Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pymisp for openSUSE:Factory
checked in at 2021-05-21 21:50:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pymisp (Old)
and /work/SRC/openSUSE:Factory/.python-pymisp.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pymisp"
Fri May 21 21:50:29 2021 rev:34 rq:894847 version:2.4.143
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pymisp/python-pymisp.changes
2021-05-06 22:53:44.662473078 +0200
+++ /work/SRC/openSUSE:Factory/.python-pymisp.new.2988/python-pymisp.changes
2021-05-21 21:50:46.694044059 +0200
@@ -1,0 +2,15 @@
+Fri May 14 16:12:56 UTC 2021 - Sebastian Wagner <sebix+novell....@sebix.at>
+
+- update to version 2.4.143:
+ - New
+ - Method to get the raw object template. [Rapha??l Vinot]
+ - Changes
+ - Bump version, deps. [Rapha??l Vinot]
+ - Bump deps. [Rapha??l Vinot]
+ - Bump objects templates. [Rapha??l Vinot]
+ - Fix
+ - First-seen and last-seen on attributes and objects were not checked
+ for sanity. [Rapha??l Vinot]
+ - Remove search_all example, use search instead. [Rapha??l Vinot]
+
+-------------------------------------------------------------------
Old:
----
python-pymisp-2.4.142.tar.gz
New:
----
python-pymisp-2.4.143.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pymisp.spec ++++++
--- /var/tmp/diff_new_pack.2XsQmA/_old 2021-05-21 21:50:47.274041657 +0200
+++ /var/tmp/diff_new_pack.2XsQmA/_new 2021-05-21 21:50:47.278041640 +0200
@@ -18,9 +18,9 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
-%define misp_objects_revision 5e6f887fa131437089eaa8cdb9078b6a6371d121
+%define misp_objects_revision 5d986dc25ee3ebf53fa8ad59d2d0091696a5295c
Name: python-pymisp
-Version: 2.4.142
+Version: 2.4.143
Release: 0
Summary: Python API for MISP
License: BSD-2-Clause
++++++ misp-objects.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/.gitchangelog.rc
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/.gitchangelog.rc
--- old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/.gitchangelog.rc
1970-01-01 01:00:00.000000000 +0100
+++ new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/.gitchangelog.rc
2021-05-11 15:44:35.000000000 +0200
@@ -0,0 +1,289 @@
+# -*- coding: utf-8; mode: python -*-
+##
+## Format
+##
+## ACTION: [AUDIENCE:] COMMIT_MSG [!TAG ...]
+##
+## Description
+##
+## ACTION is one of 'chg', 'fix', 'new'
+##
+## Is WHAT the change is about.
+##
+## 'chg' is for refactor, small improvement, cosmetic changes...
+## 'fix' is for bug fixes
+## 'new' is for new features, big improvement
+##
+## AUDIENCE is optional and one of 'dev', 'usr', 'pkg', 'test', 'doc'|'docs'
+##
+## Is WHO is concerned by the change.
+##
+## 'dev' is for developpers (API changes, refactors...)
+## 'usr' is for final users (UI changes)
+## 'pkg' is for packagers (packaging changes)
+## 'test' is for testers (test only related changes)
+## 'doc' is for doc guys (doc only changes)
+##
+## COMMIT_MSG is ... well ... the commit message itself.
+##
+## TAGs are additionnal adjective as 'refactor' 'minor' 'cosmetic'
+##
+## They are preceded with a '!' or a '@' (prefer the former, as the
+## latter is wrongly interpreted in github.) Commonly used tags are:
+##
+## 'refactor' is obviously for refactoring code only
+## 'minor' is for a very meaningless change (a typo, adding a comment)
+## 'cosmetic' is for cosmetic driven change (re-indentation, 80-col...)
+## 'wip' is for partial functionality but complete subfunctionality.
+##
+## Example:
+##
+## new: usr: support of bazaar implemented
+## chg: re-indentend some lines !cosmetic
+## new: dev: updated code to be compatible with last version of killer lib.
+## fix: pkg: updated year of licence coverage.
+## new: test: added a bunch of test around user usability of feature X.
+## fix: typo in spelling my name in comment. !minor
+##
+## Please note that multi-line commit message are supported, and only the
+## first line will be considered as the "summary" of the commit message. So
+## tags, and other rules only applies to the summary. The body of the commit
+## message will be displayed in the changelog without reformatting.
+
+
+##
+## ``ignore_regexps`` is a line of regexps
+##
+## Any commit having its full commit message matching any regexp listed here
+## will be ignored and won't be reported in the changelog.
+##
+ignore_regexps = [
+ r'@minor', r'!minor',
+ r'@cosmetic', r'!cosmetic',
+ r'@refactor', r'!refactor',
+ r'@wip', r'!wip',
+ r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[p|P]kg:',
+ r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[d|D]ev:',
+ r'^(.{3,3}\s*:)?\s*[fF]irst commit.?\s*$',
+ ]
+
+
+## ``section_regexps`` is a list of 2-tuples associating a string label and a
+## list of regexp
+##
+## Commit messages will be classified in sections thanks to this. Section
+## titles are the label, and a commit is classified under this section if any
+## of the regexps associated is matching.
+##
+## Please note that ``section_regexps`` will only classify commits and won't
+## make any changes to the contents. So you'll probably want to go check
+## ``subject_process`` (or ``body_process``) to do some changes to the subject,
+## whenever you are tweaking this variable.
+##
+section_regexps = [
+ ('New', [
+ r'^[nN]ew\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
+ ]),
+ ('Changes', [
+ r'^[cC]hg\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
+ ]),
+ ('Fix', [
+ r'^[fF]ix\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
+ ]),
+
+ ('Other', None ## Match all lines
+ ),
+
+]
+
+
+## ``body_process`` is a callable
+##
+## This callable will be given the original body and result will
+## be used in the changelog.
+##
+## Available constructs are:
+##
+## - any python callable that take one txt argument and return txt argument.
+##
+## - ReSub(pattern, replacement): will apply regexp substitution.
+##
+## - Indent(chars=" "): will indent the text with the prefix
+## Please remember that template engines gets also to modify the text and
+## will usually indent themselves the text if needed.
+##
+## - Wrap(regexp=r"\n\n"): re-wrap text in separate paragraph to fill
80-Columns
+##
+## - noop: do nothing
+##
+## - ucfirst: ensure the first letter is uppercase.
+## (usually used in the ``subject_process`` pipeline)
+##
+## - final_dot: ensure text finishes with a dot
+## (usually used in the ``subject_process`` pipeline)
+##
+## - strip: remove any spaces before or after the content of the string
+##
+## - SetIfEmpty(msg="No commit message."): will set the text to
+## whatever given ``msg`` if the current text is empty.
+##
+## Additionally, you can `pipe` the provided filters, for instance:
+#body_process = Wrap(regexp=r'\n(?=\w+\s*:)') | Indent(chars=" ")
+#body_process = Wrap(regexp=r'\n(?=\w+\s*:)')
+#body_process = noop
+body_process = ReSub(r'((^|\n)[A-Z]\w+(-\w+)*: .*(\n\s+.*)*)+$', r'') | strip
+
+
+## ``subject_process`` is a callable
+##
+## This callable will be given the original subject and result will
+## be used in the changelog.
+##
+## Available constructs are those listed in ``body_process`` doc.
+subject_process = (strip |
+
ReSub(r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n@]*)(@[a-z]+\s+)*$',
r'\4') |
+ SetIfEmpty("No commit message.") | ucfirst | final_dot)
+
+
+## ``tag_filter_regexp`` is a regexp
+##
+## Tags that will be used for the changelog must match this regexp.
+##
+tag_filter_regexp = r'^v[0-9]+\.[0-9]+\.[0-9]+$'
+
+
+
+## ``unreleased_version_label`` is a string or a callable that outputs a string
+##
+## This label will be used as the changelog Title of the last set of changes
+## between last valid tag and HEAD if any.
+unreleased_version_label = "%%version%% (unreleased)"
+
+
+## ``output_engine`` is a callable
+##
+## This will change the output format of the generated changelog file
+##
+## Available choices are:
+##
+## - rest_py
+##
+## Legacy pure python engine, outputs ReSTructured text.
+## This is the default.
+##
+## - mustache(<template_name>)
+##
+## Template name could be any of the available templates in
+## ``templates/mustache/*.tpl``.
+## Requires python package ``pystache``.
+## Examples:
+## - mustache("markdown")
+## - mustache("restructuredtext")
+##
+## - makotemplate(<template_name>)
+##
+## Template name could be any of the available templates in
+## ``templates/mako/*.tpl``.
+## Requires python package ``mako``.
+## Examples:
+## - makotemplate("restructuredtext")
+##
+#output_engine = rest_py
+#output_engine = mustache("restructuredtext")
+output_engine = mustache("markdown")
+#output_engine = makotemplate("restructuredtext")
+
+
+## ``include_merge`` is a boolean
+##
+## This option tells git-log whether to include merge commits in the log.
+## The default is to include them.
+include_merge = True
+
+
+## ``log_encoding`` is a string identifier
+##
+## This option tells gitchangelog what encoding is outputed by ``git log``.
+## The default is to be clever about it: it checks ``git config`` for
+## ``i18n.logOutputEncoding``, and if not found will default to git's own
+## default: ``utf-8``.
+#log_encoding = 'utf-8'
+
+
+## ``publish`` is a callable
+##
+## Sets what ``gitchangelog`` should do with the output generated by
+## the output engine. ``publish`` is a callable taking one argument
+## that is an interator on lines from the output engine.
+##
+## Some helper callable are provided:
+##
+## Available choices are:
+##
+## - stdout
+##
+## Outputs directly to standard output
+## (This is the default)
+##
+## - FileInsertAtFirstRegexMatch(file, pattern, idx=lamda m: m.start())
+##
+## Creates a callable that will parse given file for the given
+## regex pattern and will insert the output in the file.
+## ``idx`` is a callable that receive the matching object and
+## must return a integer index point where to insert the
+## the output in the file. Default is to return the position of
+## the start of the matched string.
+##
+## - FileRegexSubst(file, pattern, replace, flags)
+##
+## Apply a replace inplace in the given file. Your regex pattern must
+## take care of everything and might be more complex. Check the README
+## for a complete copy-pastable example.
+##
+# publish = FileInsertIntoFirstRegexMatch(
+# "CHANGELOG.rst",
+#
r'/(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/',
+# idx=lambda m: m.start(1)
+# )
+#publish = stdout
+
+
+## ``revs`` is a list of callable or a list of string
+##
+## callable will be called to resolve as strings and allow dynamical
+## computation of these. The result will be used as revisions for
+## gitchangelog (as if directly stated on the command line). This allows
+## to filter exaclty which commits will be read by gitchangelog.
+##
+## To get a full documentation on the format of these strings, please
+## refer to the ``git rev-list`` arguments. There are many examples.
+##
+## Using callables is especially useful, for instance, if you
+## are using gitchangelog to generate incrementally your changelog.
+##
+## Some helpers are provided, you can use them::
+##
+## - FileFirstRegexMatch(file, pattern): will return a callable that will
+## return the first string match for the given pattern in the given file.
+## If you use named sub-patterns in your regex pattern, it'll output only
+## the string matching the regex pattern named "rev".
+##
+## - Caret(rev): will return the rev prefixed by a "^", which is a
+## way to remove the given revision and all its ancestor.
+##
+## Please note that if you provide a rev-list on the command line, it'll
+## replace this value (which will then be ignored).
+##
+## If empty, then ``gitchangelog`` will act as it had to generate a full
+## changelog.
+##
+## The default is to use all commits to make the changelog.
+#revs = ["^1.0.3", ]
+#revs = [
+# Caret(
+# FileFirstRegexMatch(
+# "CHANGELOG.rst",
+#
r"(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n")),
+# "HEAD"
+#]
+revs = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/README.md
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/README.md
--- old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/README.md
2021-04-14 09:20:52.000000000 +0200
+++ new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/README.md
2021-05-11 15:44:35.000000000 +0200
@@ -104,262 +104,267 @@
## Existing MISP objects
-- [objects/ail-leak](objects/ail-leak/definition.json) - An information leak
as defined by the AIL Analysis Information Leak framework.
-- [objects/ais-info](objects/ais-info/definition.json) - Automated Indicator
Sharing (AIS) Information Source Markings.
-- [objects/android-app](objects/android-app/definition.json) - Indicators
related to an Android app.
-- [objects/android-permission](objects/android-permission/definition.json) - A
set of android permissions - one or more permission(s) which can be linked to
other objects (e.g. malware, app).
-- [objects/annotation](objects/annotation/definition.json) - An annotation
object allowing analysts to add annotations, comments, executive summary to a
MISP event, objects or attributes.
-- [objects/anonymisation](objects/anonymisation/definition.json) -
Anonymisation object describing an anonymisation technique used to encode MISP
attribute values. Reference:
https://www.caida.org/tools/taxonomy/anonymization.xml.
-- [objects/asn](objects/asn/definition.json) - Autonomous system object
describing an autonomous system which can include one or more network operators
management an entity (e.g. ISP) along with their routing policy, routing
prefixes or alike.
-- [objects/attack-pattern](objects/attack-pattern/definition.json) - Attack
pattern describing a common attack pattern enumeration and classification.
--
[objects/authentication-failure-report](objects/authentication-failure-report/definition.json)
- Authentication Failure Report.
--
[objects/authenticode-signerinfo](objects/authenticode-signerinfo/definition.json)
- Authenticode Signer Info.
-- [objects/av-signature](objects/av-signature/definition.json) - Antivirus
detection signature.
-- [objects/bank-account](objects/bank-account/definition.json) - An object
describing bank account information based on account description from goAML 4.0.
-- [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object
encapsulating BGP Hijack description as specified, for example, by
bgpstream.com.
-- [objects/bgp-ranking](objects/bgp-ranking/definition.json) - BGP Ranking
object describing the ranking of an ASN for a given day, along with its
position, 1 being the most malicious ASN of the day, with the highest ranking.
This object is meant to have a relationship with the corresponding ASN object
and represents its ranking for a specific date.
-- [objects/blog](objects/blog/definition.json) - Blog post like Medium or
WordPress.
-- [objects/boleto](objects/boleto/definition.json) - A common form of payment
used in Brazil.
-- [objects/btc-transaction](objects/btc-transaction/definition.json) - An
object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet.
-- [objects/btc-wallet](objects/btc-wallet/definition.json) - An object to
describe a Bitcoin wallet. Best to be used with bitcoin-transactions.
-- [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting
Protocol Version (CAP) alert object.
-- [objects/cap-info](objects/cap-info/definition.json) - Common Alerting
Protocol Version (CAP) info object.
-- [objects/cap-resource](objects/cap-resource/definition.json) - Common
Alerting Protocol Version (CAP) resource object.
-- [objects/coin-address](objects/coin-address/definition.json) - An address
used in a cryptocurrency.
-- [objects/command](objects/command/definition.json) - Command functionalities
related to specific commands executed by a program, whether it is malicious or
not. Command-line are attached to this object for the related commands.
-- [objects/command-line](objects/command-line/definition.json) - Command line
and options related to a specific command executed by a program, whether it is
malicious or not.
