Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch

pull/403/head
Christian Studer 2023-07-25 14:46:20 +02:00
commit fb801871bf
4 changed files with 117 additions and 1 deletions

View File

@ -0,0 +1,34 @@
{
"attributes": {
"abuse-confidence-score": {
"description": "Rating (0-100) of how confident AbuseIPDB is that an IP address is entirely malicious",
"misp-attribute": "counter",
"ui-priority": 0
},
"is-malicious": {
"description": "If the IP is malicious based on the abuse-confidence-score and threshold",
"misp-attribute": "boolean",
"ui-priority": 0
},
"is-public": {
"description": "If an IP is public",
"misp-attribute": "boolean",
"ui-priority": 0
},
"is-tor": {
"description": "If Tor (The Onion Router) was used",
"misp-attribute": "boolean",
"ui-priority": 0
},
"is-whitelisted": {
"description": "If an IP is spotted in any of AbuseIPDB's whitelists",
"misp-attribute": "boolean",
"ui-priority": 0
}
},
"description": "AbuseIPDB checks an ip address, domain name, or subnet against a central blacklist",
"meta-category": "network",
"name": "abuseipdb",
"uuid": "cccdaaf6-c140-461c-8d1c-aa79bbd029e0",
"version": 1
}

View File

@ -0,0 +1,24 @@
{
"attributes": {
"malicious": {
"description": "If the URL comes back as malicious",
"misp-attribute": "boolean",
"ui-priority": 0
},
"platforms": {
"description": "The platform identified (windows, linux, etc...)",
"misp-attribute": "text",
"ui-priority": 0
},
"threats": {
"description": "The threat type related to that URL (malware, social engineering, etc...)",
"misp-attribute": "text",
"ui-priority": 0
}
},
"description": "Google Safe checks a URL against Google's constantly updated list of unsafe web resources.",
"meta-category": "network",
"name": "google-safe-browsing",
"uuid": "1f8af312-dfbb-4572-b894-dabe7c8798d8",
"version": 1
}

View File

@ -0,0 +1,48 @@
{
"attributes": {
"comment": {
"description": "A description of the HHHash object.",
"misp-attribute": "comment",
"ui-priority": 0
},
"hhhash": {
"description": "HHHash hash in format hhh:version:hash_value",
"misp-attribute": "text",
"ui-priority": 0
},
"hhhash-headers": {
"description": "HHHash value before being hash in the format each header is separated by a :.",
"misp-attribute": "text",
"ui-priority": 0
},
"hhhash-query-headers": {
"description": "Set of headers used for the query in the format where each header is separated by a : .",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"hhhash-tool": {
"description": "HHHash crawling infrastructure or tool used to produce the HHHash value. ",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"python-hhhash",
"c-hhhash",
"go-hhhash",
"r-hhhash",
"lacus",
"Common Crawl",
"other"
],
"ui-priority": 0
}
},
"description": "An object describing a HHHash object with the hash value along with the crawling parameters. For more information: https://www.foo.be/2023/07/HTTP-Headers-Hashing_HHHash",
"meta-category": "misc",
"name": "hhhash",
"requiredOneOf": [
"hhhash"
],
"uuid": "4dbcde93-a4e0-4bee-913c-0988b5259d14",
"version": 1
}

View File

@ -5,12 +5,22 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"domain": {
"description": "Destination domain",
"misp-attribute": "domain",
"ui-priority": 1
},
"first-seen": { "first-seen": {
"description": "First seen of the SSL/TLS handshake", "description": "First seen of the SSL/TLS handshake",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 0 "ui-priority": 0
}, },
"hostname": {
"description": "Destination hostname",
"misp-attribute": "hostname",
"ui-priority": 1
},
"ip-dst": { "ip-dst": {
"description": "Destination IP address", "description": "Destination IP address",
"misp-attribute": "ip-dst", "misp-attribute": "ip-dst",
@ -46,5 +56,5 @@
"ja3s-fingerprint-md5" "ja3s-fingerprint-md5"
], ],
"uuid": "7f377f66-d128-4b97-897f-592d06ba2ff7", "uuid": "7f377f66-d128-4b97-897f-592d06ba2ff7",
"version": 4 "version": 5
} }