From 39c570824a4c6befe4191f5176c67077d612a9d1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 8 Feb 2016 15:09:46 +0100
Subject: [PATCH] A first experimental description of a MISP combined object

---
 objects/domain-ip/definition.json | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 objects/domain-ip/definition.json

diff --git a/objects/domain-ip/definition.json b/objects/domain-ip/definition.json
new file mode 100644
index 0000000..1e54a5b
--- /dev/null
+++ b/objects/domain-ip/definition.json
@@ -0,0 +1,27 @@
+{
+        "name": "domain|ip",
+        "description": "A domain and IP address seen as a tuple in a specific time frame.",
+        "version": 1,
+        "properties" :
+        {
+                "ip": {
+                        "misp-object": "ip-dst",
+                        "misp-usage-frequency": 1
+                },
+                "domain": {
+                        "misp-object": "domain",
+                        "misp-usage-frequency": 1
+                },
+                "first-seen": {
+                        "misp-object": "datetime",
+                        "misp-usage-frequency": 0
+                },
+                "last-seen": {
+                        "misp-object": "datetime",
+                        "misp-usage-frequency": 0
+                }
+
+        },
+        "default-logical-operator": "AND"
+
+}