-- [objects/cookie](objects/cookie/definition.json) - An HTTP cookie (web
cookie, browser cookie) is a small piece of data that a server sends to the
user's web browser. The browser may store it and send it back with the next
request to the same server. Typically, it's used to tell if two requests came
from the same browser ??? keeping a user logged-in, for example. It remembers
stateful information for the stateless HTTP protocol. (as defined by the
Mozilla foundation.
-- [objects/cortex](objects/cortex/definition.json) - Cortex object describing
a complete cortex analysis. Observables would be attribute with a relationship
from this object.
-- [objects/cortex-taxonomy](objects/cortex-taxonomy/definition.json) - Cortex
object describing an Cortex Taxonomy (or mini report).
-- [objects/course-of-action](objects/course-of-action/definition.json) - An
object describing a specific measure taken to prevent or respond to an attack.
--
[objects/covid19-csse-daily-report](objects/covid19-csse-daily-report/definition.json)
- CSSE COVID-19 Daily report.
--
[objects/covid19-dxy-live-city](objects/covid19-dxy-live-city/definition.json)
- COVID 19 from dxy.cn - Aggregation by city.
--
[objects/covid19-dxy-live-province](objects/covid19-dxy-live-province/definition.json)
- COVID 19 from dxy.cn - Aggregation by province.
-- [objects/cowrie](objects/cowrie/definition.json) - Cowrie honeypot object
template.
-- [objects/cpe-asset](objects/cpe-asset/definition.json) - An asset which can
be defined by a CPE. This can be a generic asset. CPE is a structured naming
scheme for information technology systems, software, and packages.
-- [objects/credential](objects/credential/definition.json) - Credential
describes one or more credential(s) including password(s), api key(s) or
decryption key(s).
-- [objects/credit-card](objects/credit-card/definition.json) - A payment card
like credit card, debit card or any similar cards which can be used for
financial transactions.
-- [objects/crypto-material](objects/crypto-material/definition.json) -
Cryptographic materials such as public or/and private keys.
-- [objects/cytomic-orion-file](objects/cytomic-orion-file/definition.json) -
Cytomic Orion File Detection.
--
[objects/cytomic-orion-machine](objects/cytomic-orion-machine/definition.json)
- Cytomic Orion File at Machine Detection.
-- [objects/dark-pattern-item](objects/dark-pattern-item/definition.json) - An
Item whose User Interface implements a dark pattern.
-- [objects/ddos](objects/ddos/definition.json) - DDoS object describes a
current DDoS activity from a specific or/and to a specific target. Type of DDoS
can be attached to the object as a taxonomy.
-- [objects/device](objects/device/definition.json) - An object to define a
device.
-- [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack
as seen on diameter authentication against a GSM, UMTS or LTE network.
-- [objects/dns-record](objects/dns-record/definition.json) - A set of DNS
records observed for a specific domain.
-- [objects/domain-crawled](objects/domain-crawled/definition.json) - A domain
crawled over time.
-- [objects/domain-ip](objects/domain-ip/definition.json) - A domain/hostname
and IP address seen as a tuple in a specific time frame.
-- [objects/elf](objects/elf/definition.json) - Object describing a Executable
and Linkable Format.
-- [objects/elf-section](objects/elf-section/definition.json) - Object
describing a section of an Executable and Linkable Format.
-- [objects/email](objects/email/definition.json) - Email object describing an
email with meta-information.
-- [objects/employee](objects/employee/definition.json) - An employee and
related data points.
-- [objects/exploit-poc](objects/exploit-poc/definition.json) - Exploit-poc
object describing a proof of concept or exploit of a vulnerability. This object
has often a relationship with a vulnerability object.
-- [objects/facebook-account](objects/facebook-account/definition.json) -
Facebook account.
-- [objects/facebook-group](objects/facebook-group/definition.json) - Public or
private facebook group.
-- [objects/facebook-page](objects/facebook-page/definition.json) - Facebook
page.
-- [objects/facebook-post](objects/facebook-post/definition.json) - Post on a
Facebook wall.
-- [objects/facial-composite](objects/facial-composite/definition.json) - An
object which describes a facial composite.
-- [objects/fail2ban](objects/fail2ban/definition.json) - Fail2ban event.
-- [objects/favicon](objects/favicon/definition.json) - A favicon, also known
as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a
file containing one or more small icons, associated with a particular website
or web page. The object template can include the murmur3 hash of the favicon to
facilitate correlation.
-- [objects/file](objects/file/definition.json) - File object describing a file
with meta-information.
-- [objects/forensic-case](objects/forensic-case/definition.json) - An object
template to describe a digital forensic case.
-- [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An
object template to describe a digital forensic evidence.
-- [objects/forged-document](objects/forged-document/definition.json) - Object
describing a forged document.
-- [objects/ftm-Airplane](objects/ftm-Airplane/definition.json) - .
-- [objects/ftm-Assessment](objects/ftm-Assessment/definition.json) - .
-- [objects/ftm-Asset](objects/ftm-Asset/definition.json) - .
-- [objects/ftm-Associate](objects/ftm-Associate/definition.json) - Non-family
association between two people.
-- [objects/ftm-Audio](objects/ftm-Audio/definition.json) - .
-- [objects/ftm-BankAccount](objects/ftm-BankAccount/definition.json) - .
-- [objects/ftm-Call](objects/ftm-Call/definition.json) - .
-- [objects/ftm-Company](objects/ftm-Company/definition.json) - .
-- [objects/ftm-Contract](objects/ftm-Contract/definition.json) - An contract
or contract lot issued by an authority. Multiple lots may be awarded to
different suppliers (see ContractAward).
+-
[objects/ail-leak](https://github.com/MISP/misp-objects/blob/main/objects/ail-leak/definition.json)
- An information leak as defined by the AIL Analysis Information Leak
framework.
+-
[objects/ais-info](https://github.com/MISP/misp-objects/blob/main/objects/ais-info/definition.json)
- Automated Indicator Sharing (AIS) Information Source Markings.
+-
[objects/android-app](https://github.com/MISP/misp-objects/blob/main/objects/android-app/definition.json)
- Indicators related to an Android app.
+-
[objects/android-permission](https://github.com/MISP/misp-objects/blob/main/objects/android-permission/definition.json)
- A set of android permissions - one or more permission(s) which can be linked
to other objects (e.g. malware, app).
+-
[objects/annotation](https://github.com/MISP/misp-objects/blob/main/objects/annotation/definition.json)
- An annotation object allowing analysts to add annotations, comments,
executive summary to a MISP event, objects or attributes.
+-
[objects/anonymisation](https://github.com/MISP/misp-objects/blob/main/objects/anonymisation/definition.json)
- Anonymisation object describing an anonymisation technique used to encode
MISP attribute values. Reference:
https://www.caida.org/tools/taxonomy/anonymization.xml.
+-
[objects/asn](https://github.com/MISP/misp-objects/blob/main/objects/asn/definition.json)
- Autonomous system object describing an autonomous system which can include
one or more network operators management an entity (e.g. ISP) along with their
routing policy, routing prefixes or alike.
+-
[objects/attack-pattern](https://github.com/MISP/misp-objects/blob/main/objects/attack-pattern/definition.json)
- Attack pattern describing a common attack pattern enumeration and
classification.
+-
[objects/authentication-failure-report](https://github.com/MISP/misp-objects/blob/main/objects/authentication-failure-report/definition.json)
- Authentication Failure Report.
+-
[objects/authenticode-signerinfo](https://github.com/MISP/misp-objects/blob/main/objects/authenticode-signerinfo/definition.json)
- Authenticode Signer Info.
+-
[objects/av-signature](https://github.com/MISP/misp-objects/blob/main/objects/av-signature/definition.json)
- Antivirus detection signature.
+-
[objects/bank-account](https://github.com/MISP/misp-objects/blob/main/objects/bank-account/definition.json)
- An object describing bank account information based on account description
from goAML 4.0.
+-
[objects/bgp-hijack](https://github.com/MISP/misp-objects/blob/main/objects/bgp-hijack/definition.json)
- Object encapsulating BGP Hijack description as specified, for example, by
bgpstream.com.
+-
[objects/bgp-ranking](https://github.com/MISP/misp-objects/blob/main/objects/bgp-ranking/definition.json)
- BGP Ranking object describing the ranking of an ASN for a given day, along
with its position, 1 being the most malicious ASN of the day, with the highest
ranking. This object is meant to have a relationship with the corresponding ASN
object and represents its ranking for a specific date.
+-
[objects/blog](https://github.com/MISP/misp-objects/blob/main/objects/blog/definition.json)
- Blog post like Medium or WordPress.
+-
[objects/boleto](https://github.com/MISP/misp-objects/blob/main/objects/boleto/definition.json)
- A common form of payment used in Brazil.
+-
[objects/btc-transaction](https://github.com/MISP/misp-objects/blob/main/objects/btc-transaction/definition.json)
- An object to describe a Bitcoin transaction. Best to be used with
bitcoin-wallet.
+-
[objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json)
- An object to describe a Bitcoin wallet. Best to be used with
bitcoin-transactions.
+-
[objects/cap-alert](https://github.com/MISP/misp-objects/blob/main/objects/cap-alert/definition.json)
- Common Alerting Protocol Version (CAP) alert object.
+-
[objects/cap-info](https://github.com/MISP/misp-objects/blob/main/objects/cap-info/definition.json)
- Common Alerting Protocol Version (CAP) info object.
+-
[objects/cap-resource](https://github.com/MISP/misp-objects/blob/main/objects/cap-resource/definition.json)
- Common Alerting Protocol Version (CAP) resource object.
+-
[objects/coin-address](https://github.com/MISP/misp-objects/blob/main/objects/coin-address/definition.json)
- An address used in a cryptocurrency.
+-
[objects/command](https://github.com/MISP/misp-objects/blob/main/objects/command/definition.json)
- Command functionalities related to specific commands executed by a program,
whether it is malicious or not. Command-line are attached to this object for
the related commands.
+-
[objects/command-line](https://github.com/MISP/misp-objects/blob/main/objects/command-line/definition.json)
- Command line and options related to a specific command executed by a
program, whether it is malicious or not.
+-
[objects/cookie](https://github.com/MISP/misp-objects/blob/main/objects/cookie/definition.json)
- An HTTP cookie (web cookie, browser cookie) is a small piece of data that a
server sends to the user's web browser. The browser may store it and send it
back with the next request to the same server. Typically, it's used to tell if
two requests came from the same browser ??? keeping a user logged-in, for
example. It remembers stateful information for the stateless HTTP protocol. (as
defined by the Mozilla foundation.
+-
[objects/cortex](https://github.com/MISP/misp-objects/blob/main/objects/cortex/definition.json)
- Cortex object describing a complete cortex analysis. Observables would be
attribute with a relationship from this object.
+-
[objects/cortex-taxonomy](https://github.com/MISP/misp-objects/blob/main/objects/cortex-taxonomy/definition.json)
- Cortex object describing an Cortex Taxonomy (or mini report).
+-
[objects/course-of-action](https://github.com/MISP/misp-objects/blob/main/objects/course-of-action/definition.json)
- An object describing a specific measure taken to prevent or respond to an
attack.
+-
[objects/covid19-csse-daily-report](https://github.com/MISP/misp-objects/blob/main/objects/covid19-csse-daily-report/definition.json)
- CSSE COVID-19 Daily report.
+-
[objects/covid19-dxy-live-city](https://github.com/MISP/misp-objects/blob/main/objects/covid19-dxy-live-city/definition.json)
- COVID 19 from dxy.cn - Aggregation by city.
+-
[objects/covid19-dxy-live-province](https://github.com/MISP/misp-objects/blob/main/objects/covid19-dxy-live-province/definition.json)
- COVID 19 from dxy.cn - Aggregation by province.
+-
[objects/cowrie](https://github.com/MISP/misp-objects/blob/main/objects/cowrie/definition.json)
- Cowrie honeypot object template.
+-
[objects/cpe-asset](https://github.com/MISP/misp-objects/blob/main/objects/cpe-asset/definition.json)
- An asset which can be defined by a CPE. This can be a generic asset. CPE is
a structured naming scheme for information technology systems, software, and
packages.
+-
[objects/credential](https://github.com/MISP/misp-objects/blob/main/objects/credential/definition.json)
- Credential describes one or more credential(s) including password(s), api
key(s) or decryption key(s).
+-
[objects/credit-card](https://github.com/MISP/misp-objects/blob/main/objects/credit-card/definition.json)
- A payment card like credit card, debit card or any similar cards which can
be used for financial transactions.
+-
[objects/crypto-material](https://github.com/MISP/misp-objects/blob/main/objects/crypto-material/definition.json)
- Cryptographic materials such as public or/and private keys.
+-
[objects/cytomic-orion-file](https://github.com/MISP/misp-objects/blob/main/objects/cytomic-orion-file/definition.json)
- Cytomic Orion File Detection.
+-
[objects/cytomic-orion-machine](https://github.com/MISP/misp-objects/blob/main/objects/cytomic-orion-machine/definition.json)
- Cytomic Orion File at Machine Detection.
+-
[objects/dark-pattern-item](https://github.com/MISP/misp-objects/blob/main/objects/dark-pattern-item/definition.json)
- An Item whose User Interface implements a dark pattern.
+-
[objects/ddos](https://github.com/MISP/misp-objects/blob/main/objects/ddos/definition.json)
- DDoS object describes a current DDoS activity from a specific or/and to a
specific target. Type of DDoS can be attached to the object as a taxonomy.
+-
[objects/device](https://github.com/MISP/misp-objects/blob/main/objects/device/definition.json)
- An object to define a device.
+-
[objects/diameter-attack](https://github.com/MISP/misp-objects/blob/main/objects/diameter-attack/definition.json)
- Attack as seen on diameter authentication against a GSM, UMTS or LTE network.
+-
[objects/dkim](https://github.com/MISP/misp-objects/blob/main/objects/dkim/definition.json)
- DomainKeys Identified Mail - DKIM.
+-
[objects/dns-record](https://github.com/MISP/misp-objects/blob/main/objects/dns-record/definition.json)
- A set of DNS records observed for a specific domain.
+-
[objects/domain-crawled](https://github.com/MISP/misp-objects/blob/main/objects/domain-crawled/definition.json)
- A domain crawled over time.
+-
[objects/domain-ip](https://github.com/MISP/misp-objects/blob/main/objects/domain-ip/definition.json)
- A domain/hostname and IP address seen as a tuple in a specific time frame.
+-
[objects/elf](https://github.com/MISP/misp-objects/blob/main/objects/elf/definition.json)
- Object describing a Executable and Linkable Format.
+-
[objects/elf-section](https://github.com/MISP/misp-objects/blob/main/objects/elf-section/definition.json)
- Object describing a section of an Executable and Linkable Format.
+-
[objects/email](https://github.com/MISP/misp-objects/blob/main/objects/email/definition.json)
- Email object describing an email with meta-information.
+-
[objects/employee](https://github.com/MISP/misp-objects/blob/main/objects/employee/definition.json)
- An employee and related data points.
+-
[objects/exploit-poc](https://github.com/MISP/misp-objects/blob/main/objects/exploit-poc/definition.json)
- Exploit-poc object describing a proof of concept or exploit of a
vulnerability. This object has often a relationship with a vulnerability object.
