87 lines
1.5 KiB
JSON
87 lines
1.5 KiB
JSON
{
|
|
"namespace": "passivetotal",
|
|
"expanded": "PassiveTotal",
|
|
"description": "Tags from RiskIQ's PassiveTotal service",
|
|
"version": 1,
|
|
"predicates": [
|
|
{
|
|
"value": "sinkholed",
|
|
"expanded": "Sinkhole Status"
|
|
},
|
|
{
|
|
"value": "ever-comprimised",
|
|
"expanded": "Ever Comprimised?"
|
|
},
|
|
{
|
|
"value": "dynamic-dns",
|
|
"expanded": "Dynamic DNS"
|
|
},
|
|
{
|
|
"value": "class",
|
|
"expanded": "Classification"
|
|
}
|
|
],
|
|
"values": [
|
|
{
|
|
"predicate": "sinkholed",
|
|
"entry": [
|
|
{
|
|
"value": "yes",
|
|
"expanded": "Yes"
|
|
},
|
|
{
|
|
"value": "no",
|
|
"expanded": "No"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"predicate": "ever-comprimised",
|
|
"entry": [
|
|
{
|
|
"value": "yes",
|
|
"expanded": "Yes"
|
|
},
|
|
{
|
|
"value": "no",
|
|
"expanded": "No"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"predicate": "dynamic-dns",
|
|
"entry": [
|
|
{
|
|
"value": "yes",
|
|
"expanded": "Yes"
|
|
},
|
|
{
|
|
"value": "no",
|
|
"expanded": "No"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"predicate": "class",
|
|
"entry": [
|
|
{
|
|
"value": "malicious",
|
|
"expanded": "Malicious"
|
|
},
|
|
{
|
|
"value": "suspicious",
|
|
"expanded": "Suspicious"
|
|
},
|
|
{
|
|
"value": "non-malicious",
|
|
"expanded": "Non Malicious"
|
|
},
|
|
{
|
|
"value": "unknown",
|
|
"expanded": "Unknown"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|