Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pymisp for openSUSE:Factory checked in at 2021-04-14 10:11:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pymisp (Old) and /work/SRC/openSUSE:Factory/.python-pymisp.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pymisp" Wed Apr 14 10:11:29 2021 rev:32 rq:885179 version:2.4.141.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pymisp/python-pymisp.changes 2021-03-02 12:44:45.564319350 +0100 +++ /work/SRC/openSUSE:Factory/.python-pymisp.new.2401/python-pymisp.changes 2021-04-14 10:11:57.669593186 +0200 @@ -1,0 +2,126 @@ +Tue Apr 6 20:54:42 UTC 2021 - Sebastian Wagner <sebix+novell....@sebix.at> + +- update to version 2.4.141.1: + - Changes + - Re-bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Other + - Fix bump version, deps, templates. [Rapha??l Vinot] + - Update README.md. [Rapha??l Vinot] +- update to version 2.4.141: + - Changes + - Bump changelog. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Get_uuid_or_id_from_abstract_misp accepts dict. [Rapha??l Vinot] + - Remove references to ExpandedPyMISP. [Rapha??l Vinot] + Fix #721 + - Follow best practices and remove the logging handler. [Rapha??l Vinot] + - Strip NULL string from value. [Rapha??l Vinot] + https://github.com/MISP/PyMISP/issues/678 + - Bump deps. [Rapha??l Vinot] + - Raise exception on missing template in CSVLoader. [Rapha??l Vinot] + - Bump templates. [Rapha??l Vinot] + - Re-bump objects. [Rapha??l Vinot] + - Bump object templates. [Rapha??l Vinot] + - Add test case, fix mypy. [Rapha??l Vinot] + - Take simple_value as value in MISPObject.add_attribute. [Rapha??l + Vinot] + - Fix + - Use get_uuid_or_id_from_abstract_misp in tag methods. [Rapha??l Vinot] + Fix #725 + - Skip nameless sections in ELF. [Rapha??l Vinot] + - Make reportlab tests optional if missing dep. [Rapha??l Vinot] + - Enable taxonomy failed if global pythonify is on. [Rapha??l Vinot] + - Properly pass content-type. [Rapha??l Vinot] + - Re-enable support for uploading STIX 1 documents. [Rapha??l Vinot] + Fix #711 +- update to version 2.4.140: + - New + - Soft delete object in MISPEvent. [Rapha??l Vinot] + Fix #706 + - Add in ability to add a new cluster relation. [Tom King] + - MISP Galaxy 2.0 capability. [Tom King] + - Soft delete object in MISPEvent. [Rapha??l Vinot] + Fix #706 + - Changes + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Bump object templates. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - [describetypes] updated. [Alexandre Dulaunoy] + - Bump objects templates. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump tests for galaxy cluster. [Rapha??l Vinot] + - Improve Pydoc on search method's timestamp parameter. [Rapha??l Vinot] + Fix #708 + - Bump poetry file. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - [data] describeTypes updated. [Alexandre Dulaunoy] + - Add deprecation warning for Python < 3.8. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Don't parse the meta key into cluster elements on a MISPEvent, but + allow users to manually perform this action. [Tom King] + - Add in nosetests for MISP Galaxy functions, check default key as a + dict attribute not MISPAbstract attribute. [Tom King] + - Add in more Galaxy 2.0 functions and code cleanup. [Tom King] + - Add in add_cluster function and ability to search clusters within a + galaxy. [Tom King] + - Remove legacy stix converter. [Rapha??l Vinot] + - Improve Pydoc on search method's timestamp parameter. [Rapha??l Vinot] + Fix #708 + - Bump poetry file. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - [data] describeTypes updated. [Alexandre Dulaunoy] + - Add deprecation warning for Python < 3.8. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Fix + - Typo in tests. [Rapha??l Vinot] + - Make mypy happy in python 3.6 and 3.7. [Rapha??l Vinot] + - Cosmetic changes, fix mypy. [Rapha??l Vinot] + - Support text search again. [Rapha??l Vinot] + Fix #705 + - Do not add the serial-number twice. [Rapha??l Vinot] + - Skip PE section if name is none AND size is 0. [Rapha??l Vinot] + - Urllib3.__version__ may not have a patch number. [Rapha??l Vinot] + fix https://github.com/MISP/PyMISP/issues/698 + - Fix mispevent edit test by including default and distribution keys on + a GalaxyCluster. [Tom King] + - Support text search again. [Rapha??l Vinot] + Fix #705 + - Do not add the serial-number twice. [Rapha??l Vinot] + - Skip PE section if name is none AND size is 0. [Rapha??l Vinot] + - Urllib3.