mirror of
https://github.com/optim-enterprises-bv/nDPId.git
synced 2025-10-28 17:02:24 +00:00
1597 lines
80 KiB
JSON
1597 lines
80 KiB
JSON
{
|
|
"type": "object",
|
|
"required": [
|
|
"alias",
|
|
"source",
|
|
"thread_id",
|
|
"packet_id",
|
|
"flow_event_id",
|
|
"flow_event_name",
|
|
"flow_id",
|
|
"flow_state",
|
|
"flow_src_packets_processed",
|
|
"flow_dst_packets_processed",
|
|
"flow_first_seen",
|
|
"flow_src_last_pkt_time",
|
|
"flow_dst_last_pkt_time",
|
|
"flow_idle_time",
|
|
"flow_src_min_l4_payload_len",
|
|
"flow_dst_min_l4_payload_len",
|
|
"flow_src_max_l4_payload_len",
|
|
"flow_dst_max_l4_payload_len",
|
|
"flow_src_tot_l4_payload_len",
|
|
"flow_dst_tot_l4_payload_len",
|
|
"l3_proto",
|
|
"l4_proto",
|
|
"midstream",
|
|
"thread_ts_usec",
|
|
"src_ip",
|
|
"dst_ip"
|
|
],
|
|
|
|
"if": {
|
|
"properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } }
|
|
},
|
|
"then": {
|
|
"required": [ "flow_datalink", "flow_max_packets" ]
|
|
},
|
|
|
|
"if": {
|
|
"properties": { "flow_event_name": { "enum": [ "analyse" ] } }
|
|
},
|
|
"then": {
|
|
"required": [ "data_analysis" ]
|
|
},
|
|
|
|
"if": {
|
|
"properties": { "flow_state": { "enum": [ "finished" ] } }
|
|
},
|
|
"then": {
|
|
"required": [ "ndpi" ]
|
|
},
|
|
|
|
"if": {
|
|
"properties": { "flow_event_name": { "enum": [ "guessed", "detected",
|
|
"detection-update", "not-detected" ] } }
|
|
},
|
|
"then": {
|
|
"required": [ "ndpi" ]
|
|
},
|
|
|
|
"properties": {
|
|
"alias": {
|
|
"type": "string"
|
|
},
|
|
"uuid": {
|
|
"type": "string"
|
|
},
|
|
"source": {
|
|
"type": "string"
|
|
},
|
|
"thread_id": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 31
|
|
},
|
|
"packet_id": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"vlan_id": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 4095
|
|
},
|
|
"flow_event_id": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 9
|
|
},
|
|
"flow_event_name": {
|
|
"type": "string",
|
|
"enum": [
|
|
"invalid",
|
|
"new",
|
|
"end",
|
|
"idle",
|
|
"update",
|
|
"analyse",
|
|
"guessed",
|
|
"detected",
|
|
"detection-update",
|
|
"not-detected"
|
|
]
|
|
},
|
|
"flow_id": {
|
|
"type": "number",
|
|
"minimum": 1
|
|
},
|
|
"flow_state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"finished",
|
|
"info"
|
|
]
|
|
},
|
|
"flow_datalink": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 292
|
|
},
|
|
"flow_src_packets_processed": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_dst_packets_processed": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_max_packets": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_first_seen": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_src_last_pkt_time": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_dst_last_pkt_time": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_idle_time": {
|
|
"type": "number",
|
|
"minimum": 1
|
|
},
|
|
"flow_src_min_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_dst_min_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_src_max_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_dst_max_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_src_tot_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"flow_dst_tot_l4_payload_len": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"l3_proto": {
|
|
"type": "string",
|
|
"enum": [
|
|
"ip4",
|
|
"ip6",
|
|
"unknown"
|
|
]
|
|
},
|
|
"l4_proto": {
|
|
"oneOf": [
|
|
{
|
|
"type": "number"
|
|
},
|
|
{
|
|
"type": "string",
|
|
"enum": [
|
|
"tcp",
|
|
"udp",
|
|
"icmp",
|
|
"icmp6"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"midstream": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 1
|
|
},
|
|
"thread_ts_usec": {
|
|
"type": "number",
|
|
"minimum": 0
|
|
},
|
|
"src_ip": {
|
|
"type": "string",
|
|
"anyOf" : [
|
|
{ "format": "ipv4" },
|
|
{ "format": "ipv6" }
|
|
]
|
|
},
|
|
"dst_ip": {
|
|
"type": "string",
|
|
"anyOf" : [
|
|
{ "format": "ipv4" },
|
|
{ "format": "ipv6" }
|
|
]
|
|
},
|
|
"src_port": {
|
|
"type": "number",
|
|
"minimum": 1,
|
|
"maximum": 65535
|
|
},
|
|
"dst_port": {
|
|
"type": "number",
|
|
"minimum": 1,
|
|
"maximum": 65535
|
|
},
|
|
"ndpi": {
|
|
"type": "object",
|
|
"required": [ "proto", "proto_id", "breed", "encrypted" ],
|
|
|
|
"properties": {
|
|
"proto": {
|
|
"type": "string"
|
|
},
|
|
"proto_id": {
|
|
"type": "string"
|
|
},
|
|
"proto_by_ip": {
|
|
"type": "string"
|
|
},
|
|
"proto_by_ip_id": {
|
|
"type": "number"
|
|
},
|
|
"stream_content": {
|
|
"type": "string"
|
|
},
|
|
"category": {
|
|
"type": "string",
|
|
"enum": [
|
|
"Unspecified", "Media", "VPN", "Email", "DataTransfer",
|
|
"Web", "SocialNetwork", "Download", "Game", "Chat", "VoIP",
|
|
"Database", "RemoteAccess", "Cloud", "Network", "Collaborative",
|
|
"RPC", "Streaming", "System", "SoftwareUpdate", "Music", "Video",
|
|
"Shopping", "Productivity", "FileSharing", "ConnCheck", "IoT-Scada",
|
|
"VirtAssistant", "Cybersecurity", "AdultContent", "Mining", "Malware",
|
|
"Advertisement", "Banned_Site", "Site_Unavailable", "Allowed_Site",
|
|
"Antimalware", "Crypto_Currency", "Gambling", "Health"
|
|
]
|
|
},
|
|
"category_id": {
|
|
"type": "number"
|
|
},
|
|
"encrypted": {
|
|
"type": "number",
|
|
"enum": [
|
|
0,
|
|
1
|
|
]
|
|
},
|
|
"breed": {
|
|
"type": "string",
|
|
"enum": [
|
|
"Safe", "Acceptable", "Fun", "Unsafe",
|
|
"Potentially Dangerous", "Tracker/Ads",
|
|
"Dangerous", "Unrated"
|
|
]
|
|
},
|
|
"flow_risk": {
|
|
"type": "object",
|
|
"properties": {
|
|