+-
[objects/facebook-account](https://github.com/MISP/misp-objects/blob/main/objects/facebook-account/definition.json)
- Facebook account.
+-
[objects/facebook-group](https://github.com/MISP/misp-objects/blob/main/objects/facebook-group/definition.json)
- Public or private facebook group.
+-
[objects/facebook-page](https://github.com/MISP/misp-objects/blob/main/objects/facebook-page/definition.json)
- Facebook page.
+-
[objects/facebook-post](https://github.com/MISP/misp-objects/blob/main/objects/facebook-post/definition.json)
- Post on a Facebook wall.
+-
[objects/facial-composite](https://github.com/MISP/misp-objects/blob/main/objects/facial-composite/definition.json)
- An object which describes a facial composite.
+-
[objects/fail2ban](https://github.com/MISP/misp-objects/blob/main/objects/fail2ban/definition.json)
- Fail2ban event.
+-
[objects/favicon](https://github.com/MISP/misp-objects/blob/main/objects/favicon/definition.json)
- A favicon, also known as a shortcut icon, website icon, tab icon, URL icon,
or bookmark icon, is a file containing one or more small icons, associated with
a particular website or web page. The object template can include the murmur3
hash of the favicon to facilitate correlation.
+-
[objects/file](https://github.com/MISP/misp-objects/blob/main/objects/file/definition.json)
- File object describing a file with meta-information.
+-
[objects/forensic-case](https://github.com/MISP/misp-objects/blob/main/objects/forensic-case/definition.json)
- An object template to describe a digital forensic case.
+-
[objects/forensic-evidence](https://github.com/MISP/misp-objects/blob/main/objects/forensic-evidence/definition.json)
- An object template to describe a digital forensic evidence.
+-
[objects/forged-document](https://github.com/MISP/misp-objects/blob/main/objects/forged-document/definition.json)
- Object describing a forged document.
+-
[objects/ftm-Airplane](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Airplane/definition.json)
- .
+-
[objects/ftm-Assessment](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Assessment/definition.json)
- .
+-
[objects/ftm-Asset](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Asset/definition.json)
- .
+-
[objects/ftm-Associate](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Associate/definition.json)
- Non-family association between two people.
+-
[objects/ftm-Audio](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Audio/definition.json)
- .
+-
[objects/ftm-BankAccount](https://github.com/MISP/misp-objects/blob/main/objects/ftm-BankAccount/definition.json)
- .
+-
[objects/ftm-Call](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Call/definition.json)
- .
+-
[objects/ftm-Company](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Company/definition.json)
- .
+-
[objects/ftm-Contract](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Contract/definition.json)
- An contract or contract lot issued by an authority. Multiple lots may be
awarded to different suppliers (see ContractAward).
.
-- [objects/ftm-ContractAward](objects/ftm-ContractAward/definition.json) - A
contract or contract lot as awarded to a supplier.
-- [objects/ftm-CourtCase](objects/ftm-CourtCase/definition.json) - .
-- [objects/ftm-CourtCaseParty](objects/ftm-CourtCaseParty/definition.json) - .
-- [objects/ftm-Debt](objects/ftm-Debt/definition.json) - A monetary debt
between two parties.
-- [objects/ftm-Directorship](objects/ftm-Directorship/definition.json) - .
-- [objects/ftm-Document](objects/ftm-Document/definition.json) - .
-- [objects/ftm-Documentation](objects/ftm-Documentation/definition.json) - .
-- [objects/ftm-EconomicActivity](objects/ftm-EconomicActivity/definition.json)
- A foreign economic activity.
-- [objects/ftm-Email](objects/ftm-Email/definition.json) - .
-- [objects/ftm-Event](objects/ftm-Event/definition.json) - .
-- [objects/ftm-Family](objects/ftm-Family/definition.json) - Family
relationship between two people.
-- [objects/ftm-Folder](objects/ftm-Folder/definition.json) - .
-- [objects/ftm-HyperText](objects/ftm-HyperText/definition.json) - .
-- [objects/ftm-Image](objects/ftm-Image/definition.json) - .
-- [objects/ftm-Land](objects/ftm-Land/definition.json) - .
-- [objects/ftm-LegalEntity](objects/ftm-LegalEntity/definition.json) - A legal
entity may be a person or a company.
-- [objects/ftm-License](objects/ftm-License/definition.json) - A grant of
land, rights or property. A type of Contract.
-- [objects/ftm-Membership](objects/ftm-Membership/definition.json) - .
-- [objects/ftm-Message](objects/ftm-Message/definition.json) - .
-- [objects/ftm-Organization](objects/ftm-Organization/definition.json) - .
-- [objects/ftm-Ownership](objects/ftm-Ownership/definition.json) - .
-- [objects/ftm-Package](objects/ftm-Package/definition.json) - .
-- [objects/ftm-Page](objects/ftm-Page/definition.json) - .
-- [objects/ftm-Pages](objects/ftm-Pages/definition.json) - .
-- [objects/ftm-Passport](objects/ftm-Passport/definition.json) - Passport.
-- [objects/ftm-Payment](objects/ftm-Payment/definition.json) - A monetary
payment between two parties.
-- [objects/ftm-Person](objects/ftm-Person/definition.json) - An individual.
-- [objects/ftm-PlainText](objects/ftm-PlainText/definition.json) - .
-- [objects/ftm-PublicBody](objects/ftm-PublicBody/definition.json) - A public
body, such as a ministry, department or state company.
-- [objects/ftm-RealEstate](objects/ftm-RealEstate/definition.json) - A piece
of land or property.
-- [objects/ftm-Representation](objects/ftm-Representation/definition.json) - A
mediatory, intermediary, middleman, or broker acting on behalf of a legal
entity.
-- [objects/ftm-Row](objects/ftm-Row/definition.json) - .
-- [objects/ftm-Sanction](objects/ftm-Sanction/definition.json) - A sanction
designation.
-- [objects/ftm-Succession](objects/ftm-Succession/definition.json) - Two
entities that legally succeed each other.
-- [objects/ftm-Table](objects/ftm-Table/definition.json) - .
-- [objects/ftm-TaxRoll](objects/ftm-TaxRoll/definition.json) - A tax
declaration of an individual.
-- [objects/ftm-UnknownLink](objects/ftm-UnknownLink/definition.json) - .
-- [objects/ftm-UserAccount](objects/ftm-UserAccount/definition.json) - .
-- [objects/ftm-Vehicle](objects/ftm-Vehicle/definition.json) - .
-- [objects/ftm-Vessel](objects/ftm-Vessel/definition.json) - A boat or ship.
-- [objects/ftm-Video](objects/ftm-Video/definition.json) - .
-- [objects/ftm-Workbook](objects/ftm-Workbook/definition.json) - .
-- [objects/geolocation](objects/geolocation/definition.json) - An object to
describe a geographic location.
-- [objects/git-vuln-finder](objects/git-vuln-finder/definition.json) - Export
from git-vuln-finder.
-- [objects/github-user](objects/github-user/definition.json) - GitHub user.
-- [objects/gitlab-user](objects/gitlab-user/definition.json) - GitLab user.
Gitlab.com user or self-hosted GitLab instance.
-- [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object
as seen on a GSM, UMTS or LTE network.
-- [objects/http-request](objects/http-request/definition.json) - A single HTTP
request header.
-- [objects/ilr-impact](objects/ilr-impact/definition.json) - Institut
Luxembourgeois de Regulation - Impact.
--
[objects/ilr-notification-incident](objects/ilr-notification-incident/definition.json)
- Institut Luxembourgeois de Regulation - Notification d'incident.
-- [objects/image](objects/image/definition.json) - Object describing an image
file.
-- [objects/impersonation](objects/impersonation/definition.json) - Represent
an impersonating account.
-- [objects/imsi-catcher](objects/imsi-catcher/definition.json) - IMSI Catcher
entry object based on the open source IMSI cather.
-- [objects/instant-message](objects/instant-message/definition.json) - Instant
Message (IM) object template describing one or more IM message.
--
[objects/instant-message-group](objects/instant-message-group/definition.json)
- Instant Message (IM) group object template describing a public or private IM
group, channel or conversation.
--
[objects/intel471-vulnerability-intelligence](objects/intel471-vulnerability-intelligence/definition.json)
- Intel 471 vulnerability intelligence object.
-- [objects/intelmq_event](objects/intelmq_event/definition.json) - IntelMQ
Event.
-- [objects/intelmq_report](objects/intelmq_report/definition.json) - IntelMQ
Report.
-- [objects/internal-reference](objects/internal-reference/definition.json) -
Internal reference.
-- [objects/interpol-notice](objects/interpol-notice/definition.json) - An
object which describes a Interpol notice.
-- [objects/iot-device](objects/iot-device/definition.json) - An IoT device.
-- [objects/iot-firmware](objects/iot-firmware/definition.json) - A firmware
for an IoT device.
-- [objects/ip-api-address](objects/ip-api-address/definition.json) - IP
Address information. Useful if you are pulling your ip information from
ip-api.com.
-- [objects/ip-port](objects/ip-port/definition.json) - An IP address (or
domain or hostname) and a port seen as a tuple (or as a triple) in a specific
time frame.
-- [objects/irc](objects/irc/definition.json) - An IRC object to describe an
IRC server and the associated channels.
-- [objects/ja3](objects/ja3/definition.json) - JA3 is a new technique for
creating SSL client fingerprints that are easy to produce and can be easily
shared for threat intelligence. Fingerprints are composed of Client Hello
packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and
Elliptic Curve Formats. https://github.com/salesforce/ja3.
-- [objects/keybase-account](objects/keybase-account/definition.json) -
Information related to a keybase account, from API Users Object.
-- [objects/leaked-document](objects/leaked-document/definition.json) - Object
describing a leaked document.
-- [objects/legal-entity](objects/legal-entity/definition.json) - An object to
describe a legal entity.
-- [objects/lnk](objects/lnk/definition.json) - LNK object describing a Windows
LNK binary file (aka Windows shortcut).
-- [objects/macho](objects/macho/definition.json) - Object describing a file in
Mach-O format.
-- [objects/macho-section](objects/macho-section/definition.json) - Object
describing a section of a file in Mach-O format.
--
[objects/mactime-timeline-analysis](objects/mactime-timeline-analysis/definition.json)
- Mactime template, used in forensic investigations to describe the timeline
of a file activity.
-- [objects/malware-config](objects/malware-config/definition.json) - Malware
configuration recovered or extracted from a malicious binary.
-- [objects/meme-image](objects/meme-image/definition.json) - Object describing
a meme (image).
-- [objects/microblog](objects/microblog/definition.json) - Microblog post like
a Twitter tweet or a post on a Facebook wall.
-- [objects/mutex](objects/mutex/definition.json) - Object to describe mutual
exclusion locks (mutex) as seen in memory or computer program.
-- [objects/narrative](objects/narrative/definition.json) - Object describing a
narrative.
-- [objects/netflow](objects/netflow/definition.json) - Netflow object
describes an network object based on the Netflowv5/v9 minimal definition.
-- [objects/network-connection](objects/network-connection/definition.json) - A
local or remote network connection.
-- [objects/network-socket](objects/network-socket/definition.json) - Network
socket object describes a local or remote network connections based on the
socket data structure.
-- [objects/news-agency](objects/news-agency/definition.json) - News agencies
compile news and disseminate news in bulk.
-- [objects/news-media](objects/news-media/definition.json) - News media are
forms of mass media delivering news to the general public.
-- [objects/organization](objects/organization/definition.json) - An object
which describes an organization.
--
[objects/original-imported-file](objects/original-imported-file/definition.json)
- Object describing the original file used to import data in MISP.
-- [objects/parler-account](objects/parler-account/definition.json) - Parler
account.
-- [objects/parler-comment](objects/parler-comment/definition.json) - Parler
comment.
-- [objects/parler-post](objects/parler-post/definition.json) - Parler post
(parley).
-- [objects/passive-dns](objects/passive-dns/definition.json) - Passive DNS
records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.
-- [objects/paste](objects/paste/definition.json) - Paste or similar post from
a website allowing to share privately or publicly posts.
-- [objects/pcap-metadata](objects/pcap-metadata/definition.json) - Network
packet capture metadata.
-- [objects/pe](objects/pe/definition.json) - Object describing a Portable
Executable.
-- [objects/pe-section](objects/pe-section/definition.json) - Object describing
a section of a Portable Executable.
-- [objects/person](objects/person/definition.json) - An object which describes
a person or an identity.
-- [objects/pgp-meta](objects/pgp-meta/definition.json) - Metadata extracted
from a PGP keyblock, message or signature.
-- [objects/phishing](objects/phishing/definition.json) - Phishing template to
describe a phishing website and its analysis.
-- [objects/phishing-kit](objects/phishing-kit/definition.json) - Object to
describe a phishing-kit.
-- [objects/phone](objects/phone/definition.json) - A phone or mobile phone
object which describe a phone.
-- [objects/process](objects/process/definition.json) - Object describing a
system process.
-- [objects/publication](objects/publication/definition.json) - An object to
describe a book, journal, or academic publication.
--
[objects/python-etvx-event-log](objects/python-etvx-event-log/definition.json)
- Event log object template to share information of the activities conducted on
a system. .
-- [objects/r2graphity](objects/r2graphity/definition.json) - Indicators
extracted from files using radare2 and graphml.
-- [objects/reddit-account](objects/reddit-account/definition.json) - Reddit
account.
-- [objects/reddit-comment](objects/reddit-comment/definition.json) - A Reddit
post comment.
-- [objects/reddit-post](objects/reddit-post/definition.json) - A Reddit post.
-- [objects/reddit-subreddit](objects/reddit-subreddit/definition.json) -
Public or private subreddit.
-- [objects/regexp](objects/regexp/definition.json) - An object describing a
regular expression (regex or regexp). The object can be linked via a
relationship to other attributes or objects to describe how it can be
represented as a regular expression.
-- [objects/registry-key](objects/registry-key/definition.json) - Registry key
object describing a Windows registry key with value and last-modified timestamp.
-- [objects/regripper-NTUser](objects/regripper-NTUser/definition.json) -
Regripper Object template designed to present user specific configuration
details extracted from the NTUSER.dat hive.
--
[objects/regripper-sam-hive-single-user](objects/regripper-sam-hive-single-user/definition.json)
- Regripper Object template designed to present user profile details extracted
from the SAM hive.
--
[objects/regripper-sam-hive-user-group](objects/regripper-sam-hive-user-group/definition.json)
- Regripper Object template designed to present group profile details
extracted from the SAM hive.
--
[objects/regripper-software-hive-BHO](objects/regripper-software-hive-BHO/definition.json)
- Regripper Object template designed to gather information of the browser
helper objects installed on the system.
--
[objects/regripper-software-hive-appInit-DLLS](objects/regripper-software-hive-appInit-DLLS/definition.json)
- Regripper Object template designed to gather information of the DLL files
installed on the system.
--
[objects/regripper-software-hive-application-paths](objects/regripper-software-hive-application-paths/definition.json)
- Regripper Object template designed to gather information of the application
paths.
--
[objects/regripper-software-hive-applications-installed](objects/regripper-software-hive-applications-installed/definition.json)
- Regripper Object template designed to gather information of the applications
installed on the system.
