MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #114 from StefanKelm/master 

BGP hijack
pull/115/head
Alexandre Dulaunoy 2018-09-13 15:12:36 +02:00 committed by GitHub
parent 243396a34d 00184b6fc0
commit f9d6ba3f08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -71,6 +71,7 @@ for a specific attribute.
* [objects/asn](objects/asn/definition.json) - Autonomous system object describing a BGP autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike.
* [objects/av-signature](objects/av-signature/definition.json) - Antivirus detection signature.
* [objects/bank-account](objects/bank-account/definition.json) - Object describing bank account information based on account description from goAML 4.0.
* [objects/bgp-hijack](objects/bgp-hijack/definition.json) - Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com
* [objects/cap-alert](objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object.
* [objects/cap-info](objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object.
* [objects/cap-resource](objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object.

53
objects/bgp-hijack/definition.json Normal file
View File

@ -0,0 +1,53 @@
{
"required": [
"expected-asn",
"detected-asn",
"start",
"subnet-announced"
],
"attributes": {
"expected-asn": {
"description": "Expected Autonomous System Number",
"ui-priority": 1,
"misp-attribute": "AS"
},
"detected-asn": {
"description": "Detected Autonomous System Number",
"ui-priority": 1,
"misp-attribute": "AS"
},
"description": {
"description": "BGP Hijack details",
"ui-priority": 1,
"misp-attribute": "text"
},
"country": {
"description": "Country code of the main location of the attacking autonomous system",
"ui-priority": 1,
"misp-attribute": "text"
},
"subnet-announced": {
"description": "Subnet announced",
"ui-priority": 0,
"misp-attribute": "ip-src",
"multiple": true
},
"start": {
"description": "First time the Prefix hijack was seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"end": {
"description": "Last time the Prefix hijack was seen",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
}
},
"version": 1,
"description": "Object encapsulating BGP Hijack description as specified, for example, by bgpstream.com",
"meta-category": "network",
"uuid": "42355673-1fab-4908-8045-00bebd91c389",
"name": "bgp-hijack"
}