mirror of https://github.com/MISP/misp-objects
258 lines
6.4 KiB
JSON
258 lines
6.4 KiB
JSON
{
|
|
"attributes": {
|
|
"address-family": {
|
|
"description": "Address family who specifies the address family type (AF_*) of the socket connection.",
|
|
"misp-attribute": "text",
|
|
"sane_default": [
|
|
"AF_UNSPEC",
|
|
"AF_LOCAL",
|
|
"AF_UNIX",
|
|
"AF_FILE",
|
|
"AF_INET",
|
|
"AF_AX25",
|
|
"AF_IPX",
|
|
"AF_APPLETALK",
|
|
"AF_NETROM",
|
|
"AF_BRIDGE",
|
|
"AF_ATMPVC",
|
|
"AF_X25",
|
|
"AF_INET6",
|
|
"AF_ROSE",
|
|
"AF_DECnet",
|
|
"AF_NETBEUI",
|
|
"AF_SECURITY",
|
|
"AF_KEY",
|
|
"AF_NETLINK",
|
|
"AF_ROUTE",
|
|
"AF_PACKET",
|
|
"AF_ASH",
|
|
"AF_ECONET",
|
|
"AF_ATMSVC",
|
|
"AF_RDS",
|
|
"AF_SNA",
|
|
"AF_IRDA",
|
|
"AF_PPPOX",
|
|
"AF_WANPIPE",
|
|
"AF_LLC",
|
|
"AF_IB",
|
|
"AF_MPLS",
|
|
"AF_CAN",
|
|
"AF_TIPC",
|
|
"AF_BLUETOOTH",
|
|
"AF_IUCV",
|
|
"AF_RXRPC",
|
|
"AF_ISDN",
|
|
"AF_PHONET",
|
|
"AF_IEEE802154",
|
|
"AF_CAIF",
|
|
"AF_ALG",
|
|
"AF_NFC",
|
|
"AF_VSOCK",
|
|
"AF_KCM",
|
|
"AF_MAX"
|
|
],
|
|
"ui-priority": 1
|
|
},
|
|
"domain-family": {
|
|
"description": "Domain family who specifies the communication domain (PF_*) of the socket connection.",
|
|
"misp-attribute": "text",
|
|
"sane_default": [
|
|
"PF_UNSPEC",
|
|
"PF_LOCAL",
|
|
"PF_UNIX",
|
|
"PF_FILE",
|
|
"PF_INET",
|
|
"PF_AX25",
|
|
"PF_IPX",
|
|
"PF_APPLETALK",
|
|
"PF_NETROM",
|
|
"PF_BRIDGE",
|
|
"PF_ATMPVC",
|
|
"PF_X25",
|
|
"PF_INET6",
|
|
"PF_ROSE",
|
|
"PF_DECnet",
|
|
"PF_NETBEUI",
|
|
"PF_SECURITY",
|
|
"PF_KEY",
|
|
"PF_NETLINK",
|
|
"PF_ROUTE",
|
|
"PF_PACKET",
|
|
"PF_ASH",
|
|
"PF_ECONET",
|
|
"PF_ATMSVC",
|
|
"PF_RDS",
|
|
"PF_SNA",
|
|
"PF_IRDA",
|
|
"PF_PPPOX",
|
|
"PF_WANPIPE",
|
|
"PF_LLC",
|
|
"PF_IB",
|
|
"PF_MPLS",
|
|
"PF_CAN",
|
|
"PF_TIPC",
|
|
"PF_BLUETOOTH",
|
|
"PF_IUCV",
|
|
"PF_RXRPC",
|
|
"PF_ISDN",
|
|
"PF_PHONET",
|
|
"PF_IEEE802154",
|
|
"PF_CAIF",
|
|
"PF_ALG",
|
|
"PF_NFC",
|
|
"PF_VSOCK",
|
|
"PF_KCM",
|
|
"PF_MAX"
|
|
],
|
|
"ui-priority": 1
|
|
},
|
|
"dst-bytes-count": {
|
|
"description": "Number of bytes sent from the source to the destination.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "counter",
|
|
"ui-priority": 0
|
|
},
|
|
"dst-packets-count": {
|
|
"description": "Number of packets sent from the source to the destination.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "counter",
|
|
"ui-priority": 0
|
|
},
|
|
"dst-port": {
|
|
"categories": [
|
|
"Network activity",
|
|
"External analysis"
|
|
],
|
|
"description": "Destination port of the network socket connection.",
|
|
"misp-attribute": "port",
|
|
"ui-priority": 1
|
|
},
|
|
"filename": {
|
|
"description": "Socket using filename",
|
|
"misp-attribute": "filename",
|
|
"ui-priority": 1
|
|
},
|
|
"first-packet-seen": {
|
|
"description": "Datetime of the first packet seen.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 1
|
|
},
|
|
"hostname-dst": {
|
|
"description": "Destination hostname of the network socket connection.",