--
[objects/regripper-software-hive-command-shell](objects/regripper-software-hive-command-shell/definition.json)
- Regripper Object template designed to gather information of the shell
commands executed on the system.
--
[objects/regripper-software-hive-software-run](objects/regripper-software-hive-software-run/definition.json)
- Regripper Object template designed to gather information of the applications
set to run on the system.
--
[objects/regripper-software-hive-userprofile-winlogon](objects/regripper-software-hive-userprofile-winlogon/definition.json)
- Regripper Object template designed to gather user profile information when
the user logs onto the system, gathered from the software hive.
--
[objects/regripper-software-hive-windows-general-info](objects/regripper-software-hive-windows-general-info/definition.json)
- Regripper Object template designed to gather general windows information
extracted from the software-hive.
--
[objects/regripper-system-hive-firewall-configuration](objects/regripper-system-hive-firewall-configuration/definition.json)
- Regripper Object template designed to present firewall configuration
information extracted from the system-hive.
--
[objects/regripper-system-hive-general-configuration](objects/regripper-system-hive-general-configuration/definition.json)
- Regripper Object template designed to present general system properties
extracted from the system-hive.
--
[objects/regripper-system-hive-network-information](objects/regripper-system-hive-network-information/definition.json)
- Regripper object template designed to gather network information from the
system-hive.
--
[objects/regripper-system-hive-services-drivers](objects/regripper-system-hive-services-drivers/definition.json)
- Regripper Object template designed to gather information regarding the
services/drivers from the system-hive.
-- [objects/report](objects/report/definition.json) - Metadata used to generate
an executive level report.
-- [objects/research-scanner](objects/research-scanner/definition.json) -
Information related to known scanning activity (e.g. from research projects).
-- [objects/rogue-dns](objects/rogue-dns/definition.json) - Rogue DNS as
defined by CERT.br.
-- [objects/rtir](objects/rtir/definition.json) - RTIR - Request Tracker for
Incident Response.
-- [objects/sandbox-report](objects/sandbox-report/definition.json) - Sandbox
report.
-- [objects/sb-signature](objects/sb-signature/definition.json) - Sandbox
detection signature.
-- [objects/scheduled-event](objects/scheduled-event/definition.json) - Event
object template describing a gathering of individuals in meatspace.
-- [objects/scrippsco2-c13-daily](objects/scrippsco2-c13-daily/definition.json)
- Daily average C13 concentrations (ppm) derived from flask air samples.
--
[objects/scrippsco2-c13-monthly](objects/scrippsco2-c13-monthly/definition.json)
- Monthly average C13 concentrations (ppm) derived from flask air samples.
-- [objects/scrippsco2-co2-daily](objects/scrippsco2-co2-daily/definition.json)
- Daily average CO2 concentrations (ppm) derived from flask air samples.
--
[objects/scrippsco2-co2-monthly](objects/scrippsco2-co2-monthly/definition.json)
- Monthly average CO2 concentrations (ppm) derived from flask air samples.
-- [objects/scrippsco2-o18-daily](objects/scrippsco2-o18-daily/definition.json)
- Daily average O18 concentrations (ppm) derived from flask air samples.
--
[objects/scrippsco2-o18-monthly](objects/scrippsco2-o18-monthly/definition.json)
- Monthly average O18 concentrations (ppm) derived from flask air samples.
-- [objects/script](objects/script/definition.json) - Object describing a
computer program written to be run in a special run-time environment. The
script or shell script can be used for malicious activities but also as support
tools for threat analysts.
-- [objects/shell-commands](objects/shell-commands/definition.json) - Object
describing a series of shell commands executed. This object can be linked with
malicious files in order to describe a specific execution of shell commands.
-- [objects/shodan-report](objects/shodan-report/definition.json) - Shodan
Report for a given IP.
--
[objects/short-message-service](objects/short-message-service/definition.json)
- Short Message Service (SMS) object template describing one or more SMS
message. Restriction of the initial format 3GPP 23.038 GSM character set
doesn't apply.
-- [objects/shortened-link](objects/shortened-link/definition.json) - Shortened
link and its redirect target.
-- [objects/social-media-group](objects/social-media-group/definition.json) -
Social media group object template describing a public or private group or
channel.
-- [objects/splunk](objects/splunk/definition.json) - Splunk / Splunk ES object.
-- [objects/ss7-attack](objects/ss7-attack/definition.json) - SS7 object of an
attack seen on a GSM, UMTS or LTE network via SS7 logging.
-- [objects/ssh-authorized-keys](objects/ssh-authorized-keys/definition.json) -
An object to store ssh authorized keys file.
-- [objects/stix2-pattern](objects/stix2-pattern/definition.json) - An object
describing a STIX pattern. The object can be linked via a relationship to other
attributes or objects to describe how it can be represented as a STIX pattern.
-- [objects/suricata](objects/suricata/definition.json) - An object describing
one or more Suricata rule(s) along with version and contextual information.
-- [objects/target-system](objects/target-system/definition.json) - Description
about an targeted system, this could potentially be a compromissed internal
system.
-- [objects/threatgrid-report](objects/threatgrid-report/definition.json) -
ThreatGrid report.
-- [objects/timecode](objects/timecode/definition.json) - Timecode object to
describe a start of video sequence (e.g. CCTV evidence) and the end of the
video sequence.
-- [objects/timesketch-timeline](objects/timesketch-timeline/definition.json) -
A timesketch timeline object based on mandatory field in timesketch to describe
a log entry.
-- [objects/timesketch_message](objects/timesketch_message/definition.json) - A
timesketch message entry.
-- [objects/timestamp](objects/timestamp/definition.json) - A generic timestamp
object to represent time including first time and last time seen. Relationship
will then define the kind of time relationship.
-- [objects/tor-hiddenservice](objects/tor-hiddenservice/definition.json) - Tor
hidden service (onion service) object.
-- [objects/tor-node](objects/tor-node/definition.json) - Tor node (which
protects your privacy on the internet by hiding the connection between users
Internet address and the services used by the users) description which are part
of the Tor network at a time.
-- [objects/tracking-id](objects/tracking-id/definition.json) - Analytics and
tracking ID such as used in Google Analytics or other analytic platform.
-- [objects/transaction](objects/transaction/definition.json) - An object to
describe a financial transaction.
-- [objects/translation](objects/translation/definition.json) - Used to keep a
text and its translation.
-- [objects/trustar_report](objects/trustar_report/definition.json) - TruStar
Report.
-- [objects/tsk-chats](objects/tsk-chats/definition.json) - An Object Template
to gather information from evidential or interesting exchange of messages
identified during a digital forensic investigation.
-- [objects/tsk-web-bookmark](objects/tsk-web-bookmark/definition.json) - An
Object Template to add evidential bookmarks identified during a digital
forensic investigation.
-- [objects/tsk-web-cookie](objects/tsk-web-cookie/definition.json) - An
TSK-Autopsy Object Template to represent cookies identified during a forensic
investigation.
-- [objects/tsk-web-downloads](objects/tsk-web-downloads/definition.json) - An
Object Template to add web-downloads.
-- [objects/tsk-web-history](objects/tsk-web-history/definition.json) - An
Object Template to share web history information.
-- [objects/tsk-web-search-query](objects/tsk-web-search-query/definition.json)
- An Object Template to share web search query information.
-- [objects/twitter-account](objects/twitter-account/definition.json) - Twitter
account.
-- [objects/twitter-list](objects/twitter-list/definition.json) - Twitter list.
-- [objects/twitter-post](objects/twitter-post/definition.json) - Twitter post
(tweet).
-- [objects/url](objects/url/definition.json) - url object describes an url
along with its normalized field (like extracted using faup parsing library) and
its metadata.
-- [objects/user-account](objects/user-account/definition.json) - .
-- [objects/vehicle](objects/vehicle/definition.json) - Vehicle object template
to describe a vehicle information and registration.
-- [objects/victim](objects/victim/definition.json) - Victim object describes
the target of an attack or abuse.
-- [objects/virustotal-graph](objects/virustotal-graph/definition.json) -
VirusTotal graph.
-- [objects/virustotal-report](objects/virustotal-report/definition.json) -
VirusTotal report.
-- [objects/vulnerability](objects/vulnerability/definition.json) -
Vulnerability object describing a common vulnerability enumeration which can
describe published, unpublished, under review or embargo vulnerability for
software, equipments or hardware.
-- [objects/weakness](objects/weakness/definition.json) - Weakness object
describing a common weakness enumeration which can describe usable, incomplete,
draft or deprecated weakness for software, equipment of hardware.
-- [objects/whois](objects/whois/definition.json) - Whois records information
for a domain name or an IP address.
-- [objects/x509](objects/x509/definition.json) - x509 object describing a
X.509 certificate.
-- [objects/yabin](objects/yabin/definition.json) - yabin.py generates Yara
rules from function prologs, for matching and hunting binaries. ref:
https://github.com/AlienVault-OTX/yabin.
-- [objects/yara](objects/yara/definition.json) - An object describing a YARA
rule (or a YARA rule name) along with its version.
-- [objects/youtube-channel](objects/youtube-channel/definition.json) - A
YouTube channel.
-- [objects/youtube-comment](objects/youtube-comment/definition.json) - A
YouTube video comment.
-- [objects/youtube-playlist](objects/youtube-playlist/definition.json) - A
YouTube playlist.
-- [objects/youtube-video](objects/youtube-video/definition.json) - A YouTube
video.
-
+-
[objects/ftm-ContractAward](https://github.com/MISP/misp-objects/blob/main/objects/ftm-ContractAward/definition.json)
- A contract or contract lot as awarded to a supplier.
+-
[objects/ftm-CourtCase](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCase/definition.json)
- .
+-
[objects/ftm-CourtCaseParty](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCaseParty/definition.json)
- .
+-
[objects/ftm-Debt](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Debt/definition.json)
- A monetary debt between two parties.
+-
[objects/ftm-Directorship](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Directorship/definition.json)
- .
+-
[objects/ftm-Document](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Document/definition.json)
- .
+-
[objects/ftm-Documentation](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Documentation/definition.json)
- .
+-
[objects/ftm-EconomicActivity](https://github.com/MISP/misp-objects/blob/main/objects/ftm-EconomicActivity/definition.json)
- A foreign economic activity.
+-
[objects/ftm-Email](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Email/definition.json)
- .
+-
[objects/ftm-Event](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Event/definition.json)
- .
+-
[objects/ftm-Family](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Family/definition.json)
- Family relationship between two people.
+-
[objects/ftm-Folder](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Folder/definition.json)
- .
+-
[objects/ftm-HyperText](https://github.com/MISP/misp-objects/blob/main/objects/ftm-HyperText/definition.json)
- .
+-
[objects/ftm-Image](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Image/definition.json)
- .
+-
[objects/ftm-Land](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Land/definition.json)
- .
+-
[objects/ftm-LegalEntity](https://github.com/MISP/misp-objects/blob/main/objects/ftm-LegalEntity/definition.json)
- A legal entity may be a person or a company.
+-
[objects/ftm-License](https://github.com/MISP/misp-objects/blob/main/objects/ftm-License/definition.json)
- A grant of land, rights or property. A type of Contract.
+-
[objects/ftm-Membership](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Membership/definition.json)
- .
+-
[objects/ftm-Message](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Message/definition.json)
- .
+-
[objects/ftm-Organization](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Organization/definition.json)
- .
+-
[objects/ftm-Ownership](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Ownership/definition.json)
- .
+-
[objects/ftm-Package](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Package/definition.json)
- .
+-
[objects/ftm-Page](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Page/definition.json)
- .
+-
[objects/ftm-Pages](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Pages/definition.json)
- .
+-
[objects/ftm-Passport](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Passport/definition.json)
- Passport.
+-
[objects/ftm-Payment](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Payment/definition.json)
- A monetary payment between two parties.
+-
[objects/ftm-Person](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Person/definition.json)
- An individual.
+-
[objects/ftm-PlainText](https://github.com/MISP/misp-objects/blob/main/objects/ftm-PlainText/definition.json)
- .
+-
[objects/ftm-PublicBody](https://github.com/MISP/misp-objects/blob/main/objects/ftm-PublicBody/definition.json)
- A public body, such as a ministry, department or state company.
+-
[objects/ftm-RealEstate](https://github.com/MISP/misp-objects/blob/main/objects/ftm-RealEstate/definition.json)
- A piece of land or property.
+-
[objects/ftm-Representation](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Representation/definition.json)
- A mediatory, intermediary, middleman, or broker acting on behalf of a legal
entity.
+-
[objects/ftm-Row](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Row/definition.json)
- .
+-
[objects/ftm-Sanction](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Sanction/definition.json)
- A sanction designation.
+-
[objects/ftm-Succession](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Succession/definition.json)
- Two entities that legally succeed each other.
+-
[objects/ftm-Table](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Table/definition.json)
- .
+-
[objects/ftm-TaxRoll](https://github.com/MISP/misp-objects/blob/main/objects/ftm-TaxRoll/definition.json)
- A tax declaration of an individual.
+-
[objects/ftm-UnknownLink](https://github.com/MISP/misp-objects/blob/main/objects/ftm-UnknownLink/definition.json)
- .
+-
[objects/ftm-UserAccount](https://github.com/MISP/misp-objects/blob/main/objects/ftm-UserAccount/definition.json)
- .
+-
[objects/ftm-Vehicle](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Vehicle/definition.json)
- .
+-
[objects/ftm-Vessel](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Vessel/definition.json)
- A boat or ship.
+-
[objects/ftm-Video](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Video/definition.json)
- .
+-
[objects/ftm-Workbook](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Workbook/definition.json)
- .
+-
[objects/geolocation](https://github.com/MISP/misp-objects/blob/main/objects/geolocation/definition.json)
- An object to describe a geographic location.
+-
[objects/git-vuln-finder](https://github.com/MISP/misp-objects/blob/main/objects/git-vuln-finder/definition.json)
- Export from git-vuln-finder.
+-
[objects/github-user](https://github.com/MISP/misp-objects/blob/main/objects/github-user/definition.json)
- GitHub user.
+-
[objects/gitlab-user](https://github.com/MISP/misp-objects/blob/main/objects/gitlab-user/definition.json)
- GitLab user. Gitlab.com user or self-hosted GitLab instance.
+-
[objects/gtp-attack](https://github.com/MISP/misp-objects/blob/main/objects/gtp-attack/definition.json)
- GTP attack object as seen on a GSM, UMTS or LTE network.
+-
[objects/http-request](https://github.com/MISP/misp-objects/blob/main/objects/http-request/definition.json)
- A single HTTP request header.
+-
[objects/ilr-impact](https://github.com/MISP/misp-objects/blob/main/objects/ilr-impact/definition.json)
- Institut Luxembourgeois de Regulation - Impact.
+-
[objects/ilr-notification-incident](https://github.com/MISP/misp-objects/blob/main/objects/ilr-notification-incident/definition.json)
- Institut Luxembourgeois de Regulation - Notification d'incident.
+-
[objects/image](https://github.com/MISP/misp-objects/blob/main/objects/image/definition.json)
- Object describing an image file.
+-
[objects/impersonation](https://github.com/MISP/misp-objects/blob/main/objects/impersonation/definition.json)
- Represent an impersonating account.
