MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [network-profile] add jarm-fingerprint

pull/308/head
Alexandre Dulaunoy 2021-02-24 06:38:49 +01:00
parent 41375621f7
commit d87ce65cb9
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 131 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

242
objects/network-profile/definition.json
View File

@ -1,5 +1,62 @@
{
"attributes": {
"asn": {
"description": "ASN where the content is hosted",
"misp-attribute": "as",
"ui-priority": 0
},
"certificate-common-name": {
"description": "Certificate common name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-country": {
"description": "Certificate country name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-creation-date": {
"description": "Certificate date it was created",
"misp-attribute": "datetime",
"ui-priority": 0
},
"certificate-expiry-date": {
"description": "Certificate date it will expire",
"misp-attribute": "datetime",
"ui-priority": 0
},
"certificate-issuer": {
"description": "Certificate Issuer",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization": {
"description": "Certificate organization",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-locality": {
"description": "Certificate locality",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-state": {
"description": "Certificate state or provincy name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-unit": {
"description": "Certificate organization unit",
"misp-attribute": "text",
"ui-priority": 0
},
"dns-server": {
"description": "DNS server",
"misp-attribute": "hostname",
"multiple": true,
"to_ids": false,
"ui-priority": 0
},
"domain": {
"categories": [
"Network activity",
@ -10,46 +67,35 @@
"multiple": true,
"ui-priority": 0
},
"evidences": {
"categories": [
"External analysis"
],
"description": "Screenshot of the network resources.",
"disable_correlation": true,
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"google-analytics-id": {
"description": "Google analytics IDS",
"misp-attribute": "text",
"ui-priority": 0
},
"hosting-provider": {
"description": "The hosting provider/ISP where the resources are.",
"misp-attribute": "text",
"ui-priority": 0
},
"ip-address": {
"description": "IP address of the whois entry",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 0
},
"dns-server": {
"description": "DNS server",
"misp-attribute": "hostname",
"multiple": true,
"to_ids": false,
"ui-priority": 0
},
"subdomain": {
"description": "Subdomain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"tld": {
"description": "Top-Level Domain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"threat-actor-infrastructure-pattern": {
"description": "Patterns found on threat actor infrastructure that can correlate with other analysis.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"threat-actor-infrastructure-value": {
"description": "Unique valeu found on threat actor infrastructure identified through an investigation.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"hosting-provider": {
"description": "The hosting provider/ISP where the resources are.",
"misp-attribute": "text",
"jarm": {
"description": "JARM Footprint string",
"misp-attribute": "jarm-fingerprint",
"ui-priority": 0
},
"port": {
@ -69,51 +115,6 @@
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"jarm": {
"description": "JARM Footprint string",
"misp-attribute": "text",
"ui-priority": 0
},
"google-analytics-id": {
"description": "Google analytics IDS",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-issuer": {
"description": "Certificate Issuer",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-common-name": {
"description": "Certificate common name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-unit": {
"description": "Certificate organization unit",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization": {
"description": "Certificate organization",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-locality": {
"description": "Certificate locality",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-state": {
"description": "Certificate state or provincy name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-country": {
"description": "Certificate country name",
"misp-attribute": "text",
"ui-priority": 0
},
"service-abuse": {
"description": "Service abused by threat actors as part of their infrastructure.",
@ -131,9 +132,34 @@
"AWS"
]
},
"asn":{
"description": "ASN where the content is hosted",
"misp-attribute": "as",
"subdomain": {
"description": "Subdomain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"text": {
"description": "Full whois entry",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"threat-actor-infrastructure-pattern": {
"description": "Patterns found on threat actor infrastructure that can correlate with other analysis.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"threat-actor-infrastructure-value": {
"description": "Unique valeu found on threat actor infrastructure identified through an investigation.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"tld": {
"description": "Top-Level Domain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"url": {
@ -141,6 +167,18 @@
"misp-attribute": "url",
"ui-priority": 1
},
"whois-creation-date": {
"description": "Initial creation of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"whois-expiration-date": {
"description": "Expiration of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"whois-registrant-email": {
"description": "Registrant email address",
"misp-attribute": "whois-registrant-email",
@ -165,44 +203,6 @@
"description": "Registrar of the whois entry",
"misp-attribute": "whois-registrar",
"ui-priority": 0
},
"whois-creation-date": {
"description": "Initial creation of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"whois-expiration-date": {
"description": "Expiration of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"text": {
"description": "Full whois entry",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"evidences": {
"categories": [
"External analysis"
],
"description": "Screenshot of the network resources.",
"disable_correlation": true,
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"certificate-creation-date": {
"description": "Certificate date it was created",
"misp-attribute": "datetime",
"ui-priority": 0
},
"certificate-expiry-date": {
"description": "Certificate date it will expire",
"misp-attribute": "datetime",
"ui-priority": 0
}
},
"description": "Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls.",
@ -214,5 +214,5 @@
"url"
],
"uuid": "f0f9e287-8067-49a4-b0f8-7a0fed8d4e43",
"version": 4
"version": 5
}