Skip to content

new: [muonfp] Added object #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adulau merged 1 commit into from
May 7, 2026
Merged

new: [muonfp] Added object #517

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
- [objects/mfa-auth](https://github.com/MISP/misp-objects/blob/main/objects/mfa-auth/definition.json) - Object describing a multi-factor authentication (MFA) event, including anonymized user identifiers, authentication method, network source information, device context, and analyst-derived outcome and reasoning.
- [objects/microblog](https://github.com/MISP/misp-objects/blob/main/objects/microblog/definition.json) - Microblog post like a Twitter tweet or a post on a Facebook wall.
- [objects/monetary-impact](https://github.com/MISP/misp-objects/blob/main/objects/monetary-impact/definition.json) - Monetary Impact object as described in STIX 2.1 Incident object extension.
- [objects/muonfp](https://github.com/MISP/misp-objects/blob/main/objects/muonfp/definition.json) - MuonFP is an open-source TCP fingerprinting standard built from TCP SYN/SYN-ACK packet attributes (TCP Window Size, ordered TCP Options KIND list, TCP MSS and TCP Window Scale), inspired by p0f. The fingerprint is expressed as 'TCPWindowSize:TCPOptions:TCPMSS:TCPWindowScale'. https://github.com/sundruid/muonfp.
- [objects/mutex](https://github.com/MISP/misp-objects/blob/main/objects/mutex/definition.json) - Object to describe mutual exclusion locks (mutex) as seen in memory or computer program.
- [objects/narrative](https://github.com/MISP/misp-objects/blob/main/objects/narrative/definition.json) - Object describing a narrative.
- [objects/netflow](https://github.com/MISP/misp-objects/blob/main/objects/netflow/definition.json) - Netflow object describes an network object based on the Netflowv5/v9 minimal definition.
Expand Down
76 changes: 76 additions & 0 deletions objects/muonfp/definition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"attributes": {
"description": {
"description": "Description of the MuonFP fingerprint, including scope, collection context or notes which could help an analyst to reproduce the calculation.",
"misp-attribute": "text",
"ui-priority": 0
},
"first-seen": {
"description": "First time the MuonFP fingerprint has been observed.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"ip-dst": {
"description": "Destination IP address associated with this MuonFP fingerprint observation.",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1
},
"ip-src": {
"description": "Source IP address associated with this MuonFP fingerprint observation.",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 1
},
"last-seen": {
"description": "Last time the MuonFP fingerprint has been observed.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"muonfp-fingerprint": {
"description": "MuonFP fingerprint computed from TCP SYN/SYN-ACK packet attributes, expressed as 'TCPWindowSize:TCPOptions:TCPMSS:TCPWindowScale' (e.g. 26847:2-4-8-1-3:1460:8).",
"misp-attribute": "text",
"ui-priority": 1
},
"reference": {
"description": "Reference to the source, tool or report associated with this MuonFP fingerprint.",
"disable_correlation": true,
"misp-attribute": "link",
"ui-priority": 0
},
"tcp-mss": {
"description": "TCP Maximum Segment Size (MSS) component of the MuonFP fingerprint.",
"disable_correlation": true,
"misp-attribute": "integer",
"ui-priority": 0
},
"tcp-options": {
"description": "Ordered list of TCP option KIND values used in the MuonFP fingerprint, dash-separated as observed during the TCP handshake (e.g. 2-4-8-1-3).",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"tcp-window-scale": {
"description": "TCP Window Scale factor component of the MuonFP fingerprint.",
"disable_correlation": true,
"misp-attribute": "integer",
"ui-priority": 0
},
"tcp-window-size": {
"description": "TCP Window Size component of the MuonFP fingerprint.",
"disable_correlation": true,
"misp-attribute": "integer",
"ui-priority": 0
}
},
"description": "MuonFP is an open-source TCP fingerprinting standard built from TCP SYN/SYN-ACK packet attributes (TCP Window Size, ordered TCP Options KIND list, TCP MSS and TCP Window Scale), inspired by p0f. The fingerprint is expressed as 'TCPWindowSize:TCPOptions:TCPMSS:TCPWindowScale'. https://github.com/sundruid/muonfp",
"meta-category": "network",
"name": "muonfp",
"requiredOneOf": [
"muonfp-fingerprint"
],
"uuid": "ea8eb2d5-22d4-4ab9-a66e-323ed3887cbb",
"version": 1
}
Loading