Last modified: Wed Oct 02 2024 16:09:21 GMT+0200 (Central European Summer Time)
MISP objects to be used in MISP (2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations and concatenation of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing.
Objects can be added by using the side menu:

This will open a popup where you can choose the type of object:



For this example we will try to add an ip|port object:

After pressing "Submit, you are given the possibility to review your object before saving it.

An object is designed using a JSON file which should respect a format described in this document.
An object is basically a combination of two or more attributes that can be used together to represent real cyber security use-cases. These attributes are listed in a JSON object.
Each attribute is an JSON object defined by a name, a description, a misp-attribute and an ui-priority value.
There are also others options that can be added to define an attribute more precisely.
Not all attributes are mandatory, but some can be required. If so, they need to be listed in a list called "required". The object will only be valid if the listed attributes are set. The same way, there are sometimes when only one attribute in a set is needed. This set can be put in a list called "requiredOneOf". If at least one of the attributes in this list is set, the object will be valid.