From 8b5b5df77c8105152799dc6faf4d36fce6fbc158 Mon Sep 17 00:00:00 2001 From: Stefan Kelm Date: Thu, 13 Sep 2018 14:05:45 +0200 Subject: [PATCH] bgp-hijack --- objects/bgp-hijack/definition.json | 53 ++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 objects/bgp-hijack/definition.json diff --git a/objects/bgp-hijack/definition.json b/objects/bgp-hijack/definition.json new file mode 100644 index 0000000..952ade7 --- /dev/null +++ b/objects/bgp-hijack/definition.json @@ -0,0 +1,53 @@ +{ + "required": [ + "expected-asn", + "detected-asn", + "start", + "subnet-announced" + ], + "attributes": { + "expected-asn": { + "description": "Expected Autonomous System Number", + "ui-priority": 1, + "misp-attribute": "AS" + }, + "detected-asn": { + "description": "Detected Autonomous System Number", + "ui-priority": 1, + "misp-attribute": "AS" + }, + "description": { + "description": "BGP Hijack details", + "ui-priority": 1, + "misp-attribute": "text" + }, + "country": { + "description": "Country code of the main location of the attacking autonomous system", + "ui-priority": 1, + "misp-attribute": "text" + }, + "subnet-announced": { + "description": "Subnet announced", + "ui-priority": 0, + "misp-attribute": "ip-src", + "multiple": true + }, + "start": { + "description": "First time the Prefix hijack was seen", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + }, + "end": { + "description": "Last time the Prefix hijack was seen", + "disable_correlation": true, + "ui-priority": 0, + "misp-attribute": "datetime" + } + }, + "version": 1, + "description": "Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com", + "meta-category": "network", + "uuid": "42355673-1fab-4908-8045-00bebd91c389", + "name": "bgp-hijack" +}