
 - [objects/gitlab-user](https://github.com/MISP/misp-objects/blob/main/objects/gitlab-user/definition.json) - GitLab user. Gitlab.com user or self-hosted GitLab instance.
+- [objects/google-account](https://github.com/MISP/misp-objects/blob/main/objects/google-account/definition.json) - An object containing subscriber information received from Google.
 - [objects/google-safe-browsing](https://github.com/MISP/misp-objects/blob/main/objects/google-safe-browsing/definition.json) - Google Safe checks a URL against Google's constantly updated list of unsafe web resources.
 - [objects/google-threat-intelligence-report](https://github.com/MISP/misp-objects/blob/main/objects/google-threat-intelligence-report/definition.json) - Google Threat Intelligence report that provides an assessment (verdict, severity and scoring) and combined information from VirusTotal and Mandiant.
 - [objects/greynoise-ip](https://github.com/MISP/misp-objects/blob/main/objects/greynoise-ip/definition.json) - GreyNoise IP Information.
@@ -309,6 +313,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/narrative](https://github.com/MISP/misp-objects/blob/main/objects/narrative/definition.json) - Object describing a narrative.
 - [objects/netflow](https://github.com/MISP/misp-objects/blob/main/objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
 - [objects/network-connection](https://github.com/MISP/misp-objects/blob/main/objects/network-connection/definition.json) - A local or remote network connection.
+- [objects/network-data](https://github.com/MISP/misp-objects/blob/main/objects/network-data/definition.json) - network data, including payloads/logs, relevant timestamps, data volume and enrichment of the TCP/IP 5-tuple connection information.
 - [objects/network-profile](https://github.com/MISP/misp-objects/blob/main/objects/network-profile/definition.json) - Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls.
 - [objects/network-socket](https://github.com/MISP/misp-objects/blob/main/objects/network-socket/definition.json) - Network socket object describes a local or remote network connections based on the socket data structure.
 - [objects/network-traffic](https://github.com/MISP/misp-objects/blob/main/objects/network-traffic/definition.json) - Generic network traffic that originates from a source and is addressed to a destination.
@@ -411,6 +416,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/stix2-pattern](https://github.com/MISP/misp-objects/blob/main/objects/stix2-pattern/definition.json) - An object describing a STIX pattern. The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a STIX pattern.
 - [objects/stock](https://github.com/MISP/misp-objects/blob/main/objects/stock/definition.json) - Object to describe stock market.
 - [objects/submarine](https://github.com/MISP/misp-objects/blob/main/objects/submarine/definition.json) - Submarine description.
+- [objects/summariser-output](https://github.com/MISP/misp-objects/blob/main/objects/summariser-output/definition.json) - Summariser output from an AI-based or NLP summariser.
 - [objects/suricata](https://github.com/MISP/misp-objects/blob/main/objects/suricata/definition.json) - An object describing one or more Suricata rule(s) along with version and contextual information.
 - [objects/target-system](https://github.com/MISP/misp-objects/blob/main/objects/target-system/definition.json) - Description about an targeted system, this could potentially be a compromised internal system.
 - [objects/task](https://github.com/MISP/misp-objects/blob/main/objects/task/definition.json) - Task object as described in STIX 2.1 Incident object extension.
@@ -517,12 +523,12 @@ The MISP objects (JSON files) are dual-licensed under:
 or
 
 ~~~~
- Copyright (c) 2016-2024 Alexandre Dulaunoy - a@foo.be
- Copyright (c) 2016-2024 CIRCL - Computer Incident Response Center Luxembourg
- Copyright (c) 2016-2024 Andras Iklody
- Copyright (c) 2016-2024 Raphael Vinot
- Copyright (c) 2016-2024 Christian Studer
- Copyright (c) 2016-2024 Various contributors to MISP Project
+ Copyright (c) 2016-2025 Alexandre Dulaunoy - a@foo.be
+ Copyright (c) 2016-2025 CIRCL - Computer Incident Response Center Luxembourg
+ Copyright (c) 2016-2025 Andras Iklody
+ Copyright (c) 2016-2025 Raphael Vinot
+ Copyright (c) 2016-2025 Christian Studer
+ Copyright (c) 2016-2025 Various contributors to MISP Project
 
  Redistribution and use in source and binary forms, with or without modification,
  are permitted provided that the following conditions are met:

objects/flowintel-cm-case/definition.json objects/flowintel-case/definition.jsonobjects/flowintel-cm-case/definition.json renamed to objects/flowintel-case/definition.json

@@ -88,9 +88,9 @@
       "ui-priority": 1
     }
   },
-  "description": "A case as defined by flowintel-cm.",
+  "description": "A case as defined by flowintel.",
   "meta-category": "misc",
-  "name": "flowintel-cm-case",
+  "name": "flowintel-case",
   "uuid": "19df57c7-b315-4fd2-84e5-d81ab221425e",
-  "version": 3
+  "version": 4
 }

…s/flowintel-cm-task-note/definition.json …ects/flowintel-task-note/definition.jsonobjects/flowintel-cm-task-note/definition.json renamed to objects/flowintel-task-note/definition.json objects/flowintel-cm-task-note/definition.json renamed to objects/flowintel-task-note/definition.json

@@ -27,9 +27,9 @@
       "ui-priority": 2
     }
   },
