From 7c30ab39772f30cbf679b5ad588f53311f20bf1d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 13 Feb 2016 18:19:27 +0100 Subject: [PATCH] Passive DNS object added --- objects/passive-dns/definition.json | 56 +++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 objects/passive-dns/definition.json diff --git a/objects/passive-dns/definition.json b/objects/passive-dns/definition.json new file mode 100644 index 0000000..93a192c --- /dev/null +++ b/objects/passive-dns/definition.json @@ -0,0 +1,56 @@ +{ + "name": "passive-dns", + "meta-category": "network", + "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01", + "version": 1, + "attributes" : + { + "rrtype": { + "misp-attribute": "text", + "misp-usage-frequency": 1, + "categories": ["Network activity","External analysis"] + }, + "rrname": { + "misp-attribute": "hostname", + "misp-usage-frequency": 1, + "categories": ["Network activity","External analysis"] + }, + "time_first": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "time_last": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "origin": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "count": { + "misp-attribute": "counter", + "misp-usage-frequency": 0 + }, + "sensor_id": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "bailiwick": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "zone_time_first": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "zone_time_last": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + }, + "required": ["rrtype","rrname"] +}