+-
[objects/imsi-catcher](https://github.com/MISP/misp-objects/blob/main/objects/imsi-catcher/definition.json)
- IMSI Catcher entry object based on the open source IMSI cather.
+-
[objects/instant-message](https://github.com/MISP/misp-objects/blob/main/objects/instant-message/definition.json)
- Instant Message (IM) object template describing one or more IM message.
+-
[objects/instant-message-group](https://github.com/MISP/misp-objects/blob/main/objects/instant-message-group/definition.json)
- Instant Message (IM) group object template describing a public or private IM
group, channel or conversation.
+-
[objects/intel471-vulnerability-intelligence](https://github.com/MISP/misp-objects/blob/main/objects/intel471-vulnerability-intelligence/definition.json)
- Intel 471 vulnerability intelligence object.
+-
[objects/intelmq_event](https://github.com/MISP/misp-objects/blob/main/objects/intelmq_event/definition.json)
- IntelMQ Event.
+-
[objects/intelmq_report](https://github.com/MISP/misp-objects/blob/main/objects/intelmq_report/definition.json)
- IntelMQ Report.
+-
[objects/internal-reference](https://github.com/MISP/misp-objects/blob/main/objects/internal-reference/definition.json)
- Internal reference.
+-
[objects/interpol-notice](https://github.com/MISP/misp-objects/blob/main/objects/interpol-notice/definition.json)
- An object which describes a Interpol notice.
+-
[objects/iot-device](https://github.com/MISP/misp-objects/blob/main/objects/iot-device/definition.json)
- An IoT device.
+-
[objects/iot-firmware](https://github.com/MISP/misp-objects/blob/main/objects/iot-firmware/definition.json)
- A firmware for an IoT device.
+-
[objects/ip-api-address](https://github.com/MISP/misp-objects/blob/main/objects/ip-api-address/definition.json)
- IP Address information. Useful if you are pulling your ip information from
ip-api.com.
+-
[objects/ip-port](https://github.com/MISP/misp-objects/blob/main/objects/ip-port/definition.json)
- An IP address (or domain or hostname) and a port seen as a tuple (or as a
triple) in a specific time frame.
+-
[objects/irc](https://github.com/MISP/misp-objects/blob/main/objects/irc/definition.json)
- An IRC object to describe an IRC server and the associated channels.
+-
[objects/ja3](https://github.com/MISP/misp-objects/blob/main/objects/ja3/definition.json)
- JA3 is a new technique for creating SSL client fingerprints that are easy to
produce and can be easily shared for threat intelligence. Fingerprints are
composed of Client Hello packet; SSL Version, Accepted Ciphers, List of
Extensions, Elliptic Curves, and Elliptic Curve Formats.
https://github.com/salesforce/ja3.
+-
[objects/jarm](https://github.com/MISP/misp-objects/blob/main/objects/jarm/definition.json)
- Jarm object to describe an TLS/SSL implementation used for malicious or
legitimate use-case.
+-
[objects/keybase-account](https://github.com/MISP/misp-objects/blob/main/objects/keybase-account/definition.json)
- Information related to a keybase account, from API Users Object.
+-
[objects/leaked-document](https://github.com/MISP/misp-objects/blob/main/objects/leaked-document/definition.json)
- Object describing a leaked document.
+-
[objects/legal-entity](https://github.com/MISP/misp-objects/blob/main/objects/legal-entity/definition.json)
- An object to describe a legal entity.
+-
[objects/lnk](https://github.com/MISP/misp-objects/blob/main/objects/lnk/definition.json)
- LNK object describing a Windows LNK binary file (aka Windows shortcut).
+-
[objects/macho](https://github.com/MISP/misp-objects/blob/main/objects/macho/definition.json)
- Object describing a file in Mach-O format.
+-
[objects/macho-section](https://github.com/MISP/misp-objects/blob/main/objects/macho-section/definition.json)
- Object describing a section of a file in Mach-O format.
+-
[objects/mactime-timeline-analysis](https://github.com/MISP/misp-objects/blob/main/objects/mactime-timeline-analysis/definition.json)
- Mactime template, used in forensic investigations to describe the timeline
of a file activity.
+-
[objects/malware-config](https://github.com/MISP/misp-objects/blob/main/objects/malware-config/definition.json)
- Malware configuration recovered or extracted from a malicious binary.
+-
[objects/meme-image](https://github.com/MISP/misp-objects/blob/main/objects/meme-image/definition.json)
- Object describing a meme (image).
+-
[objects/microblog](https://github.com/MISP/misp-objects/blob/main/objects/microblog/definition.json)
- Microblog post like a Twitter tweet or a post on a Facebook wall.
+-
[objects/mutex](https://github.com/MISP/misp-objects/blob/main/objects/mutex/definition.json)
- Object to describe mutual exclusion locks (mutex) as seen in memory or
computer program.
+-
[objects/narrative](https://github.com/MISP/misp-objects/blob/main/objects/narrative/definition.json)
- Object describing a narrative.
+-
[objects/netflow](https://github.com/MISP/misp-objects/blob/main/objects/netflow/definition.json)
- Netflow object describes an network object based on the Netflowv5/v9 minimal
definition.
+-
[objects/network-connection](https://github.com/MISP/misp-objects/blob/main/objects/network-connection/definition.json)
- A local or remote network connection.
+-
[objects/network-profile](https://github.com/MISP/misp-objects/blob/main/objects/network-profile/definition.json)
- Elements that can be used to profile, pivot or identify a network
infrastructure, including domains, ip and urls.
+-
[objects/network-socket](https://github.com/MISP/misp-objects/blob/main/objects/network-socket/definition.json)
- Network socket object describes a local or remote network connections based
on the socket data structure.
+-
[objects/news-agency](https://github.com/MISP/misp-objects/blob/main/objects/news-agency/definition.json)
- News agencies compile news and disseminate news in bulk.
+-
[objects/news-media](https://github.com/MISP/misp-objects/blob/main/objects/news-media/definition.json)
- News media are forms of mass media delivering news to the general public.
+-
[objects/organization](https://github.com/MISP/misp-objects/blob/main/objects/organization/definition.json)
- An object which describes an organization.
+-
[objects/original-imported-file](https://github.com/MISP/misp-objects/blob/main/objects/original-imported-file/definition.json)
- Object describing the original file used to import data in MISP.
+-
[objects/paloalto-threat-event](https://github.com/MISP/misp-objects/blob/main/objects/paloalto-threat-event/definition.json)
- Palo Alto Threat Log Event.
+-
[objects/parler-account](https://github.com/MISP/misp-objects/blob/main/objects/parler-account/definition.json)
- Parler account.
+-
[objects/parler-comment](https://github.com/MISP/misp-objects/blob/main/objects/parler-comment/definition.json)
- Parler comment.
+-
[objects/parler-post](https://github.com/MISP/misp-objects/blob/main/objects/parler-post/definition.json)
- Parler post (parley).
+-
[objects/passive-dns](https://github.com/MISP/misp-objects/blob/main/objects/passive-dns/definition.json)
- Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01.
+-
[objects/paste](https://github.com/MISP/misp-objects/blob/main/objects/paste/definition.json)
- Paste or similar post from a website allowing to share privately or publicly
posts.
+-
[objects/pcap-metadata](https://github.com/MISP/misp-objects/blob/main/objects/pcap-metadata/definition.json)
- Network packet capture metadata.
+-
[objects/pe](https://github.com/MISP/misp-objects/blob/main/objects/pe/definition.json)
- Object describing a Portable Executable.
+-
[objects/pe-section](https://github.com/MISP/misp-objects/blob/main/objects/pe-section/definition.json)
- Object describing a section of a Portable Executable.
+-
[objects/person](https://github.com/MISP/misp-objects/blob/main/objects/person/definition.json)
- An object which describes a person or an identity.
+-
[objects/pgp-meta](https://github.com/MISP/misp-objects/blob/main/objects/pgp-meta/definition.json)
- Metadata extracted from a PGP keyblock, message or signature.
+-
[objects/phishing](https://github.com/MISP/misp-objects/blob/main/objects/phishing/definition.json)
- Phishing template to describe a phishing website and its analysis.
+-
[objects/phishing-kit](https://github.com/MISP/misp-objects/blob/main/objects/phishing-kit/definition.json)
- Object to describe a phishing-kit.
+-
[objects/phone](https://github.com/MISP/misp-objects/blob/main/objects/phone/definition.json)
- A phone or mobile phone object which describe a phone.
+-
[objects/process](https://github.com/MISP/misp-objects/blob/main/objects/process/definition.json)
- Object describing a system process.
+-
[objects/publication](https://github.com/MISP/misp-objects/blob/main/objects/publication/definition.json)
- An object to describe a book, journal, or academic publication.
+-
[objects/python-etvx-event-log](https://github.com/MISP/misp-objects/blob/main/objects/python-etvx-event-log/definition.json)
- Event log object template to share information of the activities conducted
on a system. .
+-
[objects/r2graphity](https://github.com/MISP/misp-objects/blob/main/objects/r2graphity/definition.json)
- Indicators extracted from files using radare2 and graphml.
+-
[objects/reddit-account](https://github.com/MISP/misp-objects/blob/main/objects/reddit-account/definition.json)
- Reddit account.
+-
[objects/reddit-comment](https://github.com/MISP/misp-objects/blob/main/objects/reddit-comment/definition.json)
- A Reddit post comment.
+-
[objects/reddit-post](https://github.com/MISP/misp-objects/blob/main/objects/reddit-post/definition.json)
- A Reddit post.
+-
[objects/reddit-subreddit](https://github.com/MISP/misp-objects/blob/main/objects/reddit-subreddit/definition.json)
- Public or private subreddit.
+-
[objects/regexp](https://github.com/MISP/misp-objects/blob/main/objects/regexp/definition.json)
- An object describing a regular expression (regex or regexp). The object can
be linked via a relationship to other attributes or objects to describe how it
can be represented as a regular expression.
+-
[objects/registry-key](https://github.com/MISP/misp-objects/blob/main/objects/registry-key/definition.json)
- Registry key object describing a Windows registry key with value and
last-modified timestamp.
+-
[objects/regripper-NTUser](https://github.com/MISP/misp-objects/blob/main/objects/regripper-NTUser/definition.json)
- Regripper Object template designed to present user specific configuration
details extracted from the NTUSER.dat hive.
+-
[objects/regripper-sam-hive-single-user](https://github.com/MISP/misp-objects/blob/main/objects/regripper-sam-hive-single-user/definition.json)
- Regripper Object template designed to present user profile details extracted
from the SAM hive.
+-
[objects/regripper-sam-hive-user-group](https://github.com/MISP/misp-objects/blob/main/objects/regripper-sam-hive-user-group/definition.json)
- Regripper Object template designed to present group profile details
extracted from the SAM hive.
+-
[objects/regripper-software-hive-BHO](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-BHO/definition.json)
- Regripper Object template designed to gather information of the browser
helper objects installed on the system.
+-
[objects/regripper-software-hive-appInit-DLLS](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-appInit-DLLS/definition.json)
- Regripper Object template designed to gather information of the DLL files
installed on the system.
+-
[objects/regripper-software-hive-application-paths](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-application-paths/definition.json)
- Regripper Object template designed to gather information of the application
paths.
+-
[objects/regripper-software-hive-applications-installed](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-applications-installed/definition.json)
- Regripper Object template designed to gather information of the applications
installed on the system.
+-
[objects/regripper-software-hive-command-shell](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-command-shell/definition.json)
- Regripper Object template designed to gather information of the shell
commands executed on the system.
+-
[objects/regripper-software-hive-software-run](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-software-run/definition.json)
- Regripper Object template designed to gather information of the applications
set to run on the system.
+-
[objects/regripper-software-hive-userprofile-winlogon](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-userprofile-winlogon/definition.json)
- Regripper Object template designed to gather user profile information when
the user logs onto the system, gathered from the software hive.
+-
[objects/regripper-software-hive-windows-general-info](https://github.com/MISP/misp-objects/blob/main/objects/regripper-software-hive-windows-general-info/definition.json)
- Regripper Object template designed to gather general windows information
extracted from the software-hive.
+-
[objects/regripper-system-hive-firewall-configuration](https://github.com/MISP/misp-objects/blob/main/objects/regripper-system-hive-firewall-configuration/definition.json)
- Regripper Object template designed to present firewall configuration
information extracted from the system-hive.
+-
[objects/regripper-system-hive-general-configuration](https://github.com/MISP/misp-objects/blob/main/objects/regripper-system-hive-general-configuration/definition.json)
- Regripper Object template designed to present general system properties
extracted from the system-hive.
+-
[objects/regripper-system-hive-network-information](https://github.com/MISP/misp-objects/blob/main/objects/regripper-system-hive-network-information/definition.json)
- Regripper object template designed to gather network information from the
system-hive.
+-
[objects/regripper-system-hive-services-drivers](https://github.com/MISP/misp-objects/blob/main/objects/regripper-system-hive-services-drivers/definition.json)
- Regripper Object template designed to gather information regarding the
services/drivers from the system-hive.
+-
[objects/report](https://github.com/MISP/misp-objects/blob/main/objects/report/definition.json)
- Metadata used to generate an executive level report.
+-
[objects/research-scanner](https://github.com/MISP/misp-objects/blob/main/objects/research-scanner/definition.json)
- Information related to known scanning activity (e.g. from research projects).
+-
[objects/rogue-dns](https://github.com/MISP/misp-objects/blob/main/objects/rogue-dns/definition.json)
- Rogue DNS as defined by CERT.br.
+-
[objects/rtir](https://github.com/MISP/misp-objects/blob/main/objects/rtir/definition.json)
- RTIR - Request Tracker for Incident Response.
+-
[objects/sandbox-report](https://github.com/MISP/misp-objects/blob/main/objects/sandbox-report/definition.json)
- Sandbox report.
+-
[objects/sb-signature](https://github.com/MISP/misp-objects/blob/main/objects/sb-signature/definition.json)
- Sandbox detection signature.
+-
[objects/scheduled-event](https://github.com/MISP/misp-objects/blob/main/objects/scheduled-event/definition.json)
- Event object template describing a gathering of individuals in meatspace.
+-
[objects/scrippsco2-c13-daily](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-c13-daily/definition.json)
- Daily average C13 concentrations (ppm) derived from flask air samples.
+-
[objects/scrippsco2-c13-monthly](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-c13-monthly/definition.json)
- Monthly average C13 concentrations (ppm) derived from flask air samples.
+-
[objects/scrippsco2-co2-daily](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-co2-daily/definition.json)
- Daily average CO2 concentrations (ppm) derived from flask air samples.
+-
[objects/scrippsco2-co2-monthly](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-co2-monthly/definition.json)
- Monthly average CO2 concentrations (ppm) derived from flask air samples.
+-
[objects/scrippsco2-o18-daily](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-o18-daily/definition.json)
- Daily average O18 concentrations (ppm) derived from flask air samples.
+-
[objects/scrippsco2-o18-monthly](https://github.com/MISP/misp-objects/blob/main/objects/scrippsco2-o18-monthly/definition.json)
- Monthly average O18 concentrations (ppm) derived from flask air samples.
+-
[objects/script](https://github.com/MISP/misp-objects/blob/main/objects/script/definition.json)
- Object describing a computer program written to be run in a special run-time
environment. The script or shell script can be used for malicious activities
but also as support tools for threat analysts.