__version__ may not have a patch number. [Rapha??l Vinot] + fix https://github.com/MISP/PyMISP/issues/698 + - Other + - Removed unused import. [Nick] + - Supress ssl warnings. [Nick] + - Re-added error checking for defaults. [Nick] + - Deleted all references to org as it's unneeded. [Nick] + - Re-added brackets. [Nick] + - Multiple updates to proofpoint example. [Nick] + - Added additionally necessary keys to keys.py.example + - Added error check for unset keys + - Used built-in HTTP Basic Auth for requests instead of manually-created header + - Removed setting of orgc as that's pulled from the MISP key being used + - + - Removed cast of str to str. [Nick] + - Added check for invalid creds. [Nick] + Without the added check, the script will error out on line 29 since the key doesn't exist in the dict. This at least gives a reason. + - Removed unused import. [Nick] + - Supress ssl warnings. [Nick] + - Re-added error checking for defaults. [Nick] + - Deleted all references to org as it's unneeded. [Nick] + - Re-added brackets. [Nick] + - Multiple updates to proofpoint example. [Nick] + - Added additionally necessary keys to keys.py.example + - Added error check for unset keys + - Used built-in HTTP Basic Auth for requests instead of manually-created header + - Removed setting of orgc as that's pulled from the MISP key being used + - + - Removed cast of str to str. [Nick] + - Added check for invalid creds. [Nick] + Without the added check, the script will error out on line 29 since the key doesn't exist in the dict. This at least gives a reason. + +------------------------------------------------------------------- Old: ---- python-pymisp-2.4.138.tar.gz New: ---- python-pymisp-2.4.141.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pymisp.spec ++++++ --- /var/tmp/diff_new_pack.NHkoob/_old 2021-04-14 10:11:58.181594051 +0200 +++ /var/tmp/diff_new_pack.NHkoob/_new 2021-04-14 10:11:58.185594057 +0200 @@ -18,9 +18,9 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 -%define misp_objects_revision 2b1c3532dccad651f960ff71defdbc422c40ef0c +%define misp_objects_revision 067ae494983cd8dc3d8549e64166cd0d4faeab4f Name: python-pymisp -Version: 2.4.138 +Version: 2.4.141.1 Release: 0 Summary: Python API for MISP License: BSD-2-Clause @@ -41,8 +41,8 @@ Requires: python-oletools Requires: python-python-dateutil Requires: python-requests -Recommends: python-extract-msg >= 0.28.0 Recommends: %{name}-doc +Recommends: python-extract-msg >= 0.28.0 Recommends: python-magic Recommends: python-reportlab Suggests: python-pydeep ++++++ misp-objects.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/.github/workflows/nosetests.yml new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/.github/workflows/nosetests.yml --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/.github/workflows/nosetests.yml 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/.github/workflows/nosetests.yml 2021-03-05 18:23:11.000000000 +0100 @@ -1,6 +1,10 @@ name: Python application -on: [push] +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] jobs: build: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/dkim/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/dkim/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/dkim/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/dkim/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -0,0 +1,77 @@ +{ + "attributes": { + "d": { + "description": "DKIM domain used for the selector record", + "misp-attribute": "domain", + "ui-priority": 1 + }, + "dkim": { + "description": "DomainKeys Identified Mail - DKIM full DNS TXT record", + "misp-attribute": "dkim", + "ui-priority": 1 + }, + "h": { + "description": "DKIM hash type", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "sha1", + "md5" + ], + "ui-priority": 1 + }, + "k": { + "description": "DKIM key type", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "rsa" + ], + "ui-priority": 1 + }, + "n": { + "description": "DKIM administrator note", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "public-key": { + "description": "DKIM public key", + "misp-attribute": "text", + "ui-priority": 1 + }, + "s": { + "description": "DKIM service record", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "t": { + "description": "DKIM domain testing", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "y", + "s" + ], + "ui-priority": 1 + }, + "version": { + "description": "DKIM version", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "DKIM1" + ], + "ui-priority": 1 + } + }, + "description": "DomainKeys Identified Mail - DKIM", + "meta-category": "misc", + "name": "dkim", + "required": [ + "dkim" + ], + "uuid": "7f1e45a5-b050-433e-83c1-1bf8c8d9e4a5", + "version": 1 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/network-profile/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/network-profile/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/network-profile/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/network-profile/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -0,0 +1,218 @@ +{ + "attributes": { + "asn": { + "description": "ASN where the content is hosted", + "misp-attribute": "AS", + "ui-priority": 0 + }, + "certificate-common-name": { + "description": "Certificate common name", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-country": { + "description": "Certificate