misp-objects/objects/cowrie/definition.json

{
  "requiredOneOf": [
    "session"
  ],
  "attributes": {
    "eventid": {
      "description": "Eventid of the session in the cowrie honeypot",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "system": {
      "description": "System origin in cowrie honeypot",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "username": {
      "description": "Username related to the password(s)",
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "password": {
      "description": "Password",
      "multiple": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "session": {
      "description": "Session id",
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "timestamp": {
      "description": "When the event happened",
      "ui-priority": 1,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "message": {
      "description": "Message of the cowrie honeypot",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "protocol": {
      "description": "Protocol used in the cowrie honeypot",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "sensor": {
      "description": "Cowrie sensor name",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "src_ip": {
      "description": "Source IP address of the session",
      "ui-priority": 1,
      "misp-attribute": "ip-src"
    },
    "dst_ip": {
      "description": "Destination IP address of the session",
      "ui-priority": 1,
      "misp-attribute": "ip-dst",
      "disable_correlation": true
    },
    "src_port": {
      "description": "Source port of the session",
      "ui-priority": 1,
      "misp-attribute": "port",
      "disable_correlation": true
    },
    "dst_port": {
      "description": "Destination port of the session",
      "ui-priority": 1,
      "misp-attribute": "port",
      "disable_correlation": true
    },
    "isError": {
      "description": "isError",
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    },
    "input": {
      "description": "Input of the session",
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "macCS": {
      "description": "SSH MAC supported in the sesssion",
      "multiple": true,
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "keyAlgs": {
      "description": "SSH public-key algorithm supported in the session",
      "multiple": true,
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "encCS": {
      "description": "SSH symmetric encryption algorithm supported in the session",
      "multiple": true,
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "compCS": {
      "description": "SSH compression algorithm supported in the session",
      "multiple": true,
      "ui-priority": 1,
      "misp-attribute": "text",
      "disable_correlation": true
    }
  },
  "version": 2,
  "description": "Cowrie honeypot object template",
  "meta-category": "network",
  "uuid": "ae085d32-6534-4d52-b3eb-063fccb753e7",
  "name": "cowrie"
}
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`{`
			`"requiredOneOf": [`
			`"session"`
			`],`
			`"attributes": {`
			`"eventid": {`
			`"description": "Eventid of the session in the cowrie honeypot",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"system": {`
			`"description": "System origin in cowrie honeypot",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"username": {`
			`"description": "Username related to the password(s)",`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
typo: passsword -> password 2018-03-01 16:20:58 +01:00			`"password": {`
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`"description": "Password",`
			`"multiple": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"session": {`
			`"description": "Session id",`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"timestamp": {`
			`"description": "When the event happened",`
			`"ui-priority": 1,`
			`"misp-attribute": "datetime",`
			`"disable_correlation": true`
			`},`
			`"message": {`
			`"description": "Message of the cowrie honeypot",`
			`"ui-priority": 1,`
			`"misp-attribute": "text",`
			`"disable_correlation": true`
			`},`
			`"protocol": {`
			`"description": "Protocol used in the cowrie honeypot",`
			`"ui-priority": 1,`
			`"misp-attribute": "text",`
			`"disable_correlation": true`
			`},`
			`"sensor": {`
			`"description": "Cowrie sensor name",`
			`"ui-priority": 1,`
			`"misp-attribute": "text",`
			`"disable_correlation": true`
			`},`
			`"src_ip": {`
			`"description": "Source IP address of the session",`
			`"ui-priority": 1,`
			`"misp-attribute": "ip-src"`
			`},`
			`"dst_ip": {`
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00			`"description": "Destination IP address of the session",`
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`"ui-priority": 1,`
			`"misp-attribute": "ip-dst",`
			`"disable_correlation": true`
			`},`
fix: add missing destination and source port 2018-02-28 17:47:02 +01:00			`"src_port": {`
			`"description": "Source port of the session",`
			`"ui-priority": 1,`
			`"misp-attribute": "port",`
			`"disable_correlation": true`
			`},`
			`"dst_port": {`
			`"description": "Destination port of the session",`
			`"ui-priority": 1,`
			`"misp-attribute": "port",`
			`"disable_correlation": true`
			`},`
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`"isError": {`
			`"description": "isError",`
			`"ui-priority": 1,`
			`"misp-attribute": "text",`
			`"disable_correlation": true`
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00			`},`
			`"input": {`
			`"description": "Input of the session",`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"macCS": {`
			`"description": "SSH MAC supported in the sesssion",`
			`"multiple": true,`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"keyAlgs": {`
			`"description": "SSH public-key algorithm supported in the session",`
			`"multiple": true,`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"encCS": {`
			`"description": "SSH symmetric encryption algorithm supported in the session",`
			`"multiple": true,`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"compCS": {`
			`"description": "SSH compression algorithm supported in the session",`
			`"multiple": true,`
			`"ui-priority": 1,`
fix: disable correlation for compression algorithms 2018-03-01 21:09:04 +01:00			`"misp-attribute": "text",`
			`"disable_correlation": true`
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`}`
			`},`
fix: Cowrie object - SSH attributes added 2018-03-01 21:08:16 +01:00			`"version": 2,`
add: Cowrie honeypot object template 2018-02-28 17:41:29 +01:00			`"description": "Cowrie honeypot object template",`
			`"meta-category": "network",`
			`"uuid": "ae085d32-6534-4d52-b3eb-063fccb753e7",`
			`"name": "cowrie"`
			`}`