-
Notifications
You must be signed in to change notification settings - Fork 118
/
definition.json
131 lines (131 loc) · 3.49 KB
/
definition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
{
"attributes": {
"compCS": {
"description": "SSH compression algorithm supported in the session",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"dst_ip": {
"description": "Destination IP address of the session",
"disable_correlation": true,
"misp-attribute": "ip-dst",
"ui-priority": 1
},
"dst_port": {
"description": "Destination port of the session",
"disable_correlation": true,
"misp-attribute": "port",
"ui-priority": 1
},
"encCS": {
"description": "SSH symmetric encryption algorithm supported in the session",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"eventid": {
"description": "Eventid of the session in the cowrie honeypot",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"hassh": {
"description": "HASSH of the client SSH session following Salesforce algorithm",
"misp-attribute": "hassh-md5",
"ui-priority": 1
},
"input": {
"description": "Input of the session",
"misp-attribute": "text",
"ui-priority": 1
},
"isError": {
"description": "isError",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"keyAlgs": {
"description": "SSH public-key algorithm supported in the session",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"macCS": {
"description": "SSH MAC supported in the sesssion",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"message": {
"description": "Message of the cowrie honeypot",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"password": {
"description": "Password",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"protocol": {
"description": "Protocol used in the cowrie honeypot",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"sensor": {
"description": "Cowrie sensor name",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"session": {
"description": "Session id",
"misp-attribute": "text",
"ui-priority": 1
},
"src_ip": {
"description": "Source IP address of the session",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"src_port": {
"description": "Source port of the session",
"disable_correlation": true,
"misp-attribute": "port",
"ui-priority": 1
},
"system": {
"description": "System origin in cowrie honeypot",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"timestamp": {
"description": "When the event happened",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 1
},
"username": {
"description": "Username related to the password(s)",
"misp-attribute": "text",
"ui-priority": 1
}
},
"description": "Cowrie honeypot object template",
"meta-category": "network",
"name": "cowrie",
"requiredOneOf": [
"session"
],
"uuid": "ae085d32-6534-4d52-b3eb-063fccb753e7",
"version": 3
}