Base Threat Intelligence

_base_threat_intelligence

Base object for threat intelligence data

Contents

Attributes

Caption Name Type Is Array Default Description
Details details String Details about the IP address.
Findings findings Finding The findings from threat intelligence platforms
Labels labels String The labels or tags in the intelligence.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Additional references for more information. references String A list of reference URLs supporting the finding/detection.
Reputations reputations Reputation Reputation score as reported by provider
Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Vendor Name vendor_name String The vendor that provided the intelligence.

Referenced By

Context

Base Threat Intelligence

JSON

            
{
  "description": "Base object for threat intelligence data",
  "caption": "Base Threat Intelligence",
  "name": "_base_threat_intelligence",
  "extends": "object",
  "attributes": {
    "vendor_name": {
      "description": "The vendor that provided the intelligence.",
      "requirement": "optional",
      "caption": "Vendor Name",
      "type": "string_t"
    },
    "references": {
      "caption": "Additional references for more information.",
      "requirement": "optional",
      "description": "A list of reference URLs supporting the finding/detection.",
      "type": "string_t",
      "is_array": true
    },
    "reputations": {
      "description": "Reputation score as reported by provider",
      "requirement": "optional",
      "caption": "Reputations",
      "is_array": true,
      "type": "reputation"
    },
    "findings": {
      "description": "The findings from threat intelligence platforms",
      "requirement": "optional",
      "caption": "Findings",
      "type": "finding",
      "is_array": true
    },
    "labels": {
      "description": "The labels or tags in the intelligence.",
      "requirement": "optional",
      "caption": "Labels",
      "type": "string_t",
      "is_array": true
    },
    "details": {
      "description": "Details about the IP address.",
      "requirement": "optional",
      "caption": "Details",
      "type": "string_t"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  },
  "extension": "query"
}