Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Introduction

The tags beginning with threatintel.misp identify events generated by MISP Threat Sharing belonging to MISP Standard Collaborative Intelligence.

Valid tags and data tables 

The full tag must have at least 3 levels. The first two are fixed as threatintel.misp. The third level identifies the type of events sent and the fourth indicates the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

MISP Threat Sharing

threatintel.misp.attributenotifications

threatintel.misp.attributenotifications

threatintel.misp.attributes

threatintel.misp.attributes

threatintel.misp.sighting.attributes

threatintel.misp.sighting.attributes

threatintel.misp.sighting.logs

threatintel.misp.sighting.logs

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

  • threatintel.misp.attributenotifications

  • threatintel.misp.attributes

  • threatintel.misp.sighting.attributes

  • threatintel.misp.sighting.logs

threatintel.misp.attributenotifications

Field

Type

Extra fields

eventdate

timestamp

hostname

str

attribute_id

str

attribute_event_id

str

attribute_object_id

str

attribute_object_relation

str

attribute_category

str

attribute_type

str

attribute_value1

str

attribute_value2

str

attribute_to_ids

bool

attribute_uuid

str

attribute_timestamp

str

attribute_distribution

str

attribute_sharing_group_id

str

attribute_comment

str

attribute_deleted

bool

attribute_disable_correlation

bool

attribute_value

str

attribute_sighting

str

event_id

str

event_date

str

event_info

str

event_uuid

str

event_published

bool

event_analysis

str

event_threat_level_id

str

event_org_id

str

event_ref_orgc_id

str

event_distribution

str

event_sharing_group_id

str

event_orgc_id

str

event_orgc_uuid

str

event_orgc_name

str

action

str

hostchain

str

tag

str

rawMessage

str

threatintel.misp.attributes

Field

Type

Field Transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

attribute_id

str

 

 

attribute_event_id

str

 

 

attribute_object_id

str

 

 

attribute_object_relation

str

 

 

attribute_category

str

 

 

attribute_type

str

 

 

attribute_value1

str

 

 

attribute_value2

str

 

 

attribute_to_ids

bool

 

 

attribute_uuid

str

 

 

attribute_timestamp

str

 

 

attribute_distribution

str

 

 

attribute_sharing_group_id

str

 

 

attribute_comment

str

 

 

attribute_deleted

bool

 

 

attribute_disable_correlation

bool

 

 

attribute_value

str

 

 

attribute_sighting

str

 

 

attribute_tag

str

 

 

event_id

str

 

 

event_date

str

 

 

event_info

str

 

 

event_uuid

str

 

 

event_published

bool

 

 

event_analysis

str

 

 

event_threat_level_id

str

 

 

event_org_id

str

 

 

event_orgc_id

str

 

 

event_distribution

str

 

 

event_sharing_group_id

str

 

 

event_ref_orgc_id

str

 

 

event_orgc_uuid

str

 

 

event_orgc_name

str

 

 

event_tag

str

 

 

event_publish_timestamp

str

 

 

action

str

 

 

object_id

str

 

 

object_name

str

 

 

object_meta_category

str

 

 

object_description

str

 

 

object_template_uuid

str

 

 

object_template_version

str

 

 

object_event_id

str

 

 

object_uuid

str

 

 

object_timestamp

str

 

 

object_distribution

str

 

 

object_sharing_group_id

str

 

 

object_comment

str

 

 

object_deleted

str

 

 

object_first_seen

str

 

 

object_last_seen

str

 

 

eventtags_id_str

str

join(eventtags_id, ',')

eventtags_id

eventtags_name_str

str

join(eventtags_name, ',')

eventtags_name

eventtags_colour_str

str

join(eventtags_colour, ',')

eventtags_colour

eventtags_exportable_str

str

replace(replace(stringify(json(eventtags_exportable)), '[', ''), ']', '')

eventtags_exportable

eventtags_org_id_str

str

join(eventtags_org_id, ',')

eventtags_org_id

eventtags_user_id_str

str

join(eventtags_user_id, ',')

eventtags_user_id

eventtags_hide_tag_str

str

replace(replace(stringify(json(eventtags_hide_tag)), '[', ''), ']', '')

eventtags_hide_tag

eventtags_numerical_value_str

str

join(eventtags_numerical_value, ',')

eventtags_numerical_value

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

threatintel.misp.sighting.attributes

Field

Type

Extra fields

eventdate

timestamp

hostname

str

eventdate_instance

str

level

str

trace

str

namespace

str

value

ip4

first_seen

timestamp

last_seen

timestamp

consensus

int4

count

int4

tags

str

hostchain

str

tag

str

rawMessage

str

threatintel.misp.sighting.logs

Field

Type

Extra fields

eventdate

timestamp

hostname

str

eventdate_instance

str

level

str

trace

str

message

str

hostchain

str

tag

str

rawMessage

str

  • No labels