2021-03-05 18:05:39 +01:00
|
|
|
{
|
|
|
|
|
"attributes": {
|
2021-03-05 18:16:46 +01:00
|
|
|
"app": {
|
|
|
|
|
"description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"direction": {
|
|
|
|
|
"description": "The Direction of the Event.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"dport": {
|
|
|
|
|
"description": "The port to which the connection headed.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:16:46 +01:00
|
|
|
"misp-attribute": "counter",
|
2021-03-05 18:05:39 +01:00
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"dst": {
|
|
|
|
|
"description": "The Destination IP which is the target of the observed connections.",
|
|
|
|
|
"misp-attribute": "ip-dst",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"dstloc": {
|
|
|
|
|
"description": "The Destination Location of the event.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"proto": {
|
|
|
|
|
"description": "The transport protocol (e.g. tcp, udp, icmp).",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"sport": {
|
|
|
|
|
"description": "The port from which the connection originated.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:16:46 +01:00
|
|
|
"misp-attribute": "counter",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"src": {
|
|
|
|
|
"description": "The ip observed to initiate the connection",
|
|
|
|
|
"misp-attribute": "ip-src",
|
2021-03-05 18:05:39 +01:00
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"srcloc": {
|
|
|
|
|
"description": "The Source Location of the event.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"subtype": {
|
|
|
|
|
"description": "The subtype of the Log Event.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"thr_category": {
|
|
|
|
|
"description": "The Threat Category.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"threatid": {
|
|
|
|
|
"description": "The Threat ID.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:05:39 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"time_generated": {
|
|
|
|
|
"description": "The datetime of the event.",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:16:46 +01:00
|
|
|
"misp-attribute": "datetime",
|
2021-03-05 18:05:39 +01:00
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
2021-03-05 18:16:46 +01:00
|
|
|
"type": {
|
|
|
|
|
"description": "The type of the Log Event",
|
2021-05-27 22:24:58 +02:00
|
|
|
"disable_correlation": true,
|
2021-03-05 18:16:46 +01:00
|
|
|
"misp-attribute": "text",
|
2021-03-05 18:05:39 +01:00
|
|
|
"ui-priority": 1
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"description": "Palo Alto Threat Log Event",
|
|
|
|
|
"meta-category": "network",
|
|
|
|
|
"name": "paloalto-threat-event",
|
|
|
|
|
"uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
|
2022-05-11 13:16:36 +02:00
|
|
|
"version": 6
|
2022-05-11 15:38:24 +02:00
|
|
|
}
|
