misp-objects/objects/crowdsec-ip-context/definition.json

183 lines
4.7 KiB
JSON
Raw Normal View History

{
"attributes": {
2023-05-12 08:52:19 +02:00
"as-name": {
"categories": [
"Network activity",
"External analysis"
],
2023-05-12 08:52:19 +02:00
"description": "Autonomous system name",
"disable_correlation": true,
2024-03-07 13:02:23 +01:00
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
2023-05-12 08:52:19 +02:00
"as-num": {
"categories": [
"Network activity",
"External analysis"
],
2023-05-12 08:52:19 +02:00
"description": "Autonomous system number",
"disable_correlation": true,
"misp-attribute": "AS",
"multiple": true,
"ui-priority": 0
},
2023-05-12 08:52:19 +02:00
"attack-details": {
"description": "Triggered scenarios",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"background-noise": {
"description": "High background noise scores highlight untargeted, mild threat mass-attacks",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 1
},
"behaviors": {
"description": "Attack categories",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"city": {
"description": "City of origin",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"classifications": {
"description": "Classification category of the IP address",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
2023-05-12 08:52:19 +02:00
"country": {
"description": "Country of origin",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"country-code": {
"description": "Country Code",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"cves": {
"description": "CVEs exploited by the observed IP",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"dst-port": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Destination port",
"disable_correlation": true,
"misp-attribute": "port",
"multiple": true,
"ui-priority": 1
},
"false-positives": {
"description": "False positive category of the IP address",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"ip": {
"categories": [
"Network activity",
"External analysis"
],
"description": "IP Address",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"ip-range": {
"categories": [
"Network activity",
"External analysis"
],
"description": "destination IP address",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"ip-range-score": {
"categories": [
"Network activity",
"External analysis"
],
"description": "destination IP address",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "float",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
},
"latitude": {
"description": "Latitude of origin",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "float",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
},
"longitude": {
"description": "Longitude of origin",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "float",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
},
"mitre-techniques": {
"description": "MITRE ATT&CK techniques used by the observed IP",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"reputation": {
"description": "Real-time, actionable IP reputation score derived from trusted reports and consensus-validated data in CrowdSec CTI",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
2023-05-12 08:52:19 +02:00
"reverse-dns": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Reverse DNS name",
"misp-attribute": "hostname",
"ui-priority": 1
},
2023-05-12 08:52:19 +02:00
"scores": {
"description": "Scores",
"disable_correlation": true,
"misp-attribute": "text",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
},
"target-countries": {
"description": "Target countries (top 10)",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "text",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
},
"trust": {
"description": "Trust level",
2023-05-12 08:52:19 +02:00
"disable_correlation": true,
"misp-attribute": "float",
2023-05-12 08:52:19 +02:00
"ui-priority": 1
}
},
"description": "CrowdSec Threat Intelligence - IP CTI search",
"meta-category": "network",
"name": "crowdsec-ip-context",
"requiredOneOf": [
"ip"
],
"uuid": "0f0a6def-a351-4d3b-9868-d732f6f4666f",
"version": 4
2023-05-12 10:34:19 +02:00
}