Add rulezet-bundle MISP object template by adulau · Pull Request #511 · MISP/misp-objects

adulau · 2026-04-10T16:00:01Z

Provide a MISP object template that represents a Rulezet bundle metadata record derived from the specified database structure for use in MISP and related tooling.
Capture ownership, timestamps, access, activity counters, verification status, rule formats and vulnerability identifiers so bundles can be linked and queried consistently alongside existing rule metadata objects.

Added objects/rulezet-bundle/definition.json which defines a new rulezet-bundle object with meta-category: misc, version: 1, and a UUID.
Mapped database fields to MISP attributes including name, description, created-at, updated-at, author, user-id/user-name, created-by, access, vote-up/vote-down, view-count, download-count, number-of-rules, rule-format (multi-value), vulnerability-identifier (multi-value), and uuid as required fields.
Chose MISP-compatible attribute types (text, datetime, counter, boolean, vulnerability) and set name and uuid as required attributes.
Ensured the JSON file is normalized/sorted to project conventions via the repository's JSON tooling.

Ran ./jq_all_the_things.sh to normalize and sort JSON files and it completed successfully.
Verified JSON syntax with jq empty objects/rulezet-bundle/definition.json and python3 -m json.tool objects/rulezet-bundle/definition.json, both of which succeeded.
Attempted schema validation with jsonschema -i objects/rulezet-bundle/definition.json schema_objects.json which failed because the jsonschema CLI is not installed in this environment.

Add new rulezet-bundle object template

46fde1d

adulau added the codex label Apr 10, 2026 — with ChatGPT Codex Connector

adulau merged commit f00c238 into main Apr 10, 2026
7 checks passed

Provide feedback