MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-objects/objects/network-profile/definition.json

219 lines
6.0 KiB
JSON
Raw Blame History

{
"attributes": {
"asn": {
"description": "ASN where the content is hosted",
"misp-attribute": "AS",
"ui-priority": 0
},
"certificate-common-name": {
"description": "Certificate common name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-country": {
"description": "Certificate country name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-creation-date": {
"description": "Certificate date it was created",
"misp-attribute": "datetime",
"ui-priority": 0
},
"certificate-expiry-date": {
"description": "Certificate date it will expire",
"misp-attribute": "datetime",
"ui-priority": 0
},
"certificate-issuer": {
"description": "Certificate Issuer",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization": {
"description": "Certificate organization",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-locality": {
"description": "Certificate locality",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-state": {
"description": "Certificate state or provincy name",
"misp-attribute": "text",
"ui-priority": 0
},
"certificate-organization-unit": {
"description": "Certificate organization unit",
"misp-attribute": "text",
"ui-priority": 0
},
"dns-server": {
"description": "DNS server",
"misp-attribute": "hostname",
"multiple": true,
"to_ids": false,
"ui-priority": 0
},
"domain": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Domain of the whois entry",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 0
},
"evidences": {
"categories": [
"External analysis"
],
"description": "Screenshot of the network resources.",
"disable_correlation": true,
"misp-attribute": "attachment",
"multiple": true,
"ui-priority": 1
},
"google-analytics-id": {
"description": "Google analytics IDS",
"misp-attribute": "text",
"ui-priority": 0
},
"hosting-provider": {
"description": "The hosting provider/ISP where the resources are.",
"misp-attribute": "text",
"ui-priority": 0
},
"ip-address": {
"description": "IP address of the whois entry",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 0
},
"jarm": {
"description": "JARM Footprint string",
"misp-attribute": "jarm-fingerprint",
"ui-priority": 0
},
"port": {
"description": "Port number",
"disable_correlation": true,
"misp-attribute": "port",
"ui-priority": 0
},
"query_string": {
"description": "Query (after path, preceded by '?')",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"resource_path": {
"description": "Path (between hostname:port and query)",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"service-abuse": {
"description": "Service abused by threat actors as part of their infrastructure.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0,
"values_list": [
"OneDrive",
"Google Drive",
"Dropbox",
"Microsoft",
"Google",
"DuckDNS",
"Cloudflare",
"AWS"
]
},
"subdomain": {
"description": "Subdomain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"text": {
"description": "Full whois entry",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"threat-actor-infrastructure-pattern": {
"description": "Patterns found on threat actor infrastructure that can correlate with other analysis.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"threat-actor-infrastructure-value": {
"description": "Unique valeu found on threat actor infrastructure identified through an investigation.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
},
"tld": {
"description": "Top-Level Domain",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"url": {
"description": "Full URL",
"misp-attribute": "url",
"ui-priority": 1
},
"whois-creation-date": {
"description": "Initial creation of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"whois-expiration-date": {
"description": "Expiration of the whois entry",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
},
"whois-registrant-email": {
"description": "Registrant email address",
"misp-attribute": "whois-registrant-email",
"ui-priority": 1
},
"whois-registrant-name": {
"description": "Registrant name",
"misp-attribute": "whois-registrant-name",
"ui-priority": 0
},
"whois-registrant-org": {
"description": "Registrant organisation",
"misp-attribute": "whois-registrant-org",
"ui-priority": 1
},
"whois-registrant-phone": {
"description": "Registrant phone number",
"misp-attribute": "whois-registrant-phone",
"ui-priority": 0
},
"whois-registrar": {
"description": "Registrar of the whois entry",
"misp-attribute": "whois-registrar",
"ui-priority": 0
}
},
"description": "Elements that can be used to profile, pivot or identify a network infrastructure, including domains, ip and urls.",
"meta-category": "network",
"name": "network-profile",
"requiredOneOf": [
"domain",
"ip-address",
"url"
],
"uuid": "f0f9e287-8067-49a4-b0f8-7a0fed8d4e43",
"version": 5
}
Reference in New Issue View Git Blame Copy Permalink