feat(crowdsec): Add attributes to crowdsec-ip-context object

julienloizelet · julienloizelet · commit fa2973b502a9 · 2024-08-23T11:24:15.000+09:00
diff --git a/objects/crowdsec-ip-context/definition.json b/objects/crowdsec-ip-context/definition.json
@@ -29,7 +29,7 @@
       "ui-priority": 1
     },
     "background-noise": {
-      "description": "Background noise",
+      "description": "High background noise scores highlight untargeted, mild threat mass-attacks",
       "disable_correlation": true,
       "misp-attribute": "float",
       "ui-priority": 1
@@ -66,6 +66,13 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "cves": {
+      "description": "CVEs exploited by the observed IP",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "dst-port": {
       "categories": [
         "Network activity",
@@ -124,6 +131,19 @@
       "misp-attribute": "float",
       "ui-priority": 1
     },
+    "mitre-techniques": {
+      "description": "MITRE ATT&CK techniques used by the observed IP",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
+    },
+    "reputation": {
+      "description": "Real-time, actionable IP reputation score derived from trusted reports and consensus-validated data in CrowdSec CTI",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
     "reverse-dns": {
       "categories": [
         "Network activity",
@@ -159,5 +179,5 @@
     "ip"
   ],
   "uuid": "0f0a6def-a351-4d3b-9868-d732f6f4666f",
-  "version": 3
+  "version": 4
 }
