MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [crowdsec-ip-context] new initial object for crowdsec expansion

pull/391/head
Alexandre Dulaunoy 2023-05-11 16:52:24 +02:00
parent 45bb7539a0
commit 3d736c427c
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 153 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
objects/crowdsec-ip-context/definition.json Normal file
View File

@ -0,0 +1,153 @@
{
"attributes": {
"as-num": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Autonomous system number",
"disable_correlation": true,
"misp-attribute": "AS",
"multiple": true,
"ui-priority": 0
},
"as-name": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Autonomous system name",
"disable_correlation": true,
"misp-attribute": "AS",
"multiple": true,
"ui-priority": 0
},
"country-code": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Country Code",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"reverse-dns": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Reverse DNS name",
"misp-attribute": "hostname",
"ui-priority": 1
},
"dst-port": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Destination port",
"disable_correlation": true,
"misp-attribute": "port",
"multiple": true,
"ui-priority": 1
},
"ip": {
"categories": [
"Network activity",
"External analysis"
],
"description": "IP Address",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"ip-range": {
"categories": [
"Network activity",
"External analysis"
],
"description": "destination IP address",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"ip-range-score": {
"categories": [
"Network activity",
"External analysis"
],
"description": "destination IP address",
"misp-attribute": "float",
"ui-priority": 1,
"disable_correlation": true
},
"country": {
"description": "Country of origin",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true
},
"city": {
"description": "City of origin",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true
},
"latitude": {
"description": "Latitude of origin",
"misp-attribute": "float",
"ui-priority": 1,
"disable_correlation": true
},
"longitude": {
"description": "Longitude of origin",
"misp-attribute": "float",
"ui-priority": 1,
"disable_correlation": true
},
"behaviors": {
"description": "Attack categories",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true,
"multiple": true
},
"attack-details": {
"description": "Triggered scenarios",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true
},
"target-countries": {
"description": "Target countries (top 10)",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true
},
"trust": {
"description": "Trust level",
"misp-attribute": "float",
"ui-priority": 1,
"disable_correlation": true
},
"background-noise": {
"description": "Background noise",
"misp-attribute": "float",
"ui-priority": 1,
"disable_correlation": true
},
"scores": {
"description": "Scores",
"misp-attribute": "text",
"ui-priority": 1,
"disable_correlation": true
}
},
"description": "CrowdSec Threat Intelligence - IP CTI search",
"meta-category": "network",
"name": "crowdsec-ip-context",
"requiredOneOf": [
"ip"
],
"uuid": "0f0a6def-a351-4d3b-9868-d732f6f4666f",
"version": 1
}