From 097ea8c76c098e2447cfed9673a633a1501a1a49 Mon Sep 17 00:00:00 2001 From: Emil Henry Flakk Date: Sat, 15 Aug 2020 14:57:53 +0200 Subject: [PATCH] Add more rrtypes to dns-record --- objects/dns-record/definition.json | 89 ++++++++++++++++++++++++++++-- 1 file changed, 83 insertions(+), 6 deletions(-) diff --git a/objects/dns-record/definition.json b/objects/dns-record/definition.json index 12ef92a..0f94875 100644 --- a/objects/dns-record/definition.json +++ b/objects/dns-record/definition.json @@ -5,17 +5,37 @@ "Network activity", "External analysis" ], - "description": "IP Address sassociated with A Records", + "description": "IPv4 address associated with A record", "misp-attribute": "ip-dst", "multiple": true, "ui-priority": 1 }, + "aaaa-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "IPv6 address associated with AAAA record", + "misp-attribute": "ip-dst", + "multiple": true, + "ui-priority": 1 + }, + "cname-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with CNAME record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, "mx-record": { "categories": [ "Network activity", "External analysis" ], - "description": "Domain associated with MX Record", + "description": "Domain associated with MX record", "misp-attribute": "domain", "multiple": true, "ui-priority": 1 @@ -25,7 +45,17 @@ "Network activity", "External analysis" ], - "description": "Domain associated with NS Records", + "description": "Domain associated with NS record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, + "ptr-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with PTR record", "misp-attribute": "domain", "multiple": true, "ui-priority": 1 @@ -39,14 +69,54 @@ "misp-attribute": "domain", "ui-priority": 1 }, + "soa-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with SOA record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, + "spf-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "IP addresses associated with SPF record", + "misp-attribute": "ip-dst", + "multiple": true, + "ui-priority": 1 + }, + "srv-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Domain associated with SRV record", + "misp-attribute": "domain", + "multiple": true, + "ui-priority": 1 + }, "text": { "description": "A description of the records", "misp-attribute": "text", "recommended": false, "ui-priority": 1 + }, + "txt-record": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Content associated with TXT record", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 } }, - "description": "A set of dns records observed for a specific domain.", + "description": "A set of DNS records observed for a specific domain.", "meta-category": "network", "name": "dns-record", "required": [ @@ -54,9 +124,16 @@ ], "requiredOneOf": [ "a-record", + "aaaa-record", + "cname-record", "mx-record", - "ns-record" + "ns-record", + "ptr-record", + "soa-record", + "spf-record", + "srv-record", + "txt-record" ], "uuid": "f023c8f0-81ab-41f3-9f5d-fa597a34a9b9", - "version": 1 + "version": 2 } \ No newline at end of file