commit 39c570824a4c6befe4191f5176c67077d612a9d1 Author: Alexandre Dulaunoy Date: Mon Feb 8 15:09:46 2016 +0100 A first experimental description of a MISP combined object diff --git a/objects/domain-ip/definition.json b/objects/domain-ip/definition.json new file mode 100644 index 0000000..1e54a5b --- /dev/null +++ b/objects/domain-ip/definition.json @@ -0,0 +1,27 @@ +{ + "name": "domain|ip", + "description": "A domain and IP address seen as a tuple in a specific time frame.", + "version": 1, + "properties" : + { + "ip": { + "misp-object": "ip-dst", + "misp-usage-frequency": 1 + }, + "domain": { + "misp-object": "domain", + "misp-usage-frequency": 1 + }, + "first-seen": { + "misp-object": "datetime", + "misp-usage-frequency": 0 + }, + "last-seen": { + "misp-object": "datetime", + "misp-usage-frequency": 0 + } + + }, + "default-logical-operator": "AND" + +}