From 2d7d2f7ec30cfe92bd04e7a264bb57ed4aa86892 Mon Sep 17 00:00:00 2001
From: Jonathan Rau <139361268+jonrau-at-queryai@users.noreply.github.com>
Date: Mon, 26 Aug 2024 21:59:02 -0400
Subject: [PATCH 1/2] expand OSINT

---
 objects/osint.json | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/objects/osint.json b/objects/osint.json
index e38f5d3f7..676910e1a 100644
--- a/objects/osint.json
+++ b/objects/osint.json
@@ -27,7 +27,7 @@
         },
         "4":{
           "caption":"Hash",
-          "description":"Any type of hash e.g., MD5, SHA1, SHA2, BLAKE, BLAKE2, etc. generated from a file, malware sample, request header, or otherwise."
+          "description":"Any type of hash e.g., MD5, SHA1, SHA2, BLAKE, BLAKE2, SSDEEP, VHASH, etc. generated from a file, malware sample, request header, or otherwise used to identify a pertinent artifact."
         },
         "5":{
           "caption":"URL",
@@ -53,6 +53,10 @@
           "caption":"Vulnerability",
           "description":"A CVE ID, CWE ID, or other identifier for a weakness, exploit, bug, or misconfiguration."
         },
+        "11":{
+          "caption":"File",
+          "description":"A file or metadata about a file."
+        },
         "99":{
           "caption":"Other",
           "description":"The indicator type is not directly listed."
@@ -166,6 +170,25 @@
     "location":{
       "description":"Any pertinent geolocation information related to an indicator or OSINT analysis.",
       "requirement":"optional"
+    },
+    "file":{
+      "caption":"Related File",
+      "description":"Any pertinent file information related to an indicator or OSINT analysis.",
+      "requirement":"optional"
+    },
+    "reputation":{
+      "description":"Related reputational analysis from third-party engines and analysts for a given indicator or OSINT analysis.",
+      "requirement":"optional"
+    },
+    "subnet":{
+      "caption":"Related Subnet",
+      "description":"A CIDR or network block related to an indicator or OSINT analysis.",
+      "requirement":"optional"
+    },
+    "script":{
+      "caption":"Related Script Data",
+      "description":"Any pertinent script information related to an indicator or OSINT analysis.",
+      "requirement":"optional"
     }
   }
 }
\ No newline at end of file

From b20a4284ce748a95cd4002f51647adf9d431b1d3 Mon Sep 17 00:00:00 2001
From: Jonathan Rau <139361268+jonrau-at-queryai@users.noreply.github.com>
Date: Mon, 26 Aug 2024 22:01:31 -0400
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a6ef991d..d852c12e7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,7 @@ Thankyou! -->
     1. Added `phone_number` to `user` and `ldap_person` objects. #1155
     2. Added `has_mfa` to `user` object. #1155
     3. Added `vendor_name` to `cvss` object. #1165
+    4. Added `file`, `reputation`, `subnet`, and `script` to `osint` object. #1168
 
 ### Misc
 1. Added `user.uid` as an Observable type - `type_id: 31`. #1155
@@ -57,6 +58,7 @@ Thankyou! -->
 4. Added `has_mfa` boolean_t to Dictionary. #1155
 5. Deprecate `project_uid`. #1166
 6. Added several new enums to `account.type_id`. #1166
+7. Added new `file` enum to `osint.type_id`. #1168
 
 ## [v1.3.0] - August 1st, 2024