MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [ja3] categories removed (default attributes categories will be used) 

Fix MISP/MISP/issues/3593
pull/112/head
Alexandre Dulaunoy 2018-08-28 14:30:29 +02:00
parent a2384e9032
commit e90b1ce457
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 3 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
objects/ja3/definition.json
View File

@ -2,43 +2,27 @@
"name": "ja3", "name": "ja3",
"meta-category": "network", "meta-category": "network",
"description": "JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3", "description": "JA3 is a new technique for creating SSL client fingerprints that are easy to produce and can be easily shared for threat intelligence. Fingerprints are composed of Client Hello packet; SSL Version, Accepted Ciphers, List of Extensions, Elliptic Curves, and Elliptic Curve Formats. https://github.com/salesforce/ja3",
"version": 2, "version": 3,
"uuid": "09b45449-5d6e-492c-a68a-cb2e188cbfac", "uuid": "09b45449-5d6e-492c-a68a-cb2e188cbfac",
"attributes": { "attributes": {
"ja3-fingerprint-md5": { "ja3-fingerprint-md5": {
"description": "Hash identifying source", "description": "Hash identifying source",
"misp-attribute": "md5", "misp-attribute": "md5",
"ui-priority": 1, "ui-priority": 1
"categories": [
"Network activity",
"External analysis"
]
}, },
"description": { "description": {
"description": "Type of detected software ie software, malware", "description": "Type of detected software ie software, malware",
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1, "ui-priority": 1
"categories": [
"Network activity",
"External analysis"
]
}, },
"ip-src": { "ip-src": {
"description": "Source IP Address", "description": "Source IP Address",
"misp-attribute": "ip-src", "misp-attribute": "ip-src",
"categories": [
"Network activity",
"External analysis"
],
"ui-priority": 1 "ui-priority": 1
}, },
"ip-dst": { "ip-dst": {
"description": "Destination IP address", "description": "Destination IP address",
"misp-attribute": "ip-dst", "misp-attribute": "ip-dst",
"categories": [
"Network activity",
"External analysis"
],
"ui-priority": 1 "ui-priority": 1
}, },
"first-seen": { "first-seen": {