Base Threat Intelligence
_base_threat_intelligence
Base object for threat intelligence data
Contents
Attributes
Caption | Name | Type | Is Array | Default | Description |
---|---|---|---|---|---|
Details | details | String | Details about the IP address. | ||
Findings | findings | Finding | The findings from threat intelligence platforms | ||
Labels | labels | String | The labels or tags in the intelligence. | ||
Raw Data | raw_data | JSON | The event data as received from the event source. | ||
Record ID | record_id | String | Unique identifier for the object | ||
Additional references for more information. | references | String | A list of reference URLs supporting the finding/detection. | ||
Reputations | reputations | Reputation | Reputation score as reported by provider | ||
Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
Vendor Name | vendor_name | String | The vendor that provided the intelligence. |
References
Referenced By
Context
JSON
{
"description": "Base object for threat intelligence data",
"caption": "Base Threat Intelligence",
"name": "_base_threat_intelligence",
"extends": "object",
"attributes": {
"vendor_name": {
"description": "The vendor that provided the intelligence.",
"requirement": "optional",
"caption": "Vendor Name",
"type": "string_t"
},
"references": {
"caption": "Additional references for more information.",
"requirement": "optional",
"description": "A list of reference URLs supporting the finding/detection.",
"type": "string_t",
"is_array": true
},
"reputations": {
"description": "Reputation score as reported by provider",
"requirement": "optional",
"caption": "Reputations",
"is_array": true,
"type": "reputation"
},
"findings": {
"description": "The findings from threat intelligence platforms",
"requirement": "optional",
"caption": "Findings",
"type": "finding",
"is_array": true
},
"labels": {
"description": "The labels or tags in the intelligence.",
"requirement": "optional",
"caption": "Labels",
"type": "string_t",
"is_array": true
},
"details": {
"description": "Details about the IP address.",
"requirement": "optional",
"caption": "Details",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"extension": "query"
}