{
  "namespace": "passivetotal",
  "expanded": "PassiveTotal",
  "description": "Tags from RiskIQ's PassiveTotal service",
  "version": 2,
  "predicates": [
    {
      "value": "sinkholed",
      "expanded": "Sinkhole Status"
    },
    {
      "value": "ever-compromised",
      "expanded": "Ever Compromised?"
    },
    {
      "value": "dynamic-dns",
      "expanded": "Dynamic DNS"
    },
    {
      "value": "class",
      "expanded": "Classification"
    }
  ],
  "values": [
    {
      "predicate": "sinkholed",
      "entry": [
        {
          "value": "yes",
          "expanded": "Yes"
        },
        {
          "value": "no",
          "expanded": "No"
        }
      ]
    },
    {
      "predicate": "ever-compromised",
      "entry": [
        {
          "value": "yes",
          "expanded": "Yes"
        },
        {
          "value": "no",
          "expanded": "No"
        }
      ]
    },
    {
      "predicate": "dynamic-dns",
      "entry": [
        {
          "value": "yes",
          "expanded": "Yes"
        },
        {
          "value": "no",
          "expanded": "No"
        }
      ]
    },
    {
      "predicate": "class",
      "entry": [
        {
          "value": "malicious",
          "expanded": "Malicious"
        },
        {
          "value": "suspicious",
          "expanded": "Suspicious"
        },
        {
          "value": "non-malicious",
          "expanded": "Non Malicious"
        },
        {
          "value": "unknown",
          "expanded": "Unknown"
        }
      ]
    }
  ]
}