From 1ec1761307f52dba4fc01f190823e1fa6f9ba9be Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 5 Mar 2017 13:01:02 +0100 Subject: [PATCH] First proposal of a DDoS object in MISP --- objects/ddos/definition.json | 68 ++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 objects/ddos/definition.json diff --git a/objects/ddos/definition.json b/objects/ddos/definition.json new file mode 100644 index 0000000..55c7f7e --- /dev/null +++ b/objects/ddos/definition.json @@ -0,0 +1,68 @@ +{ + "name": "ddos", + "meta-category": "network", + "description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy", + "version": 1, + "attributes": { + "ip-src": { + "misp-attribute": "ip-src", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "ip-dst": { + "misp-attribute": "ip-dst", + "misp-usage-frequency": 1, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "src-port": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "dst-port": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "categories": [ + "Network activity", + "External analysis" + ] + }, + "protocol": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "first-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "last-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "total-pps": { + "misp-attribute": "counter", + "misp-usage-frequency": 0 + }, + "total-bps": { + "misp-attribute": "counter", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + }, + "requiredOneOf": [ + "ip-dst", + "ip-src" + ] +}