{ "attributes": { "byte-count": { "description": "Bytes counted in this flow", "disable_correlation": true, "misp-attribute": "counter", "ui-priority": 0 }, "community-id": { "description": "Community id of the represented flow", "misp-attribute": "community-id", "ui-priority": 0 }, "direction": { "description": "Direction of this flow", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "Ingress", "Egress" ], "ui-priority": 0 }, "dst-as": { "categories": [ "Network activity", "External analysis" ], "description": "Destination AS number for this flow", "misp-attribute": "AS", "ui-priority": 0 }, "dst-port": { "categories": [ "Network activity", "External analysis" ], "description": "Destination port of the netflow", "misp-attribute": "port", "ui-priority": 1 }, "first-packet-seen": { "description": "First packet seen in this flow", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 1 }, "flow-count": { "description": "Flows counted in this flow", "disable_correlation": true, "misp-attribute": "counter", "ui-priority": 0 }, "icmp-type": { "categories": [ "Network activity", "External analysis" ], "description": "ICMP type of the flow (if the traffic is ICMP)", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 }, "ip-dst": { "categories": [ "Network activity", "External analysis" ], "description": "IP address destination of the netflow", "misp-attribute": "ip-dst", "ui-priority": 1 }, "ip-protocol-number": { "description": "IP protocol number of this flow", "disable_correlation": true, "misp-attribute": "size-in-bytes", "ui-priority": 0 }, "ip-src": { "categories": [ "Network activity", "External analysis" ], "description": "IP address source of the netflow", "misp-attribute": "ip-src", "ui-priority": 1 }, "ip_version": { "description": "IP version of this flow", "disable_correlation": true, "misp-attribute": "counter", "ui-priority": 0 }, "last-packet-seen": { "description": "Last packet seen in this flow", "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, "packet-count": { "description": "Packets counted in this flow", "disable_correlation": true, "misp-attribute": "counter", "ui-priority": 0 }, "protocol": { "description": "Protocol used for this flow", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0, "values_list": [ "TCP", "UDP", "ICMP", "IP" ] }, "src-as": { "categories": [ "Network activity", "External analysis" ], "description": "Source AS number for this flow", "misp-attribute": "AS", "ui-priority": 0 }, "src-port": { "categories": [ "Network activity", "External analysis" ], "description": "Source port of the netflow", "misp-attribute": "port", "ui-priority": 1 }, "tcp-flags": { "categories": [ "Network activity", "External analysis" ], "description": "TCP flags of the flow", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 } }, "description": "Netflow object describes an network object based on the Netflowv5/v9 minimal definition", "meta-category": "network", "name": "netflow", "requiredOneOf": [ "first-packet-seen", "ip-src", "ip-dst", "dst-port", "community-id" ], "uuid": "bf148c58-3e7e-414e-8de8-5d96379ca77e", "version": 2 }