Use more explicit misp-attribute types

Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha*
pull/238/head
frpet 2020-03-05 18:55:29 +01:00
parent 3d57ee4fd2
commit 2c6c44ccf8
1 changed files with 7 additions and 7 deletions

View File

@ -52,7 +52,7 @@
}, },
"destination.fqdn": { "destination.fqdn": {
"description": "A DNS name related to the host from which the connection originated. DNS allows even binary data in DNS, so we have to allow everything. A final point is stripped, string is converted to lower case characters.", "description": "A DNS name related to the host from which the connection originated. DNS allows even binary data in DNS, so we have to allow everything. A final point is stripped, string is converted to lower case characters.",
"misp-attribute": "text", "misp-attribute": "domain",
"ui-priority": 1 "ui-priority": 1
}, },
"destination.geolocation.cc": { "destination.geolocation.cc": {
@ -97,7 +97,7 @@
}, },
"destination.local_hostname": { "destination.local_hostname": {
"description": "Some sources report a internal hostname within a NAT related to the name configured for a compromized system", "description": "Some sources report a internal hostname within a NAT related to the name configured for a compromized system",
"misp-attribute": "text", "misp-attribute": "hostname",
"ui-priority": 1 "ui-priority": 1
}, },
"destination.local_ip": { "destination.local_ip": {
@ -197,17 +197,17 @@
}, },
"malware.hash.md5": { "malware.hash.md5": {
"description": "A string depicting an MD5 checksum for a file, be it a malware sample for example.", "description": "A string depicting an MD5 checksum for a file, be it a malware sample for example.",
"misp-attribute": "text", "misp-attribute": "md5",
"ui-priority": 1 "ui-priority": 1
}, },
"malware.hash.sha1": { "malware.hash.sha1": {
"description": "A string depicting a SHA1 checksum for a file, be it a malware sample for example.", "description": "A string depicting a SHA1 checksum for a file, be it a malware sample for example.",
"misp-attribute": "text", "misp-attribute": "sha1",
"ui-priority": 1 "ui-priority": 1
}, },
"malware.hash.sha256": { "malware.hash.sha256": {
"description": "A string depicting a SHA256 checksum for a file, be it a malware sample for example.", "description": "A string depicting a SHA256 checksum for a file, be it a malware sample for example.",
"misp-attribute": "text", "misp-attribute": "sha256",
"ui-priority": 1 "ui-priority": 1
}, },
"malware.name": { "malware.name": {
@ -292,7 +292,7 @@
}, },
"source.fqdn": { "source.fqdn": {
"description": "A DNS name related to the host from which the connection originated. DNS allows even binary data in DNS, so we have to allow everything. A final point is stripped, string is converted to lower case characters.", "description": "A DNS name related to the host from which the connection originated. DNS allows even binary data in DNS, so we have to allow everything. A final point is stripped, string is converted to lower case characters.",
"misp-attribute": "text", "misp-attribute": "domain",
"ui-priority": 1 "ui-priority": 1
}, },
"source.geolocation.cc": { "source.geolocation.cc": {
@ -347,7 +347,7 @@
}, },
"source.local_hostname": { "source.local_hostname": {
"description": "Some sources report a internal hostname within a NAT related to the name configured for a compromised system", "description": "Some sources report a internal hostname within a NAT related to the name configured for a compromised system",
"misp-attribute": "text", "misp-attribute": "hostname",
"ui-priority": 1 "ui-priority": 1
}, },
"source.local_ip": { "source.local_ip": {