country name", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-creation-date": { + "description": "Certificate date it was created", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "certificate-expiry-date": { + "description": "Certificate date it will expire", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "certificate-issuer": { + "description": "Certificate Issuer", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-organization": { + "description": "Certificate organization", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-organization-locality": { + "description": "Certificate locality", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-organization-state": { + "description": "Certificate state or provincy name", + "misp-attribute": "text", + "ui-priority": 0 + }, + "certificate-organization-unit": { + "description": "Certificate organization unit", + "misp-attribute": "text", + "ui-priority": 0 + }, + "dns-server": { + "description": "DNS server", + "misp-attribute": "hostname", + "multiple": true, + "to_ids": false, + "ui-priority": 0 + }, + "domain": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain of the whois entry", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 0 + }, + "evidences": { + "categories": [ + "External analysis" + ], + "description": "Screenshot of the network resources.", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "google-analytics-id": { + "description": "Google analytics IDS", + "misp-attribute": "text", + "ui-priority": 0 + }, + "hosting-provider": { + "description": "The hosting provider/ISP where the resources are.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "ip-address": { + "description": "IP address of the whois entry", + "misp-attribute": "ip-src", + "multiple": true, + "ui-priority": 0 + }, + "jarm": { + "description": "JARM Footprint string", + "misp-attribute": "jarm-fingerprint", + "ui-priority": 0 + }, + "port": { + "description": "Port number", + "disable_correlation": true, + "misp-attribute": "port", + "ui-priority": 0 + }, + "query_string": { + "description": "Query (after path, preceded by '?')", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "resource_path": { + "description": "Path (between hostname:port and query)", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "service-abuse": { + "description": "Service abused by threat actors as part of their infrastructure.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0, + "values_list": [ + "OneDrive", + "Google Drive", + "Dropbox", + "Microsoft", + "Google", + "DuckDNS", + "Cloudflare", + "AWS" + ] + }, + "subdomain": { + "description": "Subdomain", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "text": { + "description": "Full whois entry", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "threat-actor-infrastructure-pattern": { + "description": "Patterns found on threat actor infrastructure that can correlate with other analysis.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "threat-actor-infrastructure-value": { + "description": "Unique valeu found on threat actor infrastructure identified through an investigation.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "tld": { + "description": "Top-Level Domain", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "url": { + "description": "Full URL", + "misp-attribute": "url", + "ui-priority": 1 + }, + "whois-creation-date": { + "description": "Initial creation of the whois entry", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "whois-expiration-date": { + "description": "Expiration of the whois entry", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "whois-registrant-email": { + "description": "Registrant email address", + "misp-attribute": "whois-registrant-email", + "ui-priority": 1 + }, + "whois-registrant-name": { + "description": "Registrant name", + "misp-attribute": "whois-registrant-name", + "ui-priority": 0 + }, + "whois-registrant-org": { + "description": "Registrant organisation", + "misp-attribute": "whois-registrant-org", + "ui-priority": 1 + }, + "whois-registrant-phone": { + "description": "Registrant phone number", + "misp-attribute": "whois-registrant-phone", + "ui-priority": 0 + }, + "whois-registrar": { + "description": "Registrar of the whois entry", + "misp-attribute": "whois-registrar", + "ui-priority": 0 + } + }, + "description": "Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls.", + "meta-category": "network", + "name": "network-profile", + "requiredOneOf": [ + "domain", + "ip-address", + "url" + ], + "uuid": "f0f9e287-8067-49a4-b0f8-7a0fed8d4e43", + "version": 5 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/paloalto-threat-event/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/paloalto-threat-event/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/paloalto-threat-event/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/paloalto-threat-event/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -0,0 +1,79 @@ +{ + "attributes": { + "app": { + "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "direction": { + "description": "The Direction of the Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "dport": { + "description": "The port to which the connection headed.