TODO Attacker and victim objects

MISP / misp-objects

Definition, description and relationship types of MISP objects

https://www.misp-project.org/objects.html

Other

91 stars 122 forks source link

TODO Attacker and victim objects #6

Open iglocska opened 7 years ago

iglocska commented 7 years ago

Attacker:

name
comment
ip
asn
asn-name
geo
uri
whois-text
//source-comment

Victim

ip
asn
asn-name
geo
uri
//comment

dr0t commented 7 years ago

Depending on the attack type, we can include also domain name in the victim. Application layer attacks normally target domains/services that can be hosted in the same IP address.

adulau commented 7 years ago

The attacker object can be quite complex. I would go for a very minimal one and use the other attributes or objects to link with the attacker object. Like https://github.com/MISP/misp-objects/blob/master/objects/whois/definition.json to avoid describing again the same info in the attacker object.

@iglocska the new proposed database model should work as the object can link to one or more objects or attributes. Correct?

jaegeral commented 7 years ago

Victim also something like name, mail adress, username, location, legal entity / department...

adulau commented 7 years ago

First version of the victim object added https://github.com/MISP/misp-objects/commit/9d146207395d33542d9c8cb815cbf3bc45040af5