2017-03-05 13:01:02 +01:00
{
"name" : "ddos" ,
2017-03-17 17:31:09 +01:00
"uuid" : "e2f124d6-f57c-4f93-99e6-8450545fa05d" ,
2017-03-05 13:01:02 +01:00
"meta-category" : "network" ,
"description" : "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy" ,
2017-12-05 11:05:56 +01:00
"version" : 6 ,
2017-03-05 13:01:02 +01:00
"attributes" : {
2017-03-13 08:19:27 +01:00
"total-bps" : {
2017-08-29 18:36:46 +02:00
"description" : "Bits per second" ,
2017-03-05 16:51:02 +01:00
"misp-attribute" : "counter" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0
2017-03-05 16:51:02 +01:00
} ,
"text" : {
2017-08-29 18:36:46 +02:00
"description" : "Description of the DDoS" ,
2017-12-05 11:05:56 +01:00
"disable_correlation" : true ,
2017-03-05 16:51:02 +01:00
"misp-attribute" : "text" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0
2017-03-05 16:51:02 +01:00
} ,
2017-11-23 14:43:04 +01:00
"domain-dst" : {
"description" : "Destination domain (victim)" ,
"misp-attribute" : "domain" ,
"ui-priority" : 1 ,
"categories" : [
"Network activity" ,
"External analysis"
]
} ,
2017-03-13 08:19:27 +01:00
"ip-dst" : {
2017-11-23 14:43:04 +01:00
"description" : "Destination IP (victim)" ,
2017-03-13 08:19:27 +01:00
"misp-attribute" : "ip-dst" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 1 ,
2017-03-05 13:01:02 +01:00
"categories" : [
"Network activity" ,
"External analysis"
]
} ,
2017-03-13 08:19:27 +01:00
"ip-src" : {
2017-08-29 18:36:46 +02:00
"description" : "IP address originating the attack" ,
2017-03-13 08:19:27 +01:00
"misp-attribute" : "ip-src" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 1 ,
2017-03-05 13:01:02 +01:00
"categories" : [
"Network activity" ,
"External analysis"
]
} ,
2017-03-13 08:19:27 +01:00
"dst-port" : {
2017-08-29 18:36:46 +02:00
"description" : "Destination port of the attack" ,
2017-07-03 06:33:53 +02:00
"misp-attribute" : "port" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0 ,
2017-03-05 13:01:02 +01:00
"categories" : [
"Network activity" ,
"External analysis"
]
} ,
2017-03-13 08:19:27 +01:00
"src-port" : {
2017-08-29 18:36:46 +02:00
"description" : "Port originating the attack" ,
2017-07-03 06:33:53 +02:00
"misp-attribute" : "port" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0 ,
2017-03-05 13:01:02 +01:00
"categories" : [
"Network activity" ,
"External analysis"
]
} ,
2017-03-13 08:19:27 +01:00
"first-seen" : {
2017-08-29 18:36:46 +02:00
"description" : "Beginning of the attack" ,
2017-12-05 11:05:56 +01:00
"disable_correlation" : true ,
2017-03-13 08:19:27 +01:00
"misp-attribute" : "datetime" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0
2017-03-13 08:19:27 +01:00
} ,
2017-03-05 13:01:02 +01:00
"protocol" : {
2017-08-29 18:36:46 +02:00
"description" : "Protocol used for the attack" ,
2017-03-05 13:01:02 +01:00
"misp-attribute" : "text" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0 ,
2017-09-17 12:46:51 +02:00
"values_list" : [
2017-03-05 16:51:02 +01:00
"TCP" ,
"UDP" ,
"ICMP" ,
"IP"
]
2017-03-05 13:01:02 +01:00
} ,
2017-03-13 08:19:27 +01:00
"total-pps" : {
2017-08-29 18:36:46 +02:00
"description" : "Packets per second" ,
2017-03-13 08:19:27 +01:00
"misp-attribute" : "counter" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0
2017-03-13 08:19:27 +01:00
} ,
"last-seen" : {
2017-08-29 18:36:46 +02:00
"description" : "End of the attack" ,
2017-12-05 11:05:56 +01:00
"disable_correlation" : true ,
2017-03-05 13:01:02 +01:00
"misp-attribute" : "datetime" ,
2017-07-03 16:41:16 +02:00
"ui-priority" : 0
2017-03-05 13:01:02 +01:00
}
} ,
"requiredOneOf" : [
"ip-dst" ,
2017-11-23 14:43:04 +01:00
"ip-src" ,
"domain-dst"
2017-03-05 13:01:02 +01:00
]
}