misp-objects/objects/pcap-metadata/definition.json

254 lines
5.8 KiB
JSON

{
"requiredOneOf": [
"text",
"first-packet-seen",
"last-packet-seen"
],
"attributes": {
"capture-length": {
"description": "Capture length set on the captured interface.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text"
},
"capture-interface": {
"description": "Interface name where the packet capture was running.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text"
},
"protocol": {
"description": "Capture protocol (linktype name).",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text",
"sane_default": [
"PER_PACKET",
"UNKNOWN",
"ETHERNET",
"TOKEN_RING",
"SLIP",
"PPP",
"FDDI",
"FDDI_BITSWAPPED",
"RAW_IP",
"ARCNET",
"ARCNET_LINUX",
"ATM_RFC1483",
"LINUX_ATM_CLIP",
"LAPB",
"ATM_PDUS",
"ATM_PDUS_UNTRUNCATED",
"NULL",
"ASCEND",
"ISDN",
"IP_OVER_FC",
"PPP_WITH_PHDR",
"IEEE_802_11",
"IEEE_802_11_PRISM",
"IEEE_802_11_WITH_RADIO",
"IEEE_802_11_RADIOTAP",
"IEEE_802_11_AVS",
"SLL",
"FRELAY",
"FRELAY_WITH_PHDR",
"CHDLC",
"CISCO_IOS",
"LOCALTALK",
"OLD_PFLOG",
"HHDLC",
"DOCSIS",
"COSINE",
"WFLEET_HDLC",
"SDLC",
"TZSP",
"ENC",
"PFLOG",
"CHDLC_WITH_PHDR",
"BLUETOOTH_H4",
"MTP2",
"MTP3",
"IRDA",
"USER0",
"USER1",
"USER2",
"USER3",
"USER4",
"USER5",
"USER6",
"USER7",
"USER8",
"USER9",
"USER10",
"USER11",
"USER12",
"USER13",
"USER14",
"USER15",
"SYMANTEC",
"APPLE_IP_OVER_IEEE1394",
"BACNET_MS_TP",
"NETTL_RAW_ICMP",
"NETTL_RAW_ICMPV6",
"GPRS_LLC",
"JUNIPER_ATM1",
"JUNIPER_ATM2",
"REDBACK",
"NETTL_RAW_IP",
"NETTL_ETHERNET",
"NETTL_TOKEN_RING",
"NETTL_FDDI",
"NETTL_UNKNOWN",
"MTP2_WITH_PHDR",
"JUNIPER_PPPOE",
"GCOM_TIE1",
"GCOM_SERIAL",
"NETTL_X25",
"K12",
"JUNIPER_MLPPP",
"JUNIPER_MLFR",
"JUNIPER_ETHER",
"JUNIPER_PPP",
"JUNIPER_FRELAY",
"JUNIPER_CHDLC",
"JUNIPER_GGSN",
"LINUX_LAPD",
"CATAPULT_DCT2000",
"BER",
"JUNIPER_VP",
"USB_FREEBSD",
"IEEE802_16_MAC_CPS",
"NETTL_RAW_TELNET",
"USB_LINUX",
"MPEG",
"PPI",
"ERF",
"BLUETOOTH_H4_WITH_PHDR",
"SITA",
"SCCP",
"BLUETOOTH_HCI",
"IPMB",
"IEEE802_15_4",
"X2E_XORAYA",
"FLEXRAY",
"LIN",
"MOST",
"CAN20B",
"LAYER1_EVENT",
"X2E_SERIAL",
"I2C",
"IEEE802_15_4_NONASK_PHY",
"TNEF",
"USB_LINUX_MMAPPED",
"GSM_UM",
"DPNSS",
"PACKETLOGGER",
"NSTRACE_1_0",
"NSTRACE_2_0",
"FIBRE_CHANNEL_FC2",
"FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS",
"JPEG_JFIF",
"IPNET",
"SOCKETCAN",
"IEEE_802_11_NETMON",
"IEEE802_15_4_NOFCS",
"RAW_IPFIX",
"RAW_IP4",
"RAW_IP6",
"LAPD",
"DVBCI",
"MUX27010",
"MIME",
"NETANALYZER",
"NETANALYZER_TRANSPARENT",
"IP_OVER_IB_SNOOP",
"MPEG_2_TS",
"PPP_ETHER",
"NFC_LLCP",
"NFLOG",
"V5_EF",
"BACNET_MS_TP_WITH_PHDR",
"IXVERIWAVE",
"SDH",
"DBUS",
"AX25_KISS",
"AX25",
"SCTP",
"INFINIBAND",
"JUNIPER_SVCS",
"USBPCAP",
"RTAC_SERIAL",
"BLUETOOTH_LE_LL",
"WIRESHARK_UPPER_PDU",
"STANAG_4607",
"STANAG_5066_D_PDU",
"NETLINK",
"BLUETOOTH_LINUX_MONITOR",
"BLUETOOTH_BREDR_BB",
"BLUETOOTH_LE_LL_WITH_PHDR",
"NSTRACE_3_0",
"LOGCAT",
"LOGCAT_BRIEF",
"LOGCAT_PROCESS",
"LOGCAT_TAG",
"LOGCAT_THREAD",
"LOGCAT_TIME",
"LOGCAT_THREADTIME",
"LOGCAT_LONG",
"PKTAP",
"EPON",
"IPMI_TRACE",
"LOOP",
"JSON",
"NSTRACE_3_5",
"ISO14443",
"GFP_T",
"GFP_F",
"IP_OVER_IB_PCAP",
"JUNIPER_VN",
"USB_DARWIN",
"LORATAP",
"3MB_ETHERNET",
"VSOCK",
"NORDIC_BLE",
"NETMON_NET_NETEVENT",
"NETMON_HEADER",
"NETMON_NET_FILTER",
"NETMON_NETWORK_INFO_EX",
"MA_WFP_CAPTURE_V4",
"MA_WFP_CAPTURE_V6",
"MA_WFP_CAPTURE_2V4",
"MA_WFP_CAPTURE_2V6",
"MA_WFP_CAPTURE_AUTH_V4",
"MA_WFP_CAPTURE_AUTH_V6",
"JUNIPER_ST",
"ETHERNET_MPACKET",
"DOCSIS31_XRA31"
]
},
"text": {
"description": "A description of the packet capture.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text"
},
"first-packet-seen": {
"description": "When the first packet has been seen.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"last-packet-seen": {
"description": "When the last packet has been seen.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
}
},
"version": 2,
"description": "Network packet capture metadata",
"meta-category": "network",
"uuid": "0784aefa-ec3a-4eca-a431-c31ed7058bd3",
"name": "pcap-metadata"
}