From df8604a8cabbb47ce6829a9214eea6212a4e009c Mon Sep 17 00:00:00 2001 From: AaronK Date: Tue, 27 Apr 2021 15:37:51 +0200 Subject: [PATCH 1/3] Update definition.json Added time_first_ms, time_last_ms. Clarified a few things in the descriptions. --- objects/passive-dns/definition.json | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/objects/passive-dns/definition.json b/objects/passive-dns/definition.json index ba3d000..1398518 100644 --- a/objects/passive-dns/definition.json +++ b/objects/passive-dns/definition.json @@ -13,7 +13,7 @@ "ui-priority": 0 }, "origin": { - "description": "Origin of the Passive DNS response", + "description": "Origin of the Passive DNS response. This field is represented as a Uniform Resource Identifier (URI)", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 @@ -86,6 +86,18 @@ "misp-attribute": "datetime", "ui-priority": 0 }, + "time_first_ms": { + "description": "Same meaning as the field 'time_first', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "time_last_ms": { + "description": "Same meaning as the field 'time_last', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, "zone_time_first": { "description": "First time that the unique tuple (rrname, rrtype, rdata) record has been seen via master file import", "disable_correlation": true, @@ -99,7 +111,7 @@ "ui-priority": 0 } }, - "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01", + "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-07. See https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-07.html", "meta-category": "network", "name": "passive-dns", "required": [ @@ -109,4 +121,4 @@ ], "uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c", "version": 3 -} \ No newline at end of file +} From ab84bd837fc7e37e3438c22242edbb44ddede88d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 27 Apr 2021 18:13:05 +0200 Subject: [PATCH 2/3] fix: [passive-dns] fix the JSON and the version --- objects/passive-dns/definition.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/objects/passive-dns/definition.json b/objects/passive-dns/definition.json index 1398518..b153171 100644 --- a/objects/passive-dns/definition.json +++ b/objects/passive-dns/definition.json @@ -80,14 +80,14 @@ "misp-attribute": "datetime", "ui-priority": 0 }, - "time_last": { - "description": "Last time that the unique tuple (rrname, rrtype, rdata) record has been seen by the passive DNS", + "time_first_ms": { + "description": "Same meaning as the field 'time_first', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, - "time_first_ms": { - "description": "Same meaning as the field 'time_first', with the only difference, that the resolution is in milliseconds since 1st of January 1970 (UTC)", + "time_last": { + "description": "Last time that the unique tuple (rrname, rrtype, rdata) record has been seen by the passive DNS", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 @@ -120,5 +120,5 @@ "rdata" ], "uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c", - "version": 3 + "version": 4 } From 4b88a52cf4ac34b1ee23eaefe95aa9389a130b73 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 27 Apr 2021 18:26:23 +0200 Subject: [PATCH 3/3] chg: [passive-dns] fix --- objects/passive-dns/definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/passive-dns/definition.json b/objects/passive-dns/definition.json index b153171..461d674 100644 --- a/objects/passive-dns/definition.json +++ b/objects/passive-dns/definition.json @@ -121,4 +121,4 @@ ], "uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c", "version": 4 -} +} \ No newline at end of file