Open iglocska opened 7 years ago
Depending on the attack type, we can include also domain name in the victim. Application layer attacks normally target domains/services that can be hosted in the same IP address.
The attacker object can be quite complex. I would go for a very minimal one and use the other attributes or objects to link with the attacker object. Like https://github.com/MISP/misp-objects/blob/master/objects/whois/definition.json to avoid describing again the same info in the attacker object.
@iglocska the new proposed database model should work as the object can link to one or more objects or attributes. Correct?
Victim also something like name, mail adress, username, location, legal entity / department...
First version of the victim object added https://github.com/MISP/misp-objects/commit/9d146207395d33542d9c8cb815cbf3bc45040af5
Attacker:
Victim