From 1966d4d5f0ed81d0b67b87ff5a4012a1b00f83ec Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sat, 27 Apr 2019 10:28:50 +0200
Subject: [PATCH] add: [irc] IRC object to describe an IRC server with
 associated IRC channels

---
 objects/irc/definition.json | 68 +++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 objects/irc/definition.json

diff --git a/objects/irc/definition.json b/objects/irc/definition.json
new file mode 100644
index 0000000..030a656
--- /dev/null
+++ b/objects/irc/definition.json
@@ -0,0 +1,68 @@
+{
+  "requiredOneOf": [
+    "ip",
+    "hostname"
+  ],
+  "attributes": {
+    "text": {
+      "description": "Description of the IRC server",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "last-seen": {
+      "description": "Last time the IRC server with the associated channels has been seen",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "first-seen": {
+      "description": "First time the IRC server with the associated channels has been seen",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "dst-port": {
+      "description": "Destination port to reach the IRC server",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "port",
+      "disable_correlation": true,
+      "multiple": true
+    },
+    "channel": {
+      "description": "IRC channel associated to the IRC server",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "hostname": {
+      "description": "Hostname of the IRC server",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "hostname",
+      "multiple": true
+    },
+    "ip": {
+      "description": "IP address of the IRC server",
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "ui-priority": 1,
+      "misp-attribute": "ip-dst",
+      "multiple": true
+    }
+  },
+  "version": 1,
+  "description": "An IRC object to describe an IRC server and the associated channels.",
+  "meta-category": "network",
+  "uuid": "4bbbc004-c344-4b20-8672-b41102177fc7",
+  "name": "irc"
+}