new: [ddos-config] generic ddos configuration from ddos related binaries

pull/434/head
Alexandre Dulaunoy 2024-07-18 12:08:43 +02:00
parent 76c334d84b
commit 2220f14ca4
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 106 additions and 0 deletions

View File

@ -0,0 +1,106 @@
{
"attributes": {
"body": {
"description": "Payload used for the DDos",
"misp-attribute": "text",
"multiple": true
},
"ddos-tool": {
"description": "",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"DDoSia-go",
"unknown"
],
"ui-priority": 0
},
"headers": {
"description": "Headers used in the DDoS requests",
"misp-attribute": "text",
"multiple": true
},
"host": {
"description": "Hostname used as target of the DDoS attack",
"disable_correlation": true,
"misp-attribute": "hostname",
"multiple": true,
"ui-priority": 0
},
"ip": {
"description": "IP address used as target of the DDoS attack",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 0
},
"method": {
"description": "Method of DDoS attack used",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"ack",
"GET",
"method",
"PING",
"POST",
"syn",
"SYN",
"syn_ack",
"udp_flood"
]
},
"path": {
"description": "URL path used for the DDoS attack (excluded hostname)",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"port": {
"description": "Port used for attack (when the type and method requires it)",
"disable_correlation": true,
"misp-attribute": "port"
},
"request-id": {
"description": "request id",
"misp-attribute": "text",
"ui-priority": 0
},
"target-id": {
"description": "target id",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"type": {
"description": "Type of network protocol used for the DDoS attack",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"http",
"http2",
"http3",
"nginx_loris",
"tcp",
"type",
"udp"
]
},
"use-ssl": {
"description": "TLS/SSL used for the attack",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"true",
"false"
]
}
},
"description": "DDoS-claim object describes a current claim of DDoS activity.",
"meta-category": "network",
"name": "ddos-config",
"requiredOneOf": [
"ddos-tool"
],
"uuid": "e56d7f93-258e-4ba5-bd8a-463acd6d98c4",
"version": 1
}