Disabling some field correlations

Disabling some field correlations to avoid excessive number of events
pull/316/head
phmazzoni 2021-05-27 17:24:58 -03:00 committed by GitHub
parent 212e410258
commit df58f2b29f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions

View File

@ -2,16 +2,19 @@
"attributes": { "attributes": {
"app": { "app": {
"description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).", "description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"direction": { "direction": {
"description": "The Direction of the Event.", "description": "The Direction of the Event.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"dport": { "dport": {
"description": "The port to which the connection headed.", "description": "The port to which the connection headed.",
"disable_correlation": true,
"misp-attribute": "counter", "misp-attribute": "counter",
"ui-priority": 1 "ui-priority": 1
}, },
@ -22,16 +25,19 @@
}, },
"dstloc": { "dstloc": {
"description": "The Destination Location of the event.", "description": "The Destination Location of the event.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"proto": { "proto": {
"description": "The transport protocol (e.g. tcp, udp, icmp).", "description": "The transport protocol (e.g. tcp, udp, icmp).",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"sport": { "sport": {
"description": "The port from which the connection originated.", "description": "The port from which the connection originated.",
"disable_correlation": true,
"misp-attribute": "counter", "misp-attribute": "counter",
"ui-priority": 1 "ui-priority": 1
}, },
@ -42,31 +48,37 @@
}, },
"srcloc": { "srcloc": {
"description": "The Source Location of the event.", "description": "The Source Location of the event.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"subtype": { "subtype": {
"description": "The subtype of the Log Event.", "description": "The subtype of the Log Event.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"thr_category": { "thr_category": {
"description": "The Threat Category.", "description": "The Threat Category.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"threatid": { "threatid": {
"description": "The Threat ID.", "description": "The Threat ID.",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"time_generated": { "time_generated": {
"description": "The datetime of the event.", "description": "The datetime of the event.",
"disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 1 "ui-priority": 1
}, },
"type": { "type": {
"description": "The type of the Log Event", "description": "The type of the Log Event",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
} }
@ -76,4 +88,4 @@
"name": "paloalto-threat-event", "name": "paloalto-threat-event",
"uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74", "uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
"version": 5 "version": 5
} }