"1": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "XSS Attack" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"2": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "SQL Injection" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"3": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "RCE Injection" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"4": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Binary App Transfer" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"5": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Known Proto on Non Std Port" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"6": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Self-signed Cert" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"7": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Obsolete TLS (v1.1 or older)" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"8": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Weak TLS Cipher" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"9": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Cert Expired" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"10": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Cert Mismatch" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"11": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP Susp User-Agent" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"12": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP/TLS/QUIC Numeric Hostname/SNI" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"13": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP Susp URL" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"14": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP Susp Header" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"15": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS (probably) Not Carrying HTTPS" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"16": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Susp DGA Domain name" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"17": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Malformed Packet" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"18": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "SSH Obsolete Cli Vers/Cipher" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"19": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "SSH Obsolete Ser Vers/Cipher" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"20": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "SMB Insecure Vers" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"21": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Susp ESNI Usage" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"22": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Unsafe Protocol" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"23": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Susp DNS Traffic" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"24": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Missing SNI TLS Extn" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"25": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP Susp Content" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"26": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Risky ASN" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"27": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Risky Domain Name" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"28": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Malicious JA3 Fingerp." ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"29": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Malicious SSL Cert/SHA1 Fingerp." ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"30": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Desktop/File Sharing" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"31": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Uncommon TLS ALPN" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"32": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Cert Validity Too Long" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"33": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Susp Extn" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"34": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Fatal Alert" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"35": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Susp Entropy" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"36": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Clear-Text Credentials" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"37": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Large DNS Packet (512+ bytes)" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"38": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Fragmented DNS Message" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"39": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Non-Printable/Invalid Chars Detected" ] },
|
|
"severity": { "type": "string", "enum": [ "High" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"40": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Possible Exploit Attempt" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"41": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TLS Cert About To Expire" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"42": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "IDN Domain Name" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"43": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Error Code" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"44": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Crawler/Bot" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"45": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Anonymous Subscriber" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"46": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Unidirectional Traffic" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"47": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "HTTP Obsolete Server" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"48": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Periodic Flow" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"49": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Minor Issues" ] },
