From 30976be5919605045861a65d5631aa238c3271bb Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 5 Jul 2017 07:33:35 +0200
Subject: [PATCH] Tor node object template which are part of the Tor network at
 a time.

---
 README.md                        |  1 +
 objects/tor-node/definition.json | 41 ++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 objects/tor-node/definition.json

diff --git a/README.md b/README.md
index ffec79e..bdc74c2 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,7 @@ for a specific attribute.
 * [objects/pe-section](objects/pe-section/definition.json)  - Portable Executable (PE) object - section description.
 * [objects/registry-key](objects/registry-key/definition.json) - A registry-key object.
 * [objects/r2graphity](objects/r2graphity/definition.json) - Indicators extracted from binary files using radare2 and graphml.
+* [objects/tor-node](objects/tor-node/definition.json) - Tor node description which are part of the Tor network at a time. 
 * [objects/vulnerability](objects/vulnerability/definition.json) - Vulnerability object to describe software or hardware vulnerability as described in a CVE.
 * [objects/url](objects/url/definition.json) - url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata.
 * [objects/whois](objects/whois/definition.json) - Whois records information for a domain name.
diff --git a/objects/tor-node/definition.json b/objects/tor-node/definition.json
new file mode 100644
index 0000000..2e7d108
--- /dev/null
+++ b/objects/tor-node/definition.json
@@ -0,0 +1,41 @@
+{
+  "requiredOneOf": [
+    "address",
+    "first-seen",
+    "last-seen",
+    "text"
+  ],
+  "required": [
+    "address"
+  ],
+  "attributes": {
+    "text": {
+      "description": "Tor node description.",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "misp-attribute": "text"
+    },
+    "address": {
+      "description": "IP address of the Tor node seen.",
+      "ui-priority": 1,
+      "misp-attribute": "ip-src"
+    },
+    "last-seen": {
+      "description": "When the Tor node designed by the IP address has been seen for the last time.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "first-seen": {
+      "description": "When the Tor node designed by the IP address has been seen for the first time.",
+      "disable_correlation": true,
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    }
+  },
+  "version": 1,
+  "description": "Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.",
+  "meta-category": "misc",
+  "uuid": "a5fde1c8-318e-4658-a3ea-85ea000bdd33",
+  "name": "tor-node"
+}