diff --git a/objects/whois/definition.json b/objects/whois/definition.json new file mode 100644 index 0000000..6c1364f --- /dev/null +++ b/objects/whois/definition.json @@ -0,0 +1,37 @@ +{ + "name": "whois", + "meta-category": "network", + "description": "Whois records information for a domain name.", + "version": 1, + "attributes" : + { + "domain": { + "misp-attribute": "domain", + "misp-usage-frequency": 1, + "categories": ["Network activity","External analysis"] + }, + "creation-date": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0 + }, + "registrant-email": { + "misp-attribute": "whois-registrant-email", + "misp-usage-frequency": 1 + }, + "registrant-phone": { + "misp-attribute": "whois-registrant-phone", + "misp-usage-frequency": 0 + }, + "registrant-name": { + "misp-attribute": "whois-registrant-name", + "misp-usage-frequency": 0 + }, + "registar": { + "misp-attribute": "whois-registar", + "misp-usage-frequency": 0 + } + + }, + "required": ["domain"], + "requiredOneOf": ["registrant-email", "registrant-phone", "creation-date", "registrant-name", "registar"] +}