From d4cad4db4621cff7d7f0d5d77194860940eca130 Mon Sep 17 00:00:00 2001 From: mhpcchaves <56161402+mhpcchaves@users.noreply.github.com> Date: Thu, 10 Mar 2022 09:34:52 -0300 Subject: [PATCH 1/2] Include protocol, AS, and country code Include protocol, AS and country code to add more context to the tuple. --- objects/ip-port/definition.json | 36 +++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/objects/ip-port/definition.json b/objects/ip-port/definition.json index 67c8ce7..7e5d2a1 100644 --- a/objects/ip-port/definition.json +++ b/objects/ip-port/definition.json @@ -79,10 +79,42 @@ "External analysis" ], "description": "Source port", + "disable_correlation": true, "misp-attribute": "port", "multiple": true, "ui-priority": 0 }, + "protocol": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Protocol", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "AS": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Autonomous system", + "disable_correlation": true, + "misp-attribute": "AS", + "multiple": true, + "ui-priority": 0 + }, + "country-code": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Country Code", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "text": { "description": "Description of the tuple", "disable_correlation": true, @@ -103,5 +135,5 @@ "ip-dst" ], "uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", - "version": 8 -} \ No newline at end of file + "version": 9 +} From a3bec8e748c652fa89ab8d43dd8ab1dc97b56ba9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Mar 2022 10:21:09 +0100 Subject: [PATCH 2/2] fix: [ip-port] jq all the things --- objects/ip-port/definition.json | 64 ++++++++++++++++----------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/objects/ip-port/definition.json b/objects/ip-port/definition.json index 7e5d2a1..c200f0c 100644 --- a/objects/ip-port/definition.json +++ b/objects/ip-port/definition.json @@ -1,5 +1,26 @@ { "attributes": { + "AS": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Autonomous system", + "disable_correlation": true, + "misp-attribute": "AS", + "multiple": true, + "ui-priority": 0 + }, + "country-code": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Country Code", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "domain": { "categories": [ "Network activity", @@ -73,6 +94,16 @@ "misp-attribute": "datetime", "ui-priority": 0 }, + "protocol": { + "categories": [ + "Network activity", + "External analysis" + ], + "description": "Protocol", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "src-port": { "categories": [ "Network activity", @@ -84,37 +115,6 @@ "multiple": true, "ui-priority": 0 }, - "protocol": { - "categories": [ - "Network activity", - "External analysis" - ], - "description": "Protocol", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "AS": { - "categories": [ - "Network activity", - "External analysis" - ], - "description": "Autonomous system", - "disable_correlation": true, - "misp-attribute": "AS", - "multiple": true, - "ui-priority": 0 - }, - "country-code": { - "categories": [ - "Network activity", - "External analysis" - ], - "description": "Country Code", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, "text": { "description": "Description of the tuple", "disable_correlation": true, @@ -136,4 +136,4 @@ ], "uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6", "version": 9 -} +} \ No newline at end of file