From 1374b0c7f0a468ab4a47575456159fa3ebdafd75 Mon Sep 17 00:00:00 2001
From: Steph S <geekweek2023_Steph>
Date: Mon, 10 Jul 2023 15:22:27 -0400
Subject: [PATCH] Added AbuseIPDB object template for the AbuseIPDB expansion
 module

---
 objects/abuseipdb/definition.json | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 objects/abuseipdb/definition.json

diff --git a/objects/abuseipdb/definition.json b/objects/abuseipdb/definition.json
new file mode 100644
index 0000000..da5030e
--- /dev/null
+++ b/objects/abuseipdb/definition.json
@@ -0,0 +1,29 @@
+{
+  "attributes": {
+    "abuse-confidence-score": {
+      "description": "Rating (0-100) of how confident AbuseIPDB is that an IP address is entirely malicious",
+      "misp-attribute": "counter",
+      "ui-priority": 0
+    },
+    "is-public": {
+      "description": "If an IP is public",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "is-tor": {
+      "description": "If Tor (The Onion Router) was used",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "is-whitelisted": {
+      "description": "If an IP is spotted in any of AbuseIPDB's whitelists",
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    }
+  },
+  "description": "AbuseIPDB checks an ip address, domain name, or subnet against a central blacklist",
+  "meta-category": "network",
+  "name": "abuseipdb",
+  "uuid": "cccdaaf6-c140-461c-8d1c-aa79bbd029e0",
+  "version": 1
+}
\ No newline at end of file