From c7bade5c8b88ce6705704851dedc5185db8be7d9 Mon Sep 17 00:00:00 2001 From: Steph S Date: Thu, 13 Jul 2023 09:25:26 -0400 Subject: [PATCH] Added a is-malicious attribute for abuseipdb and added a google-safe-browsing object for the google-safe-browsing expansion module --- objects/abuseipdb/definition.json | 5 ++++ objects/google-safe-browsing/definition.json | 24 ++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 objects/google-safe-browsing/definition.json diff --git a/objects/abuseipdb/definition.json b/objects/abuseipdb/definition.json index da5030e..d46536e 100644 --- a/objects/abuseipdb/definition.json +++ b/objects/abuseipdb/definition.json @@ -1,5 +1,10 @@ { "attributes": { + "is-malicious": { + "description": "If the IP is malicious based on the abuse-confidence-score and threshold", + "misp-attribute": "boolean", + "ui-priority": 0 + }, "abuse-confidence-score": { "description": "Rating (0-100) of how confident AbuseIPDB is that an IP address is entirely malicious", "misp-attribute": "counter", diff --git a/objects/google-safe-browsing/definition.json b/objects/google-safe-browsing/definition.json new file mode 100644 index 0000000..2c39a38 --- /dev/null +++ b/objects/google-safe-browsing/definition.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "malicious": { + "description": "If the URL comes back as malicious", + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "platforms": { + "description": "The platform identified (windows, linux, etc...)", + "misp-attribute": "text", + "ui-priority": 0 + }, + "threats": { + "description": "The threat type related to that URL (malware, social engineering, etc...)", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Google Safe checks a URL against Google's constantly updated list of unsafe web resources.", + "meta-category": "network", + "name": "google-safe-browsing", + "uuid": "1f8af312-dfbb-4572-b894-dabe7c8798d8", + "version": 1 +} \ No newline at end of file