+-
[objects/shell-commands](https://github.com/MISP/misp-objects/blob/main/objects/shell-commands/definition.json)
- Object describing a series of shell commands executed. This object can be
linked with malicious files in order to describe a specific execution of shell
commands.
+-
[objects/shodan-report](https://github.com/MISP/misp-objects/blob/main/objects/shodan-report/definition.json)
- Shodan Report for a given IP.
+-
[objects/short-message-service](https://github.com/MISP/misp-objects/blob/main/objects/short-message-service/definition.json)
- Short Message Service (SMS) object template describing one or more SMS
message. Restriction of the initial format 3GPP 23.038 GSM character set
doesn't apply.
+-
[objects/shortened-link](https://github.com/MISP/misp-objects/blob/main/objects/shortened-link/definition.json)
- Shortened link and its redirect target.
+-
[objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json)
- Social media group object template describing a public or private group or
channel.
+-
[objects/splunk](https://github.com/MISP/misp-objects/blob/main/objects/splunk/definition.json)
- Splunk / Splunk ES object.
+-
[objects/ss7-attack](https://github.com/MISP/misp-objects/blob/main/objects/ss7-attack/definition.json)
- SS7 object of an attack seen on a GSM, UMTS or LTE network via SS7 logging.
+-
[objects/ssh-authorized-keys](https://github.com/MISP/misp-objects/blob/main/objects/ssh-authorized-keys/definition.json)
- An object to store ssh authorized keys file.
+-
[objects/stix2-pattern](https://github.com/MISP/misp-objects/blob/main/objects/stix2-pattern/definition.json)
- An object describing a STIX pattern. The object can be linked via a
relationship to other attributes or objects to describe how it can be
represented as a STIX pattern.
+-
[objects/suricata](https://github.com/MISP/misp-objects/blob/main/objects/suricata/definition.json)
- An object describing one or more Suricata rule(s) along with version and
contextual information.
+-
[objects/target-system](https://github.com/MISP/misp-objects/blob/main/objects/target-system/definition.json)
- Description about an targeted system, this could potentially be a
compromissed internal system.
+-
[objects/telegram-account](https://github.com/MISP/misp-objects/blob/main/objects/telegram-account/definition.json)
- Information related to a telegram account.
+-
[objects/threatgrid-report](https://github.com/MISP/misp-objects/blob/main/objects/threatgrid-report/definition.json)
- ThreatGrid report.
+-
[objects/timecode](https://github.com/MISP/misp-objects/blob/main/objects/timecode/definition.json)
- Timecode object to describe a start of video sequence (e.g. CCTV evidence)
and the end of the video sequence.
+-
[objects/timesketch-timeline](https://github.com/MISP/misp-objects/blob/main/objects/timesketch-timeline/definition.json)
- A timesketch timeline object based on mandatory field in timesketch to
describe a log entry.
+-
[objects/timesketch_message](https://github.com/MISP/misp-objects/blob/main/objects/timesketch_message/definition.json)
- A timesketch message entry.
+-
[objects/timestamp](https://github.com/MISP/misp-objects/blob/main/objects/timestamp/definition.json)
- A generic timestamp object to represent time including first time and last
time seen. Relationship will then define the kind of time relationship.
+-
[objects/tor-hiddenservice](https://github.com/MISP/misp-objects/blob/main/objects/tor-hiddenservice/definition.json)
- Tor hidden service (onion service) object.
+-
[objects/tor-node](https://github.com/MISP/misp-objects/blob/main/objects/tor-node/definition.json)
- Tor node (which protects your privacy on the internet by hiding the
connection between users Internet address and the services used by the users)
description which are part of the Tor network at a time.
+-
[objects/tracking-id](https://github.com/MISP/misp-objects/blob/main/objects/tracking-id/definition.json)
- Analytics and tracking ID such as used in Google Analytics or other analytic
platform.
+-
[objects/transaction](https://github.com/MISP/misp-objects/blob/main/objects/transaction/definition.json)
- An object to describe a financial transaction.
+-
[objects/translation](https://github.com/MISP/misp-objects/blob/main/objects/translation/definition.json)
- Used to keep a text and its translation.
+-
[objects/trustar_report](https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json)
- TruStar Report.
+-
[objects/tsk-chats](https://github.com/MISP/misp-objects/blob/main/objects/tsk-chats/definition.json)
- An Object Template to gather information from evidential or interesting
exchange of messages identified during a digital forensic investigation.
+-
[objects/tsk-web-bookmark](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-bookmark/definition.json)
- An Object Template to add evidential bookmarks identified during a digital
forensic investigation.
+-
[objects/tsk-web-cookie](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-cookie/definition.json)
- An TSK-Autopsy Object Template to represent cookies identified during a
forensic investigation.
+-
[objects/tsk-web-downloads](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-downloads/definition.json)
- An Object Template to add web-downloads.
+-
[objects/tsk-web-history](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-history/definition.json)
- An Object Template to share web history information.
+-
[objects/tsk-web-search-query](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-search-query/definition.json)
- An Object Template to share web search query information.
+-
[objects/twitter-account](https://github.com/MISP/misp-objects/blob/main/objects/twitter-account/definition.json)
- Twitter account.
+-
[objects/twitter-list](https://github.com/MISP/misp-objects/blob/main/objects/twitter-list/definition.json)
- Twitter list.
+-
[objects/twitter-post](https://github.com/MISP/misp-objects/blob/main/objects/twitter-post/definition.json)
- Twitter post (tweet).
+-
[objects/url](https://github.com/MISP/misp-objects/blob/main/objects/url/definition.json)
- url object describes an url along with its normalized field (like extracted
using faup parsing library) and its metadata.
+-
[objects/user-account](https://github.com/MISP/misp-objects/blob/main/objects/user-account/definition.json)
- .
+-
[objects/vehicle](https://github.com/MISP/misp-objects/blob/main/objects/vehicle/definition.json)
- Vehicle object template to describe a vehicle information and registration.
+-
[objects/victim](https://github.com/MISP/misp-objects/blob/main/objects/victim/definition.json)
- Victim object describes the target of an attack or abuse.
+-
[objects/virustotal-graph](https://github.com/MISP/misp-objects/blob/main/objects/virustotal-graph/definition.json)
- VirusTotal graph.
+-
[objects/virustotal-report](https://github.com/MISP/misp-objects/blob/main/objects/virustotal-report/definition.json)
- VirusTotal report.
+-
[objects/vulnerability](https://github.com/MISP/misp-objects/blob/main/objects/vulnerability/definition.json)
- Vulnerability object describing a common vulnerability enumeration which can
describe published, unpublished, under review or embargo vulnerability for
software, equipments or hardware.
+-
[objects/weakness](https://github.com/MISP/misp-objects/blob/main/objects/weakness/definition.json)
- Weakness object describing a common weakness enumeration which can describe
usable, incomplete, draft or deprecated weakness for software, equipment of
hardware.
+-
[objects/whois](https://github.com/MISP/misp-objects/blob/main/objects/whois/definition.json)
- Whois records information for a domain name or an IP address.
+-
[objects/windows-service](https://github.com/MISP/misp-objects/blob/main/objects/windows-service/definition.json)
- Windows service and detailed about a service running a Windows operating
system.
+-
[objects/x509](https://github.com/MISP/misp-objects/blob/main/objects/x509/definition.json)
- x509 object describing a X.509 certificate.
+-
[objects/yabin](https://github.com/MISP/misp-objects/blob/main/objects/yabin/definition.json)
- yabin.py generates Yara rules from function prologs, for matching and
hunting binaries. ref: https://github.com/AlienVault-OTX/yabin.
+-
[objects/yara](https://github.com/MISP/misp-objects/blob/main/objects/yara/definition.json)
- An object describing a YARA rule (or a YARA rule name) along with its
version.
+-
[objects/youtube-channel](https://github.com/MISP/misp-objects/blob/main/objects/youtube-channel/definition.json)
- A YouTube channel.
+-
[objects/youtube-comment](https://github.com/MISP/misp-objects/blob/main/objects/youtube-comment/definition.json)
- A YouTube video comment.
+-
[objects/youtube-playlist](https://github.com/MISP/misp-objects/blob/main/objects/youtube-playlist/definition.json)
- A YouTube playlist.
+-
[objects/youtube-video](https://github.com/MISP/misp-objects/blob/main/objects/youtube-video/definition.json)
- A YouTube video.
## MISP objects relationships
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/network-socket/definition.json
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/network-socket/definition.json
---
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/network-socket/definition.json
2021-04-14 09:20:52.000000000 +0200
+++
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/network-socket/definition.json
2021-05-11 15:44:35.000000000 +0200
@@ -165,6 +165,18 @@
"IP"
]
},
+ "socket-type": {
+ "description": "Type of the socket.",
+ "misp-attribute": "text",
+ "sane_default": [
+ "SOCK_STREAM",
+ "SOCK_DGRAM",
+ "SOCK_RAW",
+ "SOCK_RDM",
+ "SOCK_SEQPACKET"
+ ],
+ "ui-priority": 1
+ },
"src-port": {
"categories": [
"Network activity",
@@ -195,5 +207,5 @@
"dst-port"
],
"uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2",
- "version": 2
+ "version": 3
}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/passive-dns/definition.json
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/passive-dns/definition.json
---
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/passive-dns/definition.json
2021-04-14 09:20:52.000000000 +0200
+++
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/passive-dns/definition.json
2021-05-11 15:44:35.000000000 +0200
@@ -3,7 +3,7 @@
"bailiwick": {
"description": "Best estimate of the apex of the zone where this data is
authoritative",
"disable_correlation": true,
- "misp-attribute": "text",
+ "misp-attribute": "domain",
"ui-priority": 0
},
"count": {
@@ -13,18 +13,18 @@
"ui-priority": 0
},
"origin": {
- "description": "Origin of the Passive DNS response",
+ "description": "Origin of the Passive DNS response. This field is
represented as a Uniform Resource Identifier (URI)",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"raw_rdata": {
- "description": "Resource records of the queried resource, in
hexadecimal",
+ "description": "Resource records of the queried resource, in
hexadecimal. *All* rdata entries at once.",
"misp-attribute": "text",
"ui-priority": 0
},
"rdata": {
- "description": "Resource records of the queried resource",
+ "description": "Resource records of the queried resource. Note that this
field is added for *each* rdata entry in the rrset.",
"misp-attribute": "text",
"ui-priority": 1
},
@@ -80,12 +80,24 @@
"misp-attribute": "datetime",
"ui-priority": 0
},
+ "time_first_ms": {
+ "description": "Same meaning as the field 'time_first', with the only
difference, that the resolution is in milliseconds since 1st of January 1970
(UTC)",
+ "disable_correlation": true,
+ "misp-attribute": "datetime",
+ "ui-priority": 0
+ },
"time_last": {
"description": "Last time that the unique tuple (rrname, rrtype, rdata)
record has been seen by the passive DNS",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
+ "time_last_ms": {
+ "description": "Same meaning as the field 'time_last', with the only
difference, that the resolution is in milliseconds since 1st of January 1970
(UTC)",
+ "disable_correlation": true,
+ "misp-attribute": "datetime",
+ "ui-priority": 0
+ },
"zone_time_first": {
"description": "First time that the unique tuple (rrname, rrtype, rdata)
record has been seen via master file import",
"disable_correlation": true,
@@ -99,7 +111,7 @@
"ui-priority": 0
}
},
- "description": "Passive DNS records as expressed in
draft-dulaunoy-dnsop-passive-dns-cof-01",
+ "description": "Passive DNS records as expressed in
draft-dulaunoy-dnsop-passive-dns-cof-07. See
https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html";,
"meta-category": "network",
"name": "passive-dns",
"required": [
@@ -108,5 +120,5 @@
"rdata"
],
"uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
- "version": 3
+ "version": 5
}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/phishing/definition.json
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/phishing/definition.json
---
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/phishing/definition.json
2021-04-14 09:20:52.000000000 +0200
+++
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/phishing/definition.json
2021-05-11 15:44:35.000000000 +0200
@@ -113,5 +113,5 @@
"url"
],
"uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",
- "version": 5
+ "version": 6
}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/stix2-pattern/definition.json
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/stix2-pattern/definition.json
---
old/misp-objects-5e6f887fa131437089eaa8cdb9078b6a6371d121/objects/stix2-pattern/definition.json
2021-04-14 09:20:52.000000000 +0200
+++
new/misp-objects-5d986dc25ee3ebf53fa8ad59d2d0091696a5295c/objects/stix2-pattern/definition.json
2021-05-11 15:44:35.000000000 +0200
@@ -12,6 +12,7 @@
},
"version": {
"description": "Version of STIX 2 pattern.",
+ "disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"stix 2.0"
@@ -26,5 +27,5 @@
"stix2-pattern"
],
"uuid": "0c5bd072-7c3e-4d45-86f7-a8104d9143b9",
- "version": 2
+ "version": 3
}
\ No newline at end of file
++++++ python-pymisp-2.4.142.tar.gz -> python-pymisp-2.4.143.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/CHANGELOG.txt
new/PyMISP-2.4.143/CHANGELOG.txt
--- old/PyMISP-2.4.142/CHANGELOG.txt 2021-04-26 10:54:35.000000000 +0200
+++ new/PyMISP-2.4.143/CHANGELOG.txt 2021-05-14 07:54:52.000000000 +0200
@@ -2,6 +2,26 @@
=========
+v2.4.143 (2021-05-14)
+---------------------
+
+New
+~~~
+- Method to get the raw object template. [Rapha??l Vinot]
+
+Changes
+~~~~~~~
+- Bump version, deps. [Rapha??l Vinot]
+- Bump deps. [Rapha??l Vinot]
+- Bump objects templates. [Rapha??l Vinot]
+
+Fix
+~~~
+- First-seen and last-seen on attributes and objects were not checked
+ for sanity. [Rapha??l Vinot]
+- Remove search_all example, use search instead. [Rapha??l Vinot]
+
+
v2.4.142 (2021-04-26)
---------------------
@@ -13,6 +33,7 @@
Changes
~~~~~~~
+- Bump changelog. [Rapha??l Vinot]
- Bump version. [Rapha??l Vinot]
- Bump deps. [Rapha??l Vinot]
- Fix test suite. [Rapha??l Vinot]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/examples/searchall.py
new/PyMISP-2.4.143/examples/searchall.py
--- old/PyMISP-2.4.142/examples/searchall.py 2021-04-26 10:54:35.000000000
+0200
+++ new/PyMISP-2.4.143/examples/searchall.py 1970-01-01 01:00:00.000000000
+0100
@@ -1,41 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-from pymisp import PyMISP
-from keys import misp_url, misp_key,misp_verifycert
-import argparse
-import os
-import json
-
-
-def init(url, key):
- return PyMISP(url, key, misp_verifycert, 'json')
-
-
-def searchall(m, search, quiet, url, out=None):
- result = m.search_all(search)
- if quiet:
- for e in result['response']:
- print('{}{}{}\n'.format(url, '/events/view/', e['Event']['id']))
- elif out is None:
- print(json.dumps(result['response']))
- else:
- with open(out, 'w') as f:
- f.write(json.dumps(result['response']))
-
-
-if __name__ == '__main__':
- parser = argparse.ArgumentParser(description='Get all the events matching
a value.')
