diff --git a/README.md b/README.md index ffec79e..bdc74c2 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ for a specific attribute. * [objects/pe-section](objects/pe-section/definition.json) - Portable Executable (PE) object - section description. * [objects/registry-key](objects/registry-key/definition.json) - A registry-key object. * [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from binary files using radare2 and graphml. +* [objects/tor-node](objects/tor-node/definition.json) - Tor node description which are part of the Tor network at a time. * [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE. * [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata. * [objects/whois](objects/whois/definition.json) - Whois records information for a domain name. diff --git a/objects/tor-node/definition.json b/objects/tor-node/definition.json new file mode 100644 index 0000000..2e7d108 --- /dev/null +++ b/objects/tor-node/definition.json @@ -0,0 +1,41 @@ +{ + "requiredOneOf": [ + "address", + "first-seen", + "last-seen", + "text" + ], + "required": [ + "address" + ], + "attributes": { + "text": { + "description": "Tor node description.", + "disable_correlation": true, + "ui-priority": 1, + "misp-attribute": "text" + }, + "address": { + "description": "IP address of the Tor node seen.", + "ui-priority": 1, + "misp-attribute": "ip-src" + }, + "last-seen": { + "description": "When the Tor node designed by the IP address has been seen for the last time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "first-seen": { + "description": "When the Tor node designed by the IP address has been seen for the first time.", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 1, + "description": "Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.", + "meta-category": "misc", + "uuid": "a5fde1c8-318e-4658-a3ea-85ea000bdd33", + "name": "tor-node" +}