From 16a3bed25347089a093e56f47641e960b863b534 Mon Sep 17 00:00:00 2001
From: phmazzoni <phmazzoni@gmail.com>
Date: Fri, 5 Mar 2021 14:05:39 -0300
Subject: [PATCH] Create definition.json

---
 objects/paloalto-threat-event/definition.json | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 objects/paloalto-threat-event/definition.json

diff --git a/objects/paloalto-threat-event/definition.json b/objects/paloalto-threat-event/definition.json
new file mode 100644
index 0000000..08607a6
--- /dev/null
+++ b/objects/paloalto-threat-event/definition.json
@@ -0,0 +1,79 @@
+{
+  "attributes": {
+    "type": {
+      "description": "The type of the Log Event",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "subtype": {
+      "description": "The subtype of the Log Event.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "thr_category": {
+      "description": "The Threat Category.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "direction": {
+      "description": "The Direction of the Event.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "threatid": {
+      "description": "The Threat ID.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "time_generated": {
+      "description": "The datetime of the event.",
+      "misp-attribute": "datetime",
+      "ui-priority": 1
+    },
+    "srcloc": {
+      "description": "The Source Location of the event.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "dstloc": {
+      "description": "The Destination Location of the event.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "dst": {
+      "description": "The Destination IP which is the target of the observed connections.",
+      "misp-attribute": "ip-dst",
+      "ui-priority": 1
+    },
+    "dport": {
+      "description": "The port to which the connection headed.",
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "app": {
+      "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "proto": {
+      "description": "The transport protocol (e.g. tcp, udp, icmp).",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "src": {
+      "description": "The ip observed to initiate the connection",
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "sport": {
+      "description": "The port from which the connection originated.",
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    }
+  },
+  "description": "Palo Alto Threat Log Event",
+  "meta-category": "network",
+  "name": "paloalto-threat-event",
+  "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
+  "version": 4
+}