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "dst": { + "description": "The Destination IP which is the target of the observed connections.", + "misp-attribute": "ip-dst", + "ui-priority": 1 + }, + "dstloc": { + "description": "The Destination Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "proto": { + "description": "The transport protocol (e.g. tcp, udp, icmp).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "sport": { + "description": "The port from which the connection originated.", + "misp-attribute": "counter", + "ui-priority": 1 + }, + "src": { + "description": "The ip observed to initiate the connection", + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "srcloc": { + "description": "The Source Location of the event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subtype": { + "description": "The subtype of the Log Event.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "thr_category": { + "description": "The Threat Category.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "threatid": { + "description": "The Threat ID.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "time_generated": { + "description": "The datetime of the event.", + "misp-attribute": "datetime", + "ui-priority": 1 + }, + "type": { + "description": "The type of the Log Event", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "Palo Alto Threat Log Event", + "meta-category": "network", + "name": "paloalto-threat-event", + "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", + "version": 5 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/person/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/person/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/person/definition.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/person/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -46,6 +46,11 @@ "misp-attribute": "first-name", "ui-priority": 98 }, + "full-name": { + "description": "Full name of a natural person usually composed of first-name, middle-name and last-name.", + "misp-attribute": "full-name", + "ui-priority": 100 + }, "gender": { "description": "The gender of a natural person.", "disable_correlation": true, @@ -190,8 +195,9 @@ "requiredOneOf": [ "first-name", "last-name", + "full-name", "alias" ], "uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", - "version": 10 + "version": 11 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/regexp/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/regexp/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/regexp/definition.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/regexp/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -19,7 +19,8 @@ "PCRE", "PCRE2", "POSIX BRE", - "POSIX ERE" + "POSIX ERE", + "FCRE (Farsight Compatible Regular Expressions)" ] }, "type": { @@ -51,5 +52,5 @@ "regexp" ], "uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", - "version": 4 + "version": 5 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/report/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/report/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/report/definition.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/report/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -35,10 +35,10 @@ "description": "Metadata used to generate an executive level report", "meta-category": "misc", "name": "report", - "required": [ + "requiredOneOf": [ "summary", "link" ], "uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", - "version": 2 + "version": 3 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/splunk/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/splunk/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/splunk/definition.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/splunk/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -46,6 +46,7 @@ "description": "Search / Correlation search", "disable_correlation": true, "misp-attribute": "text", + "multiple": true, "ui-priority": 0 } }, @@ -56,5 +57,5 @@ "search" ], "uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8", - "version": 1 + "version": 2 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/windows-service/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/windows-service/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/windows-service/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/objects/windows-service/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -0,0 +1,92 @@ +{ + "attributes": { + "comment": { + "description": "Additional comments.