mirror of https://github.com/MISP/misp-objects
new: [ddos-config] generic ddos configuration from ddos related binaries
parent
76c334d84b
commit
2220f14ca4
|
@ -0,0 +1,106 @@
|
|||
{
|
||||
"attributes": {
|
||||
"body": {
|
||||
"description": "Payload used for the DDos",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"ddos-tool": {
|
||||
"description": "",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"DDoSia-go",
|
||||
"unknown"
|
||||
],
|
||||
"ui-priority": 0
|
||||
},
|
||||
"headers": {
|
||||
"description": "Headers used in the DDoS requests",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true
|
||||
},
|
||||
"host": {
|
||||
"description": "Hostname used as target of the DDoS attack",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "hostname",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"ip": {
|
||||
"description": "IP address used as target of the DDoS attack",
|
||||
"misp-attribute": "ip-dst",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"method": {
|
||||
"description": "Method of DDoS attack used",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"ack",
|
||||
"GET",
|
||||
"method",
|
||||
"PING",
|
||||
"POST",
|
||||
"syn",
|
||||
"SYN",
|
||||
"syn_ack",
|
||||
"udp_flood"
|
||||
]
|
||||
},
|
||||
"path": {
|
||||
"description": "URL path used for the DDoS attack (excluded hostname)",
|
||||
"misp-attribute": "text",
|
||||
"multiple": true,
|
||||
"ui-priority": 0
|
||||
},
|
||||
"port": {
|
||||
"description": "Port used for attack (when the type and method requires it)",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "port"
|
||||
},
|
||||
"request-id": {
|
||||
"description": "request id",
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"target-id": {
|
||||
"description": "target id",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"ui-priority": 0
|
||||
},
|
||||
"type": {
|
||||
"description": "Type of network protocol used for the DDoS attack",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"http",
|
||||
"http2",
|
||||
"http3",
|
||||
"nginx_loris",
|
||||
"tcp",
|
||||
"type",
|
||||
"udp"
|
||||
]
|
||||
},
|
||||
"use-ssl": {
|
||||
"description": "TLS/SSL used for the attack",
|
||||
"disable_correlation": true,
|
||||
"misp-attribute": "text",
|
||||
"sane_default": [
|
||||
"true",
|
||||
"false"
|
||||
]
|
||||
}
|
||||
},
|
||||
"description": "DDoS-claim object describes a current claim of DDoS activity.",
|
||||
"meta-category": "network",
|
||||
"name": "ddos-config",
|
||||
"requiredOneOf": [
|
||||
"ddos-tool"
|
||||
],
|
||||
"uuid": "e56d7f93-258e-4ba5-bd8a-463acd6d98c4",
|
||||
"version": 1
|
||||
}
|
Loading…
Reference in New Issue