misp-objects/objects/whois/definition.json

{
  "requiredOneOf": [
    "registrant-email",
    "registrant-phone",
    "creation-date",
    "registrant-name",
    "registrar",
    "text",
    "domain",
    "ip-address"
  ],
  "attributes": {
    "text": {
      "description": "Full whois entry",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "registrar": {
      "description": "Registrar of the whois entry",
      "ui-priority": 0,
      "misp-attribute": "whois-registrar"
    },
    "registrant-name": {
      "description": "Registrant name",
      "ui-priority": 0,
      "misp-attribute": "whois-registrant-name"
    },
    "registrant-phone": {
      "description": "Registrant phone number",
      "ui-priority": 0,
      "misp-attribute": "whois-registrant-phone"
    },
    "registrant-email": {
      "description": "Registrant email address",
      "ui-priority": 1,
      "misp-attribute": "whois-registrant-email"
    },
    "registrant-org": {
      "description": "Registrant organisation",
      "ui-priority": 1,
      "misp-attribute": "whois-registrant-org"
    },
    "creation-date": {
      "description": "Initial creation of the whois entry",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "datetime"
    },
    "modification-date": {
      "description": "Last update of the whois entry",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "datetime"
    },
    "expiration-date": {
      "description": "Expiration of the whois entry",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "datetime"
    },
    "nameserver": {
      "description": "Nameserver",
      "ui-priority": 0,
      "misp-attribute": "hostname",
      "disable_correlation": true,
      "multiple": true,
      "to_ids": false
    },
    "domain": {
      "description": "Domain of the whois entry",
      "categories": [
        "Network activity",
        "External analysis"
      ],
      "ui-priority": 0,
      "multiple": true,
      "misp-attribute": "domain"
    },
    "comment": {
      "description": "Comment of the whois entry",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "ip-address": {
      "description": "IP address of the whois entry",
      "ui-priority": 0,
      "multiple": true,
      "misp-attribute": "ip-src"
    }
  },
  "version": 10,
  "description": "Whois records information for a domain name or an IP address.",
  "meta-category": "network",
  "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
  "name": "whois"
}
Whois object added 2016-02-09 16:08:15 +01:00			`{`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"requiredOneOf": [`
			`"registrant-email",`
			`"registrant-phone",`
			`"creation-date",`
			`"registrant-name",`
fix: raw whois is also accepted as single attribute in whois object Required for importing STIX CybOX 1.1 object where just a raw whois entry is added in remarks. 2018-03-16 13:13:35 +01:00			`"registrar",`
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00			`"text",`
			`"domain",`
			`"ip-address"`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`],`
JQ all the things 2017-02-13 11:18:42 +01:00			`"attributes": {`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"text": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Full whois entry",`
whois - adds nameserver attributes adding nameserver attributes as a whois response contains those 2017-12-20 15:22:45 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 1,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "text"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
registar->registrar 2017-12-02 23:08:56 +01:00			`"registrar": {`
Fix #22 2017-09-18 08:11:25 +02:00			`"description": "Registrar of the whois entry",`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 0,`
Fix #22 2017-09-18 08:11:25 +02:00			`"misp-attribute": "whois-registrar"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"registrant-name": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Registrant name",`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 0,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "whois-registrant-name"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
			`"registrant-phone": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Registrant phone number",`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 0,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "whois-registrant-phone"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"registrant-email": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Registrant email address",`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 1,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "whois-registrant-email"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
chg: whois object now includes registrant-org matching new MISP attributes type - whois-registrant-org 2017-12-18 14:04:53 +01:00			`"registrant-org": {`
			`"description": "Registrant organisation",`
			`"ui-priority": 1,`
			`"misp-attribute": "whois-registrant-org"`
			`},`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"creation-date": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Initial creation of the whois entry",`
whois - adds nameserver attributes adding nameserver attributes as a whois response contains those 2017-12-20 15:22:45 +01:00			`"disable_correlation": true,`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"ui-priority": 0,`
			`"misp-attribute": "datetime"`
			`},`
			`"modification-date": {`
			`"description": "Last update of the whois entry",`
whois - adds nameserver attributes adding nameserver attributes as a whois response contains those 2017-12-20 15:22:45 +01:00			`"disable_correlation": true,`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"ui-priority": 0,`
			`"misp-attribute": "datetime"`
			`},`
			`"expiration-date": {`
			`"description": "Expiration of the whois entry",`
whois - adds nameserver attributes adding nameserver attributes as a whois response contains those 2017-12-20 15:22:45 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:45:41 +02:00			`"ui-priority": 0,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "datetime"`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
whois - adds nameserver attributes adding nameserver attributes as a whois response contains those 2017-12-20 15:22:45 +01:00			`"nameserver": {`
			`"description": "Nameserver",`
			`"ui-priority": 0,`
			`"misp-attribute": "hostname",`
			`"disable_correlation": true,`
			`"multiple": true,`
			`"to_ids": false`
			`},`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"domain": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Domain of the whois entry",`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"categories": [`
			`"Network activity",`
			`"External analysis"`
			`],`
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00			`"ui-priority": 0,`
Allow multiple domains and/or IP addresses per object 2018-04-26 16:50:25 +02:00			`"multiple": true,`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"misp-attribute": "domain"`
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00			`},`
			`"comment": {`
			`"description": "Comment of the whois entry",`
			`"ui-priority": 0,`
			`"misp-attribute": "text"`
			`},`
			`"ip-address": {`
			`"description": "IP address of the whois entry",`
			`"ui-priority": 0,`
Allow multiple domains and/or IP addresses per object 2018-04-26 16:50:25 +02:00			`"multiple": true,`
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00			`"misp-attribute": "ip-src"`
JQ all the things 2017-02-13 11:18:42 +01:00			`}`
			`},`
Update definition.json 2018-04-26 16:53:24 +02:00			`"version": 10,`
fix: whois record object updated to cover both cases: domain or IP address 2018-03-16 13:29:39 +01:00			`"description": "Whois records information for a domain name or an IP address.",`
ui-frequency is the one! 2017-07-03 12:26:40 +02:00			`"meta-category": "network",`
			`"uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",`
			`"name": "whois"`
Whois object added 2016-02-09 16:08:15 +01:00			`}`