misp-objects/objects/network-socket/definition.json

248 lines
6.1 KiB
JSON

{
"attributes": {
"address-family": {
"description": "Address family who specifies the address family type (AF_*) of the socket connection.",
"misp-attribute": "text",
"sane_default": [
"AF_UNSPEC",
"AF_LOCAL",
"AF_UNIX",
"AF_FILE",
"AF_INET",
"AF_AX25",
"AF_IPX",
"AF_APPLETALK",
"AF_NETROM",
"AF_BRIDGE",
"AF_ATMPVC",
"AF_X25",
"AF_INET6",
"AF_ROSE",
"AF_DECnet",
"AF_NETBEUI",
"AF_SECURITY",
"AF_KEY",
"AF_NETLINK",
"AF_ROUTE",
"AF_PACKET",
"AF_ASH",
"AF_ECONET",
"AF_ATMSVC",
"AF_RDS",
"AF_SNA",
"AF_IRDA",
"AF_PPPOX",
"AF_WANPIPE",
"AF_LLC",
"AF_IB",
"AF_MPLS",
"AF_CAN",
"AF_TIPC",
"AF_BLUETOOTH",
"AF_IUCV",
"AF_RXRPC",
"AF_ISDN",
"AF_PHONET",
"AF_IEEE802154",
"AF_CAIF",
"AF_ALG",
"AF_NFC",
"AF_VSOCK",
"AF_KCM",
"AF_MAX"
],
"ui-priority": 1
},
"domain-family": {
"description": "Domain family who specifies the communication domain (PF_*) of the socket connection.",
"misp-attribute": "text",
"sane_default": [
"PF_UNSPEC",
"PF_LOCAL",
"PF_UNIX",
"PF_FILE",
"PF_INET",
"PF_AX25",
"PF_IPX",
"PF_APPLETALK",
"PF_NETROM",
"PF_BRIDGE",
"PF_ATMPVC",
"PF_X25",
"PF_INET6",
"PF_ROSE",
"PF_DECnet",
"PF_NETBEUI",
"PF_SECURITY",
"PF_KEY",
"PF_NETLINK",
"PF_ROUTE",
"PF_PACKET",
"PF_ASH",
"PF_ECONET",
"PF_ATMSVC",
"PF_RDS",
"PF_SNA",
"PF_IRDA",
"PF_PPPOX",
"PF_WANPIPE",
"PF_LLC",
"PF_IB",
"PF_MPLS",
"PF_CAN",
"PF_TIPC",
"PF_BLUETOOTH",
"PF_IUCV",
"PF_RXRPC",
"PF_ISDN",
"PF_PHONET",
"PF_IEEE802154",
"PF_CAIF",
"PF_ALG",
"PF_NFC",
"PF_VSOCK",
"PF_KCM",
"PF_MAX"
],
"ui-priority": 1
},
"dst-bytes-count": {
"description": "Number of bytes sent from the source to the destination.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"dst-packets-count": {
"description": "Number of packets sent from the source to the destination.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"dst-port": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Destination port of the network socket connection.",
"misp-attribute": "port",
"ui-priority": 1
},
"filename": {
"description": "Socket using filename",
"misp-attribute": "filename",
"ui-priority": 1
},
"first-packet-seen": {
"description": "Datetime of the first packet seen.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 1
},
"hostname-dst": {
"description": "Destination hostname of the network socket connection.",
"misp-attribute": "hostname",
"ui-priority": 1
},
"hostname-src": {
"description": "Source (local) hostname of the network socket connection.",
"misp-attribute": "hostname",
"ui-priority": 1
},
"ip-dst": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Destination IP address of the network socket connection.",
"misp-attribute": "ip-dst",
"ui-priority": 1
},
"ip-src": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Source (local) IP address of the network socket connection.",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"last-packet-seen": {
"description": "Datetime of the last packet seen.",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 1
},
"option": {
"description": "Option on the socket connection.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"protocol": {
"description": "Protocol used by the network socket.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0,
"values_list": [
"TCP",
"UDP",
"ICMP",
"IP"
]
},
"socket-type": {
"description": "Type of the socket.",
"misp-attribute": "text",
"sane_default": [
"SOCK_STREAM",
"SOCK_DGRAM",
"SOCK_RAW",
"SOCK_RDM",
"SOCK_SEQPACKET"
],
"ui-priority": 1
},
"src-bytes-count": {
"description": "Number of bytes sent from the destination to the source.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"src-packets-count": {
"description": "Number of packets sent from the destination to the source.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"src-port": {
"categories": [
"Network activity",
"External analysis"
],
"description": "Source (local) port of the network socket connection.",
"misp-attribute": "port",
"ui-priority": 1
},
"state": {
"description": "State of the socket connection.",
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"blocking",
"listening"
],
"ui-priority": 1
}
},
"description": "Network socket object describes a local or remote network connections based on the socket data structure.",
"meta-category": "network",
"name": "network-socket",
"requiredOneOf": [
"ip-src",
"ip-dst",
"src-port",
"dst-port"
],
"uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2",
"version": 4
}