From 1da88ddb99d6efad7a596be4bcb66ef5721319ff Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 13 Mar 2017 07:45:06 +0100
Subject: [PATCH] url object describes an url along with its normalized field
 (e.g. using faup parsing library) and its metadata.

---
 objects/url/definition.json | 78 +++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 objects/url/definition.json

diff --git a/objects/url/definition.json b/objects/url/definition.json
new file mode 100644
index 0000000..87eae51
--- /dev/null
+++ b/objects/url/definition.json
@@ -0,0 +1,78 @@
+{
+  "name": "url",
+  "meta-category": "network",
+  "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
+  "version": 1,
+  "attributes": {
+    "url": {
+      "misp-attribute": "url",
+      "misp-usage-frequency": 1
+    },
+    "last-seen": {
+      "misp-attribute": "datetime",
+      "misp-usage-frequency": 0
+    },
+    "text": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "credential": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "subdomain": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "domain": {
+      "misp-attribute": "domain",
+      "misp-usage-frequency": 0
+    },
+    "domain_without_tld": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "host": {
+      "misp-attribute": "hostname",
+      "misp-usage-frequency": 0
+    },
+    "tld": {
+      "misp-attribute": "tld",
+      "misp-usage-frequency": 0
+    },
+    "port": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "scheme": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0,
+      "sane_default": [
+        "http",
+        "https",
+        "ftp",
+        "gopher",
+        "sip"
+      ]
+    },
+    "first-seen": {
+      "misp-attribute": "datetime",
+      "misp-usage-frequency": 0
+    },
+    "resource_path": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "query_string": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    },
+    "fragment": {
+      "misp-attribute": "text",
+      "misp-usage-frequency": 0
+    }
+  },
+  "requiredOneOf": [
+    "url"
+  ]
+}