From c1b7b93526f79af040880e1c7008dc90bafa39a6 Mon Sep 17 00:00:00 2001
From: Jean-Louis Huynen <huynenjl@gmail.com>
Date: Fri, 5 Jun 2020 10:40:51 +0200
Subject: [PATCH] add: [d4] authentication failure report object

---
 .../definition.json                           | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 objects/authentication-failure-report/definition.json

diff --git a/objects/authentication-failure-report/definition.json b/objects/authentication-failure-report/definition.json
new file mode 100644
index 0000000..35f621e
--- /dev/null
+++ b/objects/authentication-failure-report/definition.json
@@ -0,0 +1,51 @@
+{
+  "attributes": {
+    "ip-dst": {
+      "description": "Destination IP.",
+      "disable_correlation": false,
+      "misp-attribute": "ip-dst",
+      "ui-priority": 1
+    },
+    "ip-src": {
+      "description": "IP address originating the authentication failure.",
+      "disable_correlation": false,
+      "misp-attribute": "ip-src",
+      "ui-priority": 1
+    },
+    "total": {
+      "description": "the number of authentication failures reported.",
+      "disable_correlation": true,
+      "misp-attribute": "counter",
+      "ui-priority": 1
+    },
+    "type": {
+      "description": "the type of authentication failure.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "ssh"
+      ],
+      "ui-priority": 1
+    },
+    "username": {
+      "description": "the username used.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "Authentication Failure Report",
+  "meta-category": "network",
+  "name": "authentication-failure-report",
+  "required": [
+    "total",
+    "type"
+  ],
+  "requiredOneOf": [
+    "ip-src",
+    "ip-dst",
+    "username"
+  ],
+  "uuid": "9b39afe0-9809-4fe0-8a0b-4cec2b140dd2",
+  "version": 4
+}
\ No newline at end of file