|
|
"misp-attribute": "hostname",
|
|
"ui-priority": 1
|
|
},
|
|
"hostname-src": {
|
|
"description": "Source (local) hostname of the network socket connection.",
|
|
"misp-attribute": "hostname",
|
|
"ui-priority": 1
|
|
},
|
|
"ip-dst": {
|
|
"categories": [
|
|
"Network activity",
|
|
"External analysis"
|
|
],
|
|
"description": "Destination IP address of the network socket connection.",
|
|
"misp-attribute": "ip-dst",
|
|
"ui-priority": 1
|
|
},
|
|
"ip-src": {
|
|
"categories": [
|
|
"Network activity",
|
|
"External analysis"
|
|
],
|
|
"description": "Source (local) IP address of the network socket connection.",
|
|
"misp-attribute": "ip-src",
|
|
"ui-priority": 1
|
|
},
|
|
"last-packet-seen": {
|
|
"description": "Datetime of the last packet seen.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 1
|
|
},
|
|
"mac-dst": {
|
|
"description": "Destination MAC address as it is included in the packets sent",
|
|
"misp-attribute": "mac-address",
|
|
"ui-priority": 1
|
|
},
|
|
"mac-src": {
|
|
"description": "Source (local) MAC address as it is included in the packets sent",
|
|
"misp-attribute": "mac-address",
|
|
"ui-priority": 1
|
|
},
|
|
"option": {
|
|
"description": "Option on the socket connection.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 1
|
|
},
|
|
"protocol": {
|
|
"description": "Protocol used by the network socket.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"ui-priority": 0,
|
|
"values_list": [
|
|
"TCP",
|
|
"UDP",
|
|
"ICMP",
|
|
"IP"
|
|
]
|
|
},
|
|
"socket-type": {
|
|
"description": "Type of the socket.",
|
|
"misp-attribute": "text",
|
|
"sane_default": [
|
|
"SOCK_STREAM",
|
|
"SOCK_DGRAM",
|
|
"SOCK_RAW",
|
|
"SOCK_RDM",
|
|
"SOCK_SEQPACKET"
|
|
],
|
|
"ui-priority": 1
|
|
},
|
|
"src-bytes-count": {
|
|
"description": "Number of bytes sent from the destination to the source.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "counter",
|
|
"ui-priority": 0
|
|
},
|
|
"src-packets-count": {
|
|
"description": "Number of packets sent from the destination to the source.",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "counter",
|
|
"ui-priority": 0
|
|
},
|
|
"src-port": {
|
|
"categories": [
|
|
"Network activity",
|
|
"External analysis"
|
|
],
|
|
"description": "Source (local) port of the network socket connection.",
|
|
"misp-attribute": "port",
|
|
"ui-priority": 1
|
|
},
|
|
"state": {
|
|
"description": "State of the socket connection.",
|
|
"misp-attribute": "text",
|
|
"multiple": true,
|
|
"sane_default": [
|
|
"blocking",
|
|
"listening"
|
|
],
|
|
"ui-priority": 1
|
|
}
|
|
},
|
|
"description": "Network socket object describes a local or remote network connections based on the socket data structure.",
|
|
"meta-category": "network",
|
|
"name": "network-socket",
|
|
"requiredOneOf": [
|
|
"ip-src",
|
|
"ip-dst",
|
|
"src-port",
|
|
"dst-port"
|
|
],
|
|
"uuid": "48bbfd72-ef8e-4649-b14d-41b4b5a0eba2",
|
|
"version": 4
|
|
} |