From de7792373ce037ff110de6d3768db197e1ac9ffb Mon Sep 17 00:00:00 2001
From: Christian Studer <christian.studer@circl.lu>
Date: Thu, 5 May 2022 20:38:53 +0200
Subject: [PATCH 1/2] add: [passive-ssh] Added `banner` & `hassh` attributes

---
 objects/passive-ssh/definition.json | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/objects/passive-ssh/definition.json b/objects/passive-ssh/definition.json
index b4f90fd..e48f159 100644
--- a/objects/passive-ssh/definition.json
+++ b/objects/passive-ssh/definition.json
@@ -1,5 +1,15 @@
 {
   "attributes": {
+    "banner": {
+      "categories": [
+        "Network activity",
+        "External analysis"
+      ],
+      "description": "SSH banner",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "base64": {
       "description": "Base64 representation of the ssh-key",
       "disable_correlation": true,
@@ -20,6 +30,11 @@
       "misp-attribute": "datetime",
       "ui-priority": 0
     },
+    "hassh": {
+      "description": "Hassh fingerprint",
+      "misp-attribute": "hassh-md5",
+      "ui-priority": 1
+    },
     "host": {
       "categories": [
         "Network activity",
@@ -43,8 +58,9 @@
   "requiredOneOf": [
     "host",
     "base64",
-    "fingerprint"
+    "fingerprint",
+    "hassh"
   ],
   "uuid": "ec350cdf-2311-4df5-972a-a4342a2c0065",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file

From f762d5b2a4dc8efeb23596b33c572606fe66c9f3 Mon Sep 17 00:00:00 2001
From: Christian Studer <christian.studer@circl.lu>
Date: Fri, 6 May 2022 17:01:13 +0200
Subject: [PATCH 2/2] add: [passive-ssh] Added `port` attribute

---
 objects/passive-ssh/definition.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/objects/passive-ssh/definition.json b/objects/passive-ssh/definition.json
index e48f159..1d00539 100644
--- a/objects/passive-ssh/definition.json
+++ b/objects/passive-ssh/definition.json
@@ -50,6 +50,11 @@
       "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 0
+    },
+    "port": {
+      "description": "Port of the connection",
+      "misp-attribute": "port",
+      "ui-priority": 1
     }
   },
   "description": "Passive-ssh object as described on passive-ssh services from circl.lu - https://github.com/D4-project/passive-ssh",