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "display": { + "description": "Display name/information of the service.", + "misp-attribute": "windows-service-displayname", + "ui-priority": 0 + }, + "group": { + "description": "Group to which the system/driver belong to.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Base", + "Boot Bus Extender", + "Boot File System", + "Cryptography", + "Extended base", + "Event Log", + "Filter", + "FSFilter Bottom", + "FSFilter Infrastructure", + "File System", + "FSFilter Virtualization", + "Keyboard Port", + "Network", + "NDIS", + "Parallel arbitrator", + "Pointer Port", + "PnP Filter", + "ProfSvc_Group", + "PNP_TDI", + "SCSI Miniport", + "SCSI CDROM Class", + "System Bus Extender", + "Video Save", + "other" + ], + "ui-priority": 0 + }, + "image-path": { + "description": "Path of the service/drive", + "misp-attribute": "text", + "ui-priority": 0 + }, + "name": { + "description": "name of the service", + "misp-attribute": "windows-service-name", + "ui-priority": 0 + }, + "start": { + "description": "When the service/driver starts or executes.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Boot start", + "System start", + "Auto start", + "Manual", + "Disabled" + ], + "ui-priority": 0 + }, + "type": { + "description": "Service/driver type.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Kernel driver", + "File system driver", + "Own process", + "Share process", + "Interactive", + "Other" + ], + "ui-priority": 0 + } + }, + "description": "Windows service and detailed about a service running a Windows operating system", + "meta-category": "misc", + "name": "windows-service", + "required": [ + "name" + ], + "uuid": "7598cc63-7ba3-4d0a-91c0-b875c6013035", + "version": 1 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/relationships/definition.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/relationships/definition.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/relationships/definition.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/relationships/definition.json 2021-03-05 18:23:11.000000000 +0100 @@ -43,7 +43,8 @@ "misp", "stix-1.1" ], - "name": "connected-to" + "name": "connected-to", + "opposite": "connected-from" }, { "description": "The referenced source is connected from the target object.", @@ -51,7 +52,8 @@ "misp", "stix-1.1" ], - "name": "connected-from" + "name": "connected-from", + "opposite": "connected-to" }, { "description": "The referenced source is containing the target object.", @@ -60,7 +62,8 @@ "stix-1.1", "alfred" ], - "name": "contains" + "name": "contains", + "opposite": "contained-by" }, { "description": "The referenced source is contained by the target object.", @@ -68,7 +71,8 @@ "misp", "stix-1.1" ], - "name": "contained-by" + "name": "contained-by", + "opposite": "contains" }, { "description": "The referenced source is contained within the target object.", @@ -84,7 +88,8 @@ "misp", "stix-1.1" ], - "name": "characterized-by" + "name": "characterized-by", + "opposite": "characterizes" }, { "description": "The referenced source is characterizing the target object.", @@ -92,7 +97,8 @@ "misp", "stix-1.1" ], - "name": "characterizes" + "name": "characterizes", + "opposite": "characterized-by" }, { "description": "The referenced source has queried the target object.", @@ -100,7 +106,8 @@ "misp", "stix-1.1" ], - "name": "properties-queried" + "name": "properties-queried", + "opposite": "properties-queried-by" }, { "description": "The referenced source is queried by the target object.", @@ -108,7 +115,8 @@ "misp", "stix-1.1" ], - "name": "properties-queried-by" + "name": "properties-queried-by", + "opposite": "properties-queried" }, { "description": "The referenced source is extracted from the target object.", @@ -124,7 +132,8 @@ "misp", "stix-1.1" ], - "name": "supra-domain-of" + "name": "supra-domain-of", + "opposite": "sub-domain-of" }, { "description": "The referenced source is a sub domain of the target object.", @@ -132,7 +141,8 @@ "misp", "stix-1.1" ], - "name": "sub-domain-of" + "name": "sub-domain-of", + "opposite": "supra-domain-of" }, { "description": "The referenced source has dropped the target object.", @@ -156,7 +166,8 @@ "misp", "stix-1.1" ], - "name": "downloaded" + "name": "downloaded", + "opposite": "downloaded-from" }, { "description": "The referenced source has been downloaded from the target object.", @@ -164,7 +175,8 @@ "misp", "stix-1.1" ], - "name": "downloaded-from" + "name": "downloaded-from", + "opposite": "downloaded" }, { "description": "The referenced source is resolved to the target object.", @@ -197,7 +209,8 @@ "stix-2.0", "alfred" ], - "name": "uses" + "name": "uses", + "opposite": "used-by" }, { "description": "This relationship describes that the source object indicates the target object.", @@ -251,14 +264,16 @@ "format": [ "misp" ], - "name": "authored-by" + "name": "authored-by", + "opposite": "is-author-of" }, { "description": "This relationship describes an object being author by someone.", "format": [ "misp" ], - "name": "is-author-of" + "name": "is-author-of", + "opposite": "authored-by" }, { "description": "This relationship describes the location (of any type) of a specific object.", @@ -272,14 +287,16 @@ "format": [ "misp" ], - "name": "included-in" + "name": "included-in", + "opposite": "includes" }, { "description": "This relationship describes an object that includes an other object.", "format": [ "misp" ], - "name": "includes" + "name": "includes", + "opposite": "included-in" }, { "description": "This relationship describes an object analysed by another object.", @@ -382,14 +399,16 @@ "format": [ "misp" ], - "name": "followed-by" + "name": "followed-by", + "opposite": "preceding-by" }, { "description": "This relationship describes an object which is preceded by another object. This can be used when a time reference is missing but a sequence is known.", "format": [ "misp" ], - "name": "preceding-by" + "name": "preceding-by", + "opposite": "followed-by" }, { "description": "This relationship describes an object which triggers another object.", @@ -438,7 +457,8 @@ "format": [ "cert-eu" ], - "name": "used-by" + "name": "used-by", + "opposite": "uses" }, { "description": "This relationship describes an object which is affiliated with another object.", @@ -741,14 +761,16 @@ "format": [ "alfred" ], - "name": "downloads" + "name": "downloads", + "opposite": "downloads-from" }, { "description": "Represents the semantic link of malware being downloaded from a location.", "format": [ "alfred" ], - "name": "downloads-from" + "name": "downloads-from", + "opposite": "downloads" }, { "description": "Represents the semantic link of an alert generated from a signature.", @@ -840,14 +862,16 @@ "format": [ "alfred" ], - "name": "registered" + "name": "registered", + "opposite": "registered-to" }, { "description": "Represents the semantic link of something being registered to.", "format": [ "alfred" ], - "name": "registered-to" + "name": "registered-to", + "opposite": "registered" }, { "description": "Represents the semantic link between HBS Comms and communication addresses.", @@ -1107,14 +1131,16 @@ "format": [ "misp" ], - "name": "leaks" + "name": "leaks", + "opposite": "leaked-by" }, { "description": "leaked-by", "format": [ "misp" ], - "name": "leaked-by" + "name": "leaked-by", + "opposite": "leaks" }, { "description": "doxed-by", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_objects.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/schema_objects.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_objects.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/schema_objects.json 2021-03-05 18:23:11.000000000 +0100 @@ -64,6 +64,8 @@ "dash", "date-of-birth", "datetime", + "dkim", + "dkim-signature", "dns-soa-email", "domain", "domain|ip", @@ -106,6 +108,7 @@ "first-name", "float", "frequent-flyer-number", + "full-name", "gender", "gene", "git-commit-id", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_relationships.json new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/schema_relationships.json --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_relationships.json 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/schema_relationships.json 2021-03-05 18:23:11.000000000 +0100 @@ -19,6 +19,9 @@ "items": { "type": "string" } + }, + "opposite": { + "type": "string" } }, "required": [ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/tools/validate_opposites.sh new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/tools/validate_opposites.sh --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/tools/validate_opposites.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/tools/validate_opposites.sh 2021-03-05 18:23:11.000000000 +0100 @@ -0,0 +1,17 @@ +#!/bin/bash + +opposites=$(cat relationships/definition.json | grep '"opposite"' | cut -d ':' -f 2 | tr -d ' ' | tr -d '"') + +for opposite in $opposites +do + cat relationships/definition.json | grep '"name": "'$opposite'"' >/dev/null 2>&1 + res=$? + if [ "$res" -eq 1 ] + then + echo "'$opposite' not found" + exit 1 + fi +done + +echo "OK, all opposites seem to point to existing relationships" +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/validate_all.sh new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/validate_all.sh --- old/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/validate_all.sh 2021-02-04 11:03:01.000000000 +0100 +++ new/misp-objects-067ae494983cd8dc3d8549e64166cd0d4faeab4f/validate_all.sh 2021-03-05 18:23:11.000000000 +0100 @@ -31,6 +31,7 @@ done jsonschema -i relationships/definition.json schema_relationships.json +./tools/validate_opposites.sh ./unique_uuid.py ++++++ python-pymisp-2.4.138.tar.gz -> python-pymisp-2.4.141.1.tar.gz ++++++ ++++ 4128 lines of diff (skipped)
