forked from MISP/misp-objects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
definition.json
87 lines (87 loc) · 2.54 KB
/
definition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
"requiredOneOf": [
"address",
"first-seen",
"last-seen",
"description",
"text"
],
"required": [
"address"
],
"attributes": {
"description": {
"description": "Tor node description.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text"
},
"nickname": {
"description": "router's nickname.",
"disable_correlation": false,
"ui-priority": 0,
"misp-attribute": "text"
},
"fingerprint": {
"description": "router's fingerprint.",
"disable_correlation": false,
"ui-priority": 0,
"misp-attribute": "text"
},
"text": {
"description": "Tor node comment.",
"disable_correlation": true,
"ui-priority": 1,
"misp-attribute": "text"
},
"address": {
"description": "IP address of the Tor node seen.",
"ui-priority": 1,
"misp-attribute": "ip-src"
},
"flags": {
"description": "list of flag associated with the node.",
"ui-priority": 0,
"misp-attribute": "text"
},
"version": {
"description": "parsed version of tor, this is None if the relay's using a new versioning scheme.",
"ui-priority": 0,
"misp-attribute": "text"
},
"version_line": {
"description": "versioning information reported by the node.",
"ui-priority": 0,
"misp-attribute": "text"
},
"published": {
"description": "router's publication time. This can be different from first-seen and last-seen.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"last-seen": {
"description": "When the Tor node designed by the IP address has been seen for the last time.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"first-seen": {
"description": "When the Tor node designed by the IP address has been seen for the first time.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "datetime"
},
"document": {
"description": "Raw document from the consensus.",
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "text"
}
},
"version": 2,
"description": "Tor node (which protects your privacy on the internet by hiding the connection between users Internet address and the services used by the users) description which are part of the Tor network at a time.",
"meta-category": "misc",
"uuid": "a5fde1c8-318e-4658-a3ea-85ea000bdd33",
"name": "tor-node"
}