- parser.add_argument("-s", "--search", required=True, help="String to
search.")
- parser.add_argument("-q", "--quiet", action='store_true', help="Only
display URLs to MISP")
- parser.add_argument("-o", "--output", help="Output file")
-
- args = parser.parse_args()
-
- if args.output is not None and os.path.exists(args.output):
- print('Output file already exists, abord.')
- exit(0)
-
- misp = init(misp_url, misp_key)
-
- searchall(misp, args.search, args.quiet, misp_url, args.output)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/poetry.lock
new/PyMISP-2.4.143/poetry.lock
--- old/PyMISP-2.4.142/poetry.lock 2021-04-26 10:54:35.000000000 +0200
+++ new/PyMISP-2.4.143/poetry.lock 2021-05-14 07:54:52.000000000 +0200
@@ -41,21 +41,21 @@
[[package]]
name = "attrs"
-version = "20.3.0"
+version = "21.2.0"
description = "Classes Without Boilerplate"
category = "main"
optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[package.extras]
-dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six", "zope.interface", "furo", "sphinx", "pre-commit"]
-docs = ["furo", "sphinx", "zope.interface"]
-tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six", "zope.interface"]
-tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six"]
+dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six", "mypy", "pytest-mypy-plugins", "zope.interface", "furo",
"sphinx", "sphinx-notfound-page", "pre-commit"]
+docs = ["furo", "sphinx", "zope.interface", "sphinx-notfound-page"]
+tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six", "mypy", "pytest-mypy-plugins", "zope.interface"]
+tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest
(>=4.3.0)", "six", "mypy", "pytest-mypy-plugins"]
[[package]]
name = "babel"
-version = "2.9.0"
+version = "2.9.1"
description = "Internationalization utilities"
category = "main"
optional = true
@@ -318,7 +318,7 @@
[[package]]
name = "flake8"
-version = "3.9.1"
+version = "3.9.2"
description = "the modular source code checker: pep8 pyflakes and co"
category = "dev"
optional = false
@@ -379,7 +379,7 @@
[[package]]
name = "ipykernel"
-version = "5.5.3"
+version = "5.5.5"
description = "IPython Kernel for Jupyter"
category = "dev"
optional = false
@@ -451,17 +451,17 @@
[[package]]
name = "jinja2"
-version = "2.11.3"
+version = "3.0.0"
description = "A very fast and expressive template engine."
category = "main"
optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+python-versions = ">=3.6"
[package.dependencies]
-MarkupSafe = ">=0.23"
+MarkupSafe = ">=2.0.0rc2"
[package.extras]
-i18n = ["Babel (>=0.8)"]
+i18n = ["Babel (>=2.7)"]
[[package]]
name = "json5"
@@ -573,13 +573,14 @@
[[package]]
name = "lark-parser"
-version = "0.11.2"
+version = "0.11.3"
description = "a modern parsing library"
category = "main"
optional = true
python-versions = "*"
[package.extras]
+atomic_cache = ["atomicwrites"]
nearley = ["js2py"]
regex = ["regex"]
@@ -593,11 +594,11 @@
[[package]]
name = "markupsafe"
-version = "1.1.1"
+version = "2.0.0"
description = "Safely add untrusted strings to HTML/XML markup."
category = "main"
optional = false
-python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*"
+python-versions = ">=3.6"
[[package]]
name = "mccabe"
@@ -774,7 +775,7 @@
[[package]]
name = "oletools"
-version = "0.56.1"
+version = "0.56.2"
description = "Python tools to analyze security characteristics of MS Office
and OLE files (also called Structured Storage, Compound File Binary Format or
Compound Document File Format), for Malware Analysis and Incident Response
#DFIR"
category = "main"
optional = true
@@ -938,7 +939,7 @@
[[package]]
name = "pygments"
-version = "2.8.1"
+version = "2.9.0"
description = "Pygments is a syntax highlighting package written in Python."
category = "main"
optional = false
@@ -1062,7 +1063,7 @@
[[package]]
name = "requests-mock"
-version = "1.8.0"
+version = "1.9.2"
description = "Mock out responses from the requests package"
category = "dev"
optional = false
@@ -1102,7 +1103,7 @@
[[package]]
name = "six"
-version = "1.15.0"
+version = "1.16.0"
description = "Python 2 and 3 compatibility utilities"
category = "main"
optional = false
@@ -1243,7 +1244,7 @@
[[package]]
name = "terminado"
-version = "0.9.4"
+version = "0.9.5"
description = "Tornado websocket backend for the Xterm.js Javascript terminal
emulator library."
category = "dev"
optional = false
@@ -1251,7 +1252,7 @@
[package.dependencies]
ptyprocess = {version = "*", markers = "os_name != \"nt\""}
-pywinpty = {version = ">=0.5", markers = "os_name == \"nt\""}
+pywinpty = {version = ">=0.5,<1", markers = "os_name == \"nt\""}
tornado = ">=4"
[package.extras]
@@ -1302,7 +1303,7 @@
[[package]]
name = "typing-extensions"
-version = "3.7.4.3"
+version = "3.10.0.0"
description = "Backported and Experimental Type Hints for Python 3.5+"
category = "main"
optional = false
@@ -1441,12 +1442,12 @@
{file = "async_generator-1.10.tar.gz", hash =
"sha256:6ebb3d106c12920aaae42ccb6f787ef5eefdcdd166ea3d628fa8476abe712144"},
]
attrs = [
- {file = "attrs-20.3.0-py2.py3-none-any.whl", hash =
"sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6"},
- {file = "attrs-20.3.0.tar.gz", hash =
"sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700"},
+ {file = "attrs-21.2.0-py2.py3-none-any.whl", hash =
"sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1"},
+ {file = "attrs-21.2.0.tar.gz", hash =
"sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb"},
]
babel = [
- {file = "Babel-2.9.0-py2.py3-none-any.whl", hash =
"sha256:9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5"},
- {file = "Babel-2.9.0.tar.gz", hash =
"sha256:da031ab54472314f210b0adcff1588ee5d1d1d0ba4dbd07b94dba82bde791e05"},
+ {file = "Babel-2.9.1-py2.py3-none-any.whl", hash =
"sha256:ab49e12b91d937cd11f0b67cb259a57ab4ad2b59ac7a3b41d6c06c0ac5b0def9"},
+ {file = "Babel-2.9.1.tar.gz", hash =
"sha256:bc0c176f9f6a994582230df350aa6e05ba2ebe4b3ac317eab29d9be5d2768da0"},
]
backcall = [
{file = "backcall-0.2.0-py2.py3-none-any.whl", hash =
"sha256:fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255"},
@@ -1672,8 +1673,8 @@
{file = "extract_msg-0.28.7.tar.gz", hash =
"sha256:7ebdbd7863a3699080a69f71ec0cd30ed9bfee70bad9acc6a8e6abe9523c78c0"},
]
flake8 = [
- {file = "flake8-3.9.1-py2.py3-none-any.whl", hash =
"sha256:3b9f848952dddccf635be78098ca75010f073bfe14d2c6bda867154bea728d2a"},
- {file = "flake8-3.9.1.tar.gz", hash =
"sha256:1aa8990be1e689d96c745c5682b687ea49f2e05a443aff1f8251092b0014e378"},
+ {file = "flake8-3.9.2-py2.py3-none-any.whl", hash =
"sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"},
+ {file = "flake8-3.9.2.tar.gz", hash =
"sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"},
]
idna = [
{file = "idna-2.10-py2.py3-none-any.whl", hash =
"sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"},
@@ -1692,8 +1693,8 @@
{file = "importlib_metadata-4.0.1.tar.gz", hash =
"sha256:8c501196e49fb9df5df43833bdb1e4328f64847763ec8a50703148b73784d581"},
]
ipykernel = [
- {file = "ipykernel-5.5.3-py3-none-any.whl", hash =
"sha256:21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614"},
- {file = "ipykernel-5.5.3.tar.gz", hash =
"sha256:a682e4f7affd86d9ce9b699d21bcab6d5ec9fbb2bfcb194f2706973b252bc509"},
+ {file = "ipykernel-5.5.5-py3-none-any.whl", hash =
"sha256:29eee66548ee7c2edb7941de60c0ccf0a7a8dd957341db0a49c5e8e6a0fcb712"},
+ {file = "ipykernel-5.5.5.tar.gz", hash =
"sha256:e976751336b51082a89fc2099fb7f96ef20f535837c398df6eab1283c2070884"},
]
ipython = [
{file = "ipython-7.16.1-py3-none-any.whl", hash =
"sha256:2dbcc8c27ca7d3cfe4fcdff7f45b27f9a8d3edfa70ff8024a71c7a8eb5f09d64"},
@@ -1708,8 +1709,8 @@
{file = "jedi-0.18.0.tar.gz", hash =
"sha256:92550a404bad8afed881a137ec9a461fed49eca661414be45059329614ed0707"},
]
jinja2 = [
- {file = "Jinja2-2.11.3-py2.py3-none-any.whl", hash =
"sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419"},
- {file = "Jinja2-2.11.3.tar.gz", hash =
"sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"},
+ {file = "Jinja2-3.0.0-py3-none-any.whl", hash =
"sha256:2f2de5285cf37f33d33ecd4a9080b75c87cd0c1994d5a9c6df17131ea1f049c6"},
+ {file = "Jinja2-3.0.0.tar.gz", hash =
"sha256:ea8d7dd814ce9df6de6a761ec7f1cac98afe305b8cdc4aaae4e114b8d8ce24c5"},
]
json5 = [
{file = "json5-0.9.5-py2.py3-none-any.whl", hash =
"sha256:af1a1b9a2850c7f62c23fde18be4749b3599fd302f494eebf957e2ada6b9e42c"},
@@ -1740,7 +1741,7 @@
{file = "jupyterlab_server-1.2.0.tar.gz", hash =
"sha256:5431d9dde96659364b7cc877693d5d21e7b80cea7ae3959ecc2b87518e5f5d8c"},
]
lark-parser = [
- {file = "lark-parser-0.11.2.tar.gz", hash =
"sha256:ef610461ebf2b243502f337d9d49879e39f9add846a4749e88c8dcdc1378bb6b"},
+ {file = "lark-parser-0.11.3.tar.gz", hash =
"sha256:e29ca814a98bb0f81674617d878e5f611cb993c19ea47f22c80da3569425f9bd"},
]
lief = [
{file = "lief-0.11.4-cp36-cp36m-macosx_10_14_x86_64.whl", hash =
"sha256:560cca9dc490d0bee84aca30533f7c7ac9e874060bbc9bdbc6f64da63e4e351a"},
@@ -1765,34 +1766,40 @@
{file = "lief-0.11.4.zip", hash =
"sha256:2e33789c16b525991c8dc62a4265afdb7003e28b29744251526e3604f40ef3d4"},
]
markupsafe = [
- {file = "MarkupSafe-1.1.1-cp27-cp27m-macosx_10_6_intel.whl", hash =
"sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161"},
- {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_i686.whl", hash =
"sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"},
- {file = "MarkupSafe-1.1.1-cp27-cp27m-manylinux1_x86_64.whl", hash =
"sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183"},
- {file = "MarkupSafe-1.1.1-cp27-cp27m-win32.whl", hash =
"sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b"},
- {file = "MarkupSafe-1.1.1-cp27-cp27m-win_amd64.whl", hash =
"sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e"},
- {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_i686.whl", hash =
"sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f"},
- {file = "MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl", hash =
"sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1"},
- {file = "MarkupSafe-1.1.1-cp34-cp34m-macosx_10_6_intel.whl", hash =
"sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5"},
- {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_i686.whl", hash =
"sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1"},
- {file = "MarkupSafe-1.1.1-cp34-cp34m-manylinux1_x86_64.whl", hash =
"sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735"},
- {file = "MarkupSafe-1.1.1-cp34-cp34m-win32.whl", hash =
"sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21"},
- {file = "MarkupSafe-1.1.1-cp34-cp34m-win_amd64.whl", hash =
"sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235"},
- {file = "MarkupSafe-1.1.1-cp35-cp35m-macosx_10_6_intel.whl", hash =
"sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b"},
- {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_i686.whl", hash =
"sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f"},
- {file = "MarkupSafe-1.1.1-cp35-cp35m-manylinux1_x86_64.whl", hash =
"sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905"},
- {file = "MarkupSafe-1.1.1-cp35-cp35m-win32.whl", hash =
"sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1"},
- {file = "MarkupSafe-1.1.1-cp35-cp35m-win_amd64.whl", hash =
"sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d"},
- {file = "MarkupSafe-1.1.1-cp36-cp36m-macosx_10_6_intel.whl", hash =
"sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff"},
- {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_i686.whl", hash =
"sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473"},
- {file = "MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl", hash =
"sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e"},
- {file = "MarkupSafe-1.1.1-cp36-cp36m-win32.whl", hash =
"sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66"},
- {file = "MarkupSafe-1.1.1-cp36-cp36m-win_amd64.whl", hash =
"sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5"},
- {file = "MarkupSafe-1.1.1-cp37-cp37m-macosx_10_6_intel.whl", hash =
"sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d"},
- {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_i686.whl", hash =
"sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e"},
- {file = "MarkupSafe-1.1.1-cp37-cp37m-manylinux1_x86_64.whl", hash =
"sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6"},
- {file = "MarkupSafe-1.1.1-cp37-cp37m-win32.whl", hash =
"sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2"},
- {file = "MarkupSafe-1.1.1-cp37-cp37m-win_amd64.whl", hash =
"sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c"},
- {file = "MarkupSafe-1.1.1.tar.gz", hash =
"sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash =
"sha256:2efaeb1baff547063bad2b2893a8f5e9c459c4624e1a96644bbba08910ae34e0"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-manylinux1_i686.whl", hash =
"sha256:441ce2a8c17683d97e06447fcbccbdb057cbf587c78eb75ae43ea7858042fe2c"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-manylinux1_x86_64.whl", hash =
"sha256:45535241baa0fc0ba2a43961a1ac7562ca3257f46c4c3e9c0de38b722be41bd1"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-manylinux2010_i686.whl", hash =
"sha256:90053234a6479738fd40d155268af631c7fca33365f964f2208867da1349294b"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-manylinux2010_x86_64.whl", hash =
"sha256:3b54a9c68995ef4164567e2cd1a5e16db5dac30b2a50c39c82db8d4afaf14f63"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-manylinux2014_aarch64.whl", hash =
"sha256:f58b5ba13a5689ca8317b98439fccfbcc673acaaf8241c1869ceea40f5d585bf"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-win32.whl", hash =
