Merge pull request #308 from phmazzoni/main

Create Palo Alto Threat Log Object Template.
pull/309/head
Raphaël Vinot 2021-03-05 15:50:33 +01:00 committed by GitHub
commit f724130616
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 79 additions and 0 deletions

View File

@ -0,0 +1,79 @@
{
"attributes": {
"type": {
"description": "The type of the Log Event",
"misp-attribute": "text",
"ui-priority": 1
},
"subtype": {
"description": "The subtype of the Log Event.",
"misp-attribute": "text",
"ui-priority": 1
},
"thr_category": {
"description": "The Threat Category.",
"misp-attribute": "text",
"ui-priority": 1
},
"direction": {
"description": "The Direction of the Event.",
"misp-attribute": "text",
"ui-priority": 1
},
"threatid": {
"description": "The Threat ID.",
"misp-attribute": "text",
"ui-priority": 1
},
"time_generated": {
"description": "The datetime of the event.",
"misp-attribute": "datetime",
"ui-priority": 1
},
"srcloc": {
"description": "The Source Location of the event.",
"misp-attribute": "text",
"ui-priority": 1
},
"dstloc": {
"description": "The Destination Location of the event.",
"misp-attribute": "text",
"ui-priority": 1
},
"dst": {
"description": "The Destination IP which is the target of the observed connections.",
"misp-attribute": "ip-dst",
"ui-priority": 1
},
"dport": {
"description": "The port to which the connection headed.",
"misp-attribute": "counter",
"ui-priority": 1
},
"app": {
"description": "The application identified (e.g. vnc, ssh, sip, irc, http or smtp).",
"misp-attribute": "text",
"ui-priority": 1
},
"proto": {
"description": "The transport protocol (e.g. tcp, udp, icmp).",
"misp-attribute": "text",
"ui-priority": 1
},
"src": {
"description": "The ip observed to initiate the connection",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"sport": {
"description": "The port from which the connection originated.",
"misp-attribute": "counter",
"ui-priority": 1
}
},
"description": "Palo Alto Threat Log Event",
"meta-category": "network",
"name": "paloalto-threat-event",
"uuid": "e6fa7a87-1173-43d6-86c2-b4d02af5fc74",
"version": 4
}