|
|
"severity": { "type": "string", "enum": [ "Low" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"50": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "TCP Connection Issues" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"51": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Fully Encrypted Flow" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"52": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "ALPN/SNI Mismatch" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"53": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Client Contacted A Malware Host" ] },
|
|
"severity": { "type": "string", "enum": [ "Severe" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"54": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Binary File/Data Transfer (Attempt)" ] },
|
|
"severity": { "type": "string", "enum": [ "Medium" ] },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 130 }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"55": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Probing Attempt" ] },
|
|
"severity": { "type": "string" },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 10, "maximum": 610 },
|
|
"client": { "type": "number", "minimum": 5, "maximum": 485 },
|
|
"server": { "type": "number", "minimum": 5, "maximum": 135 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"56": {
|
|
"type": "object",
|
|
"required": [ "risk", "severity", "risk_score" ],
|
|
"properties": {
|
|
"risk": { "type": "string", "enum": [ "Obfuscated Traffic" ] },
|
|
"severity": { "type": "string" },
|
|
"risk_score": {
|
|
"type": "object",
|
|
"required": [ "total", "client", "server" ],
|
|
"properties": {
|
|
"total": { "type": "number", "minimum": 350, "maximum": 350 },
|
|
"client": { "type": "number", "minimum": 235, "maximum": 235 },
|
|
"server": { "type": "number", "minimum": 115, "maximum": 115 },
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"confidence": {
|
|
"type": "object",
|
|
"properties": {
|
|
"0": {
|
|
"type": "string",
|
|
"enum": [ "Unknown" ]
|
|
},
|
|
"1": {
|
|
"type": "string",
|
|
"enum": [ "Match by port" ]
|
|
},
|
|
"2": {
|
|
"type": "string",
|
|
"enum": [ "nBPF" ]
|
|
},
|
|
"3": {
|
|
"type": "string",
|
|
"enum": [ "DPI (partial)" ]
|
|
},
|
|
"4": {
|
|
"type": "string",
|
|
"enum": [ "DPI (partial cache)" ]
|
|
},
|
|
"5": {
|
|
"type": "string",
|
|
"enum": [ "DPI (cache)" ]
|
|
},
|
|
"6": {
|
|
"type": "string",
|
|
"enum": [ "DPI" ]
|
|
},
|
|
"7": {
|
|
"type": "string",
|
|
"enum": [ "Match by IP" ]
|
|
},
|
|
"8": {
|
|
"type": "string",
|
|
"enum": [ "DPI (aggressive)" ]
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"entropy": {
|
|
"type": "number"
|
|
},
|
|
"domainame": {
|
|
"type": "string"
|
|
},
|
|
"hostname": {
|
|
"type": "string"
|
|
},
|
|
"collectd": {
|
|
"type": "object"
|
|
},
|
|
"dhcp": {
|
|
"type": "object"
|
|
},
|
|
"discord": {
|
|
"type": "object"
|
|
},
|
|
"bittorrent": {
|
|
"type": "object"
|
|
},
|
|
"mdns": {
|
|
"type": "object"
|
|
},
|
|
"mikrotik": {
|
|
"type": "object"
|
|
},
|
|
"natpmp": {
|
|
"type": "object"
|
|
},
|
|
"ntp": {
|
|
"type": "object"
|
|
},
|
|
"ubntac2": {
|
|
"type": "object"
|
|
},
|
|
"kerberos": {
|
|
"type": "object"
|
|
},
|
|
"telnet": {
|
|
"type": "object"
|
|
},
|
|
"tls": {
|
|
"type": "object"
|
|
},
|
|
"quic": {
|
|
"type": "object"
|
|
},
|
|
"imap": {
|
|
"type": "object"
|
|
},
|
|
"http": {
|
|
"type": "object"
|
|
},
|
|
"pop": {
|
|
"type": "object"
|
|
},
|
|
"smtp": {
|
|
"type": "object"
|
|
},
|
|
"dns": {
|
|
"type": "object"
|
|
},
|
|
"ftp": {
|
|
"type": "object"
|
|
},
|
|
"sip": {
|
|
"type": "object",
|
|
"properties": {
|
|
"from": {
|
|
"type": "string"
|
|
},
|
|
"to": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"snmp": {
|
|
"type": "object"
|
|
},
|
|
"ssh": {
|
|
"type": "object"
|
|
},
|
|
"stun": {
|
|
"type": "object"
|
|
},
|
|
"softether": {
|
|
"type": "object"
|
|
},
|
|
"tftp": {
|
|
"type": "object"
|
|
},
|
|
"tivoconnect": {
|
|
"type": "object"
|
|
},
|
|
"rsh": {
|
|
"type": "object"
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"data_analysis": {
|
|
"type": "object",
|
|
"required": [ "iat", "pktlen", "bins", "directions" ],
|
|
"properties": {
|
|
"iat": {
|
|
"type": "object",
|
|
"properties": {
|
|
"min": {
|
|
"type": "number"
|
|
},
|
|
"avg": {
|
|
"type": "number"
|
|
},
|
|
"max": {
|
|
"type": "number"
|
|
},
|
|
"stddev": {
|
|
"type": "number"
|
|
},
|
|
"var": {
|
|
"type": "number"
|
|
},
|
|
"ent": {
|
|
"type": "number"
|
|
},
|
|
"data": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"pktlen": {
|
|
"type": "object",
|
|
|
|
"properties": {
|
|
"min": {
|
|
"type": "number"
|
|
},
|
|
"avg": {
|
|
"type": "number"
|
|
},
|
|
"max": {
|
|
"type": "number"
|
|
},
|
|
"stddev": {
|
|
"type": "number"
|
|
},
|
|
"var": {
|
|
"type": "number"
|
|
},
|
|
"ent": {
|
|
"type": "number"
|
|
},
|
|
"data": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"bins": {
|
|
"type": "object",
|
|
|
|
"properties": {
|
|
"c_to_s": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
},
|
|
"s_to_c": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
},
|
|
"directions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
},
|
|
"entropies": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "number"
|
|
}
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
},
|
|
"additionalProperties": false
|
|
}
|