-  "description": "A task's note as defined by flowintel-cm.",
+  "description": "A task's note as defined by flowintel.",
   "meta-category": "misc",
-  "name": "flowintel-cm-task-note",
+  "name": "flowintel-task-note",
   "uuid": "2c6f6aba-48b6-482f-a810-81934d29be9a",
-  "version": 1
+  "version": 2
 }

objects/flowintel-task-resource/definition.json

@@ -0,0 +1,35 @@
+{
+  "attributes": {
+    "origin-url": {
+      "description": "Origin of the task",
+      "disable_correlation": true,
+      "misp-attribute": "url",
+      "to_ids": false,
+      "ui-priority": 1
+    },
+    "resource": {
+      "description": "Resources of the task",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "to_ids": false,
+      "ui-priority": 0
+    },
+    "resource-uuid": {
+      "description": "UUID of the resource",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 2
+    },
+    "task-uuid": {
+      "description": "UUID of the parent task",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 2
+    }
+  },
+  "description": "A task's note as defined by flowintel.",
+  "meta-category": "misc",
+  "name": "flowintel-task-resource",
+  "uuid": "dc1d5bae-3611-499c-bbd6-1ca3ad4048dd",
+  "version": 1
+}

objects/flowintel-cm-task/definition.json objects/flowintel-task/definition.jsonobjects/flowintel-cm-task/definition.json renamed to objects/flowintel-task/definition.json

@@ -78,9 +78,9 @@
       "ui-priority": 0
     }
   },
-  "description": "A task as defined by flowintel-cm.",
+  "description": "A task as defined by flowintel.",
   "meta-category": "misc",
-  "name": "flowintel-cm-task",
+  "name": "flowintel-task",
   "uuid": "2f525f6e-d3f2-4cb9-9ca0-f1160d99397d",
-  "version": 4
+  "version": 5
 }

objects/greynoise-ip/definition.json

@@ -4,59 +4,107 @@
       "description": "GreyNoise Actor",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "ui-priority": 4
+    },
+    "asn": {
+      "description": "GreyNoise ASN",
+      "disable_correlation": true,
+      "misp-attribute": "AS",
+      "ui-priority": 3
+    },
+    "bot": {
+      "description": "GreyNoise Is Bot Flag",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
       "ui-priority": 1
     },
     "classification": {
       "description": "GreyNoise Classification",
       "disable_correlation": true,
       "misp-attribute": "text",
-      "ui-priority": 1
+      "ui-priority": 6
+    },
+    "domain": {
+      "description": "GreyNoise Domain",
+      "disable_correlation": false,
+      "misp-attribute": "domain",
+      "ui-priority": 6
     },
     "first-seen": {
       "description": "First Seen",
       "disable_correlation": true,
       "misp-attribute": "datetime",
-      "ui-priority": 2
+      "ui-priority": 5
     },
     "ip-src": {
       "description": "Source IP address of the network connection.",
       "misp-attribute": "ip-src",
-      "ui-priority": 1
+      "ui-priority": 7
     },
     "last-seen": {
       "description": "Last Seen",
       "disable_correlation": true,
       "misp-attribute": "datetime",
-      "ui-priority": 1
+      "ui-priority": 5
     },
     "link": {
       "description": "GreyNoise Visualizer Link",
       "disable_correlation": true,
       "misp-attribute": "link",
-      "ui-priority": 2
+      "ui-priority": 4
     },
     "noise": {
       "description": "GreyNoise Internet Scanning Flag",
       "disable_correlation": true,
       "misp-attribute": "text",
-      "ui-priority": 1
+      "ui-priority": 4
     },
     "provider": {
       "description": "GreyNoise Service Provider",
       "disable_correlation": true,
       "misp-attribute": "text",
-      "ui-priority": 1
+      "ui-priority": 4
+    },
+    "rdns": {
+      "description": "GreyNoise Reverse DNS Hostname",
+      "disable_correlation": false,
+      "misp-attribute": "hostname",
+      "ui-priority": 2
+    },
+    "rdns_parent": {
+      "description": "GreyNoise Reverse DNS Domain",
+      "disable_correlation": true,
+      "misp-attribute": "domain",
+      "ui-priority": 2
     },
     "riot": {
       "description": "GreyNoise Common Business Service Flag",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "ui-priority": 4
+    },
+    "source_country": {
+      "description": "GreyNoise Source Country",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 3
+    },
+    "tor": {
+      "description": "GreyNoise Is Tor Flag",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
       "ui-priority": 1
     },
     "trust-level": {
       "description": "GreyNoise RIOT Trust Level",
       "disable_correlation": true,
       "misp-attribute": "text",
+      "ui-priority": 4
+    },
+    "vpn": {
+      "description": "GreyNoise Is VPN Flag",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
       "ui-priority": 1
     }
   },
@@ -67,5 +115,5 @@
     "ip-src"
   ],
   "uuid": "6B14A94A-46E4-4B82-B24D-0DBF8E8B3FD9",
-  "version": 1
+  "version": 2
 }

objects/query/definition.json

@@ -27,7 +27,9 @@
         "Google search query",
         "Ariel Query Language (qradar)",
         "Grep",
-        "Devo LINQ"
+        "Devo LINQ",
+        "Microsoft Defender XDR",
+        "Sentinel Advanced Security Information Model"
       ],
       "ui-priority": 0
     },
@@ -49,5 +51,5 @@
     "query"
   ],
   "uuid": "006539b3-f68a-4a02-a213-e600762d39b5",
-  "version": 3
+  "version": 4
 }