"sha256:a00dce2d96587651ef4fa192c17e039e8cfab63087c67e7d263a5533c7dad715"},
+ {file = "MarkupSafe-2.0.0-cp36-cp36m-win_amd64.whl", hash =
"sha256:007dc055dbce5b1104876acee177dbfd18757e19d562cd440182e1f492e96b95"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash =
"sha256:a08cd07d3c3c17cd33d9e66ea9dee8f8fc1c48e2d11bd88fd2dc515a602c709b"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-manylinux1_i686.whl", hash =
"sha256:3c352ff634e289061711608f5e474ec38dbaa21e3e168820d53d5f4015e5b91b"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-manylinux1_x86_64.whl", hash =
"sha256:32200f562daaab472921a11cbb63780f1654552ae49518196fc361ed8e12e901"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-manylinux2010_i686.whl", hash =
"sha256:fef86115fdad7ae774720d7103aa776144cf9b66673b4afa9bcaa7af990ed07b"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-manylinux2010_x86_64.whl", hash =
"sha256:e79212d09fc0e224d20b43ad44bb0a0a3416d1e04cf6b45fed265114a5d43d20"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-manylinux2014_aarch64.whl", hash =
"sha256:79b2ae94fa991be023832e6bcc00f41dbc8e5fe9d997a02db965831402551730"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-win32.whl", hash =
"sha256:3261fae28155e5c8634dd7710635fe540a05b58f160cef7713c7700cb9980e66"},
+ {file = "MarkupSafe-2.0.0-cp37-cp37m-win_amd64.whl", hash =
"sha256:e4570d16f88c7f3032ed909dc9e905a17da14a1c4cfd92608e3fda4cb1208bbd"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-macosx_10_9_x86_64.whl", hash =
"sha256:8f806bfd0f218477d7c46a11d3e52dc7f5fdfaa981b18202b7dc84bbc287463b"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-manylinux1_i686.whl", hash =
"sha256:e77e4b983e2441aff0c0d07ee711110c106b625f440292dfe02a2f60c8218bd6"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-manylinux1_x86_64.whl", hash =
"sha256:031bf79a27d1c42f69c276d6221172417b47cb4b31cdc73d362a9bf5a1889b9f"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-manylinux2010_i686.whl", hash =
"sha256:83cf0228b2f694dcdba1374d5312f2277269d798e65f40344964f642935feac1"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-manylinux2010_x86_64.whl", hash =
"sha256:4cc563836f13c57f1473bc02d1e01fc37bab70ad4ee6be297d58c1d66bc819bf"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-manylinux2014_aarch64.whl", hash =
"sha256:d00a669e4a5bec3ee6dbeeeedd82a405ced19f8aeefb109a012ea88a45afff96"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-win32.whl", hash =
"sha256:161d575fa49395860b75da5135162481768b11208490d5a2143ae6785123e77d"},
+ {file = "MarkupSafe-2.0.0-cp38-cp38-win_amd64.whl", hash =
"sha256:58bc9fce3e1557d463ef5cee05391a05745fd95ed660f23c1742c711712c0abb"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-macosx_10_9_universal2.whl", hash =
"sha256:3fb47f97f1d338b943126e90b79cad50d4fcfa0b80637b5a9f468941dbbd9ce5"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-macosx_10_9_x86_64.whl", hash =
"sha256:dab0c685f21f4a6c95bfc2afd1e7eae0033b403dd3d8c1b6d13a652ada75b348"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-manylinux1_i686.whl", hash =
"sha256:664832fb88b8162268928df233f4b12a144a0c78b01d38b81bdcf0fc96668ecb"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-manylinux1_x86_64.whl", hash =
"sha256:df561f65049ed3556e5b52541669310e88713fdae2934845ec3606f283337958"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-manylinux2010_i686.whl", hash =
"sha256:24bbc3507fb6dfff663af7900a631f2aca90d5a445f272db5fc84999fa5718bc"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-manylinux2010_x86_64.whl", hash =
"sha256:87de598edfa2230ff274c4de7fcf24c73ffd96208c8e1912d5d0fee459767d75"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-manylinux2014_aarch64.whl", hash =
"sha256:a19d39b02a24d3082856a5b06490b714a9d4179321225bbf22809ff1e1887cc8"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-win32.whl", hash =
"sha256:4aca81a687975b35e3e80bcf9aa93fe10cd57fac37bf18b2314c186095f57e05"},
+ {file = "MarkupSafe-2.0.0-cp39-cp39-win_amd64.whl", hash =
"sha256:70820a1c96311e02449591cbdf5cd1c6a34d5194d5b55094ab725364375c9eb2"},
+ {file = "MarkupSafe-2.0.0.tar.gz", hash =
"sha256:4fae0677f712ee090721d8b17f412f1cbceefbf0dc180fe91bab3232f38b4527"},
]
mccabe = [
{file = "mccabe-0.6.1-py2.py3-none-any.whl", hash =
"sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
@@ -1862,8 +1869,8 @@
{file = "olefile-0.46.zip", hash =
"sha256:133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964"},
]
oletools = [
- {file = "oletools-0.56.1-py2.py3-none-any.whl", hash =
"sha256:64b86e5bf1a1177717e79f9665e05fdc2c2ce13855d2190d8ec5f1665ff64d63"},
- {file = "oletools-0.56.1.zip", hash =
"sha256:f4370880011211b000ab3ff6d44dc376a20b1c189f3b56a3298bc67bdf1792cd"},
+ {file = "oletools-0.56.2-py2.py3-none-any.whl", hash =
"sha256:eb5310d15e79201f4d33d8107209dd8795a7ea0178030ecbc45c4cc915a166e2"},
+ {file = "oletools-0.56.2.zip", hash =
"sha256:e2a6d3e3c860822d8539d47cfd89bb681a9663ae4d1ea9ec99e88b14d85b6c4e"},
]
packaging = [
{file = "packaging-20.9-py2.py3-none-any.whl", hash =
"sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"},
@@ -1959,8 +1966,8 @@
{file = "pyflakes-2.3.1.tar.gz", hash =
"sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db"},
]
pygments = [
- {file = "Pygments-2.8.1-py3-none-any.whl", hash =
"sha256:534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8"},
- {file = "Pygments-2.8.1.tar.gz", hash =
"sha256:2656e1a6edcdabf4275f9a3640db59fd5de107d88e8663c5d4e9a0fa62f77f94"},
+ {file = "Pygments-2.9.0-py3-none-any.whl", hash =
"sha256:d66e804411278594d764fc69ec36ec13d9ae9147193a1740cd34d272ca383b8e"},
+ {file = "Pygments-2.9.0.tar.gz", hash =
"sha256:a18f47b506a429f6f4b9df81bb02beab9ca21d0a5fee38ed15aef65f0545519f"},
]
pyparsing = [
{file = "pyparsing-2.4.7-py2.py3-none-any.whl", hash =
"sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"},
@@ -2078,8 +2085,8 @@
{file = "requests-2.25.1.tar.gz", hash =
"sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804"},
]
requests-mock = [
- {file = "requests-mock-1.8.0.tar.gz", hash =
"sha256:e68f46844e4cee9d447150343c9ae875f99fa8037c6dcf5f15bf1fe9ab43d226"},
- {file = "requests_mock-1.8.0-py2.py3-none-any.whl", hash =
"sha256:11215c6f4df72702aa357f205cf1e537cffd7392b3e787b58239bde5fb3db53b"},
+ {file = "requests-mock-1.9.2.tar.gz", hash =
"sha256:33296f228d8c5df11a7988b741325422480baddfdf5dd9318fd0eb40c3ed8595"},
+ {file = "requests_mock-1.9.2-py2.py3-none-any.whl", hash =
"sha256:5c8ef0254c14a84744be146e9799dc13ebc4f6186058112d9aeed96b131b58e2"},
]
rtfde = [
{file = "RTFDE-0.0.2-py3-none-any.whl", hash =
"sha256:18386e4f060cee12a2a8035b0acf0cc99689f5dff1bf347bab7e92351860a21d"},
@@ -2090,8 +2097,8 @@
{file = "Send2Trash-1.5.0.tar.gz", hash =
"sha256:60001cc07d707fe247c94f74ca6ac0d3255aabcb930529690897ca2a39db28b2"},
]
six = [
- {file = "six-1.15.0-py2.py3-none-any.whl", hash =
"sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"},
- {file = "six-1.15.0.tar.gz", hash =
"sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"},
+ {file = "six-1.16.0-py2.py3-none-any.whl", hash =
"sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"},
+ {file = "six-1.16.0.tar.gz", hash =
"sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"},
]
snowballstemmer = [
{file = "snowballstemmer-2.1.0-py2.py3-none-any.whl", hash =
"sha256:b51b447bea85f9968c13b650126a888aabd4cb4463fca868ec596826325dedc2"},
@@ -2134,8 +2141,8 @@
{file = "sphinxcontrib_serializinghtml-1.1.4-py2.py3-none-any.whl", hash =
"sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a"},
]
terminado = [
- {file = "terminado-0.9.4-py3-none-any.whl", hash =
"sha256:daed77f9fad7b32558fa84b226a76f45a02242c20813502f36c4e1ade6d8f1ad"},
- {file = "terminado-0.9.4.tar.gz", hash =
"sha256:9a7dbcfbc2778830eeb70261bf7aa9d98a3eac8631a3afe3febeb57c12f798be"},
+ {file = "terminado-0.9.5-py3-none-any.whl", hash =
"sha256:3838414888b49a96145e277fd707a26a0fdb4bdaba88bb677a44abb68e3a1041"},
+ {file = "terminado-0.9.5.tar.gz", hash =
"sha256:54c22cfb47cf79d4ff4ed2e7b5f8f98ecc28d0830f980465b6e04cf09cf553cf"},
]
testpath = [
{file = "testpath-0.4.4-py2.py3-none-any.whl", hash =
"sha256:bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4"},
@@ -2221,9 +2228,9 @@
{file = "typed_ast-1.4.3.tar.gz", hash =
"sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65"},
]
typing-extensions = [
- {file = "typing_extensions-3.7.4.3-py2-none-any.whl", hash =
"sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f"},
- {file = "typing_extensions-3.7.4.3-py3-none-any.whl", hash =
"sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918"},
- {file = "typing_extensions-3.7.4.3.tar.gz", hash =
"sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c"},
+ {file = "typing_extensions-3.10.0.0-py2-none-any.whl", hash =
"sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497"},
+ {file = "typing_extensions-3.10.0.0-py3-none-any.whl", hash =
"sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84"},
+ {file = "typing_extensions-3.10.0.0.tar.gz", hash =
"sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342"},
]
tzlocal = [
{file = "tzlocal-2.1-py2.py3-none-any.whl", hash =
"sha256:e2cb6c6b5b604af38597403e9852872d7f534962ae2954c7f35efcb1ccacf4a4"},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/pymisp/__init__.py
new/PyMISP-2.4.143/pymisp/__init__.py
--- old/PyMISP-2.4.142/pymisp/__init__.py 2021-04-26 10:54:35.000000000
+0200
+++ new/PyMISP-2.4.143/pymisp/__init__.py 2021-05-14 07:54:52.000000000
+0200
@@ -1,4 +1,4 @@
-__version__ = '2.4.142'
+__version__ = '2.4.143'
import logging
import sys
import warnings
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/pymisp/api.py
new/PyMISP-2.4.143/pymisp/api.py
--- old/PyMISP-2.4.142/pymisp/api.py 2021-04-26 10:54:35.000000000 +0200
+++ new/PyMISP-2.4.143/pymisp/api.py 2021-05-14 07:54:52.000000000 +0200
@@ -640,6 +640,13 @@
t.from_dict(**object_template_r)
return t
+ def get_raw_object_template(self, uuid_or_name: str) -> Dict:
+ """Get a row template. It needs to be present on disk on the MISP
instance you're connected to.
+ The response of this method can be passed to MISPObject(<name>,
misp_objects_template_custom=<response>)
+ """
+ r = self._prepare_request('GET',
f'objectTemplates/getRaw/{uuid_or_name}')
+ return self._check_json_response(r)
+
def update_object_templates(self) -> Dict:
"""Trigger an update of the object templates"""
response = self._prepare_request('POST', 'objectTemplates/update')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/pymisp/mispevent.py
new/PyMISP-2.4.143/pymisp/mispevent.py
--- old/PyMISP-2.4.142/pymisp/mispevent.py 2021-04-26 10:54:35.000000000
+0200
+++ new/PyMISP-2.4.143/pymisp/mispevent.py 2021-05-14 07:54:52.000000000
+0200
@@ -266,10 +266,12 @@
if name in ['first_seen', 'last_seen']:
_datetime = _make_datetime(value)
+ # NOTE: the two following should be exceptions, but there are
existing events in this state,
+ # And we cannot dump them if it is there.
if name == 'last_seen' and hasattr(self, 'first_seen') and
self.first_seen > _datetime:
- raise PyMISPError(f'last_seen ({value}) has to be after
first_seen ({self.first_seen})')
+ logger.warning(f'last_seen ({value}) has to be after
first_seen ({self.first_seen})')
if name == 'first_seen' and hasattr(self, 'last_seen') and
self.last_seen < _datetime:
- raise PyMISPError(f'first_seen ({value}) has to be before
last_seen ({self.last_seen})')
+ logger.warning(f'first_seen ({value}) has to be before
last_seen ({self.last_seen})')
super().__setattr__(name, _datetime)
elif name == 'data':
self._prepare_data(value)
@@ -725,9 +727,9 @@
value = _make_datetime(value)
if name == 'last_seen' and hasattr(self, 'first_seen') and
self.first_seen > value:
- raise PyMISPError('last_seen ({value}) has to be after
first_seen ({self.first_seen})')
+ logger.warning(f'last_seen ({value}) has to be after
first_seen ({self.first_seen})')
if name == 'first_seen' and hasattr(self, 'last_seen') and
self.last_seen < value:
- raise PyMISPError('first_seen ({value}) has to be before
last_seen ({self.last_seen})')
+ logger.warning(f'first_seen ({value}) has to be before
last_seen ({self.last_seen})')
super().__setattr__(name, value)
def force_misp_objects_path_custom(self, misp_objects_path_custom:
Union[Path, str], object_name: Optional[str] = None):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/pyproject.toml
new/PyMISP-2.4.143/pyproject.toml
--- old/PyMISP-2.4.142/pyproject.toml 2021-04-26 10:54:35.000000000 +0200
+++ new/PyMISP-2.4.143/pyproject.toml 2021-05-14 07:54:52.000000000 +0200
@@ -1,6 +1,6 @@
[tool.poetry]
name = "pymisp"
-version = "2.4.142"
+version = "2.4.143"
description = "Python API for MISP."
authors = ["Rapha??l Vinot <raphael.vi...@circl.lu>"]
license = "BSD-2-Clause"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyMISP-2.4.142/tests/testlive_comprehensive.py
new/PyMISP-2.4.143/tests/testlive_comprehensive.py
--- old/PyMISP-2.4.142/tests/testlive_comprehensive.py 2021-04-26
10:54:35.000000000 +0200
+++ new/PyMISP-2.4.143/tests/testlive_comprehensive.py 2021-05-14
07:54:52.000000000 +0200
@@ -1371,6 +1371,13 @@
template =
self.admin_misp_connector.get_object_template(object_template.uuid,
pythonify=True)
self.assertEqual(template.name, 'file')
+ raw_template =
self.admin_misp_connector.get_raw_object_template('domain-ip')
+ raw_template['uuid'] = '4'
+ mo = MISPObject('domain-ip', misp_objects_template_custom=raw_template)
+ mo.add_attribute('ip', '8.8.8.8')
+ mo.add_attribute('domain', 'google.fr')
+ self.assertEqual(mo.template_uuid, '4')
+
def test_tags(self):
# Get list
tags = self.admin_misp_connector.tags(pythonify=True)
