Add packet-filter-rule MISP object definition and README entry by adulau · Pull Request #501 · MISP/misp-objects

adulau · 2026-04-08T12:28:51Z

Provide a standardized MISP object to represent packet-filter, firewall, and ACL rules across network security platforms to improve sharing and correlation of rule metadata.
Capture common rule fields such as action, source/destination selectors, ports, protocol, product/vendor, and the original rule text for analysis and enrichment.

Add objects/packet-filter-rule/definition.json defining the packet-filter-rule object with attributes including action, comment, destination, destination-port, direction, enabled, interface, logging, product, protocol, raw-rule, reference, rule-format, rule-id, rule-name, sequence-number, source, source-port, and vendor.
Include sensible defaults (sane_default) and UI priorities (ui-priority) for many attributes and mark correlation-disabled where appropriate.
Set object metadata: name = packet-filter-rule, meta-category = network, requiredOneOf = ["raw-rule", "rule-id", "rule-name"], uuid = 2f06d31e-cc48-4e50-bd3a-9f97c0c71e6a, and version = 1.
Update README.md to add the new object entry linking to the definition in objects/packet-filter-rule/definition.json.

Merge packet-filter rule value lists into sane defaults

c2bcab5

adulau added the codex label Apr 8, 2026 — with ChatGPT Codex Connector

adulau merged commit 995c51f into main Apr 8, 2026
7 checks passed

adulau mentioned this pull request Apr 8, 2026

New packet filter rules to convey firewall or acl rules #452

Closed

Provide feedback