Disabling some field correlations

Disabling some field correlations to avoid excessive number of events
2021-05-27 17:24:58 -03:00 · 2021-05-27 17:24:58 -03:00 · df58f2b29f
parent 212e410258
commit df58f2b29f
1 changed files with 13 additions and 1 deletions
--- a/objects/paloalto-threat-event/definition.json
+++ b/objects/paloalto-threat-event/definition.json
@ -2,16 +2,19 @@
  "attributes": {
    "app": {
      "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "direction": {
      "description": "The Direction of the Event.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "dport": {
      "description": "The port to which the connection headed.",
+      "disable_correlation": true,
      "misp-attribute": "counter",
      "ui-priority": 1
    },
@ -22,16 +25,19 @@
    },
    "dstloc": {
      "description": "The Destination Location of the event.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "proto": {
      "description": "The transport protocol (e.g. tcp, udp, icmp).",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "sport": {
      "description": "The port from which the connection originated.",
+      "disable_correlation": true,
      "misp-attribute": "counter",
      "ui-priority": 1
    },
@ -42,31 +48,37 @@
    },
    "srcloc": {
      "description": "The Source Location of the event.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "subtype": {
      "description": "The subtype of the Log Event.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "thr_category": {
      "description": "The Threat Category.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "threatid": {
      "description": "The Threat ID.",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "time_generated": {
      "description": "The datetime of the event.",
+      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 1
    },
    "type": {
      "description": "The type of the Log Event",
+      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    }
@ -76,4 +88,4 @@
  "name": "paloalto-threat-event",
  "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
  "version": 5
-}
+}