From 2220f14ca4f03b248efbe9b122bd6744f243bc56 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 18 Jul 2024 12:08:43 +0200
Subject: [PATCH] new: [ddos-config] generic ddos configuration from ddos
 related binaries

---
 objects/ddos-config/definition.json | 106 ++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 objects/ddos-config/definition.json

diff --git a/objects/ddos-config/definition.json b/objects/ddos-config/definition.json
new file mode 100644
index 0000000..75de184
--- /dev/null
+++ b/objects/ddos-config/definition.json
@@ -0,0 +1,106 @@
+{
+  "attributes": {
+    "body": {
+      "description": "Payload used for the DDos",
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "ddos-tool": {
+      "description": "",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "DDoSia-go",
+        "unknown"
+      ],
+      "ui-priority": 0
+    },
+    "headers": {
+      "description": "Headers used in the DDoS requests",
+      "misp-attribute": "text",
+      "multiple": true
+    },
+    "host": {
+      "description": "Hostname used as target of the DDoS attack",
+      "disable_correlation": true,
+      "misp-attribute": "hostname",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "ip": {
+      "description": "IP address used as target of the DDoS attack",
+      "misp-attribute": "ip-dst",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "method": {
+      "description": "Method of DDoS attack used",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "ack",
+        "GET",
+        "method",
+        "PING",
+        "POST",
+        "syn",
+        "SYN",
+        "syn_ack",
+        "udp_flood"
+      ]
+    },
+    "path": {
+      "description": "URL path used for the DDoS attack (excluded hostname)",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "port": {
+      "description": "Port used for attack (when the type and method requires it)",
+      "disable_correlation": true,
+      "misp-attribute": "port"
+    },
+    "request-id": {
+      "description": "request id",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "target-id": {
+      "description": "target id",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "type": {
+      "description": "Type of network protocol used for the DDoS attack",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "http",
+        "http2",
+        "http3",
+        "nginx_loris",
+        "tcp",
+        "type",
+        "udp"
+      ]
+    },
+    "use-ssl": {
+      "description": "TLS/SSL used for the attack",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "true",
+        "false"
+      ]
+    }
+  },
+  "description": "DDoS-claim object describes a current claim of DDoS activity.",
+  "meta-category": "network",
+  "name": "ddos-config",
+  "requiredOneOf": [
+    "ddos-tool"
+  ],
+  "uuid": "e56d7f93-258e-4ba5-bd8a-463acd6d98c4",
+  "version": 1
+}
\ No newline at end of file