2016-02-13 18:19:27 +01:00
{
2017-02-13 11:18:42 +01:00
"attributes" : {
2020-04-26 02:10:02 +02:00
"bailiwick" : {
"description" : "Best estimate of the apex of the zone where this data is authoritative" ,
"disable_correlation" : true ,
2021-05-02 15:57:54 +02:00
"misp-attribute" : "domain" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-07-03 12:15:50 +02:00
} ,
"count" : {
2018-01-25 15:07:19 +01:00
"description" : "How many authoritative DNS answers were received at the Passive DNS Server's collectors with exactly the given set of values as answers." ,
2020-04-26 02:10:02 +02:00
"disable_correlation" : true ,
2018-01-25 15:07:19 +01:00
"misp-attribute" : "counter" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
} ,
"origin" : {
2021-04-27 15:37:51 +02:00
"description" : "Origin of the Passive DNS response. This field is represented as a Uniform Resource Identifier (URI)" ,
2020-04-26 02:10:02 +02:00
"disable_correlation" : true ,
"misp-attribute" : "text" ,
"ui-priority" : 0
} ,
2020-11-13 20:09:46 +01:00
"raw_rdata" : {
2021-05-02 15:57:54 +02:00
"description" : "Resource records of the queried resource, in hexadecimal. *All* rdata entries at once." ,
2020-11-13 20:09:46 +01:00
"misp-attribute" : "text" ,
"ui-priority" : 0
} ,
2020-04-26 02:10:02 +02:00
"rdata" : {
2021-05-02 15:57:54 +02:00
"description" : "Resource records of the queried resource. Note that this field is added for *each* rdata entry in the rrset." ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 1
2017-07-03 12:15:50 +02:00
} ,
"rrname" : {
2017-02-13 11:18:42 +01:00
"categories" : [
"Network activity" ,
"External analysis"
2017-07-03 12:15:50 +02:00
] ,
2020-04-26 02:10:02 +02:00
"description" : "Resource Record name of the queried resource." ,
"misp-attribute" : "text" ,
"ui-priority" : 1
2017-02-13 11:18:42 +01:00
} ,
2017-07-03 12:15:50 +02:00
"rrtype" : {
2017-02-13 11:18:42 +01:00
"categories" : [
"Network activity" ,
"External analysis"
2017-07-03 12:15:50 +02:00
] ,
2020-04-26 02:10:02 +02:00
"description" : "Resource Record type as seen by the passive DNS." ,
"disable_correlation" : true ,
2017-08-29 18:36:46 +02:00
"misp-attribute" : "text" ,
"sane_default" : [
"A" ,
"AAAA" ,
"CNAME" ,
"PTR" ,
"SOA" ,
"TXT" ,
"DNAME" ,
"NS" ,
"SRV" ,
"RP" ,
"NAPTR" ,
"HINFO" ,
"A6"
2018-01-25 15:07:19 +01:00
] ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 1
2017-08-29 18:36:46 +02:00
} ,
2020-04-26 02:10:02 +02:00
"sensor_id" : {
"description" : "Sensor information where the record was seen" ,
"disable_correlation" : true ,
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
} ,
2020-04-26 02:10:02 +02:00
"text" : {
"description" : "Description of the passive DNS record." ,
"disable_correlation" : true ,
2018-01-25 15:07:19 +01:00
"misp-attribute" : "text" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
} ,
"time_first" : {
"description" : "First time that the unique tuple (rrname, rrtype, rdata) has been seen by the passive DNS" ,
"disable_correlation" : true ,
"misp-attribute" : "datetime" ,
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
} ,
2021-04-27 18:13:05 +02:00
"time_first_ms" : {
"description" : "Same meaning as the field 'time_first', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)" ,
2020-04-26 02:10:02 +02:00
"disable_correlation" : true ,
2018-01-25 15:07:19 +01:00
"misp-attribute" : "datetime" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
} ,
2017-07-03 12:15:50 +02:00
"time_last" : {
2017-08-29 18:36:46 +02:00
"description" : "Last time that the unique tuple (rrname, rrtype, rdata) record has been seen by the passive DNS" ,
2020-04-26 02:10:02 +02:00
"disable_correlation" : true ,
2018-01-25 15:07:19 +01:00
"misp-attribute" : "datetime" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
} ,
2021-04-27 15:37:51 +02:00
"time_last_ms" : {
"description" : "Same meaning as the field 'time_last', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)" ,
"disable_correlation" : true ,
"misp-attribute" : "datetime" ,
"ui-priority" : 0
} ,
2020-04-26 02:10:02 +02:00
"zone_time_first" : {
"description" : "First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import" ,
"disable_correlation" : true ,
2018-01-25 15:07:19 +01:00
"misp-attribute" : "datetime" ,
2020-04-26 02:10:02 +02:00
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
} ,
2020-04-26 02:10:02 +02:00
"zone_time_last" : {
"description" : "Last time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import." ,
"disable_correlation" : true ,
"misp-attribute" : "datetime" ,
"ui-priority" : 0
2017-02-13 11:18:42 +01:00
}
} ,
2021-04-27 15:37:51 +02:00
"description" : "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html" ,
2017-07-03 12:15:50 +02:00
"meta-category" : "network" ,
2020-04-26 02:10:02 +02:00
"name" : "passive-dns" ,
"required" : [
"rrtype" ,
"rrname" ,
"rdata"
] ,
2017-07-03 12:15:50 +02:00
"uuid" : "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c" ,
2021-05-02 16:03:35 +02:00
"version" : 5
2021-05-03 07:20:51 +02:00
}