From f3afabc91ba8a27a65bb391fe15647d7fee71e90 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 16 Feb 2016 07:25:54 +0100 Subject: [PATCH] ip-port added. An IP address and a port seen as a tuple (or as a triple) in a specific time frame. --- objects/ip-port/definition.json | 39 +++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 objects/ip-port/definition.json diff --git a/objects/ip-port/definition.json b/objects/ip-port/definition.json new file mode 100644 index 0000000..f652c34 --- /dev/null +++ b/objects/ip-port/definition.json @@ -0,0 +1,39 @@ +{ + "name": "ip|port", + "meta-category": "network", + "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.", + "version": 1, + "attributes" : + { + "ip": { + "misp-attribute": "ip-dst", + "misp-usage-frequency": 1, + "categories": ["Network activity","External analysis"] + }, + "dst-port": { + "misp-attribute": "text", + "misp-usage-frequency": 1, + "categories": ["Network activity","External analysis"] + }, + "src-port": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "categories": ["Network activity","External analysis"] + }, + "first-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "last-seen": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + + }, + "required": ["ip"], + "requiredOneOf": ["dst-port", "src-port"] +}