Geo Location
location
The Geo Location object describes a geographical location, usually associated with an IP address. Defined by D3FEND d3f:PhysicalLocation.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| City | city | String | The name of the city. | ||
| Continent | continent | String | The name of the continent. | ||
| Coordinates | coordinates | Float |
A two-element array, containing a longitude/latitude pair. The format conforms with GeoJSON. For example: [-73.983, 40.719].
Deprecated since 1.2.0: Use specific |
||
| Country | country | String |
The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see ISO 3166-1 alpha-2 codes. Note: The two letter country code should be capitalized. For example: |
||
| Description | desc | String | The description of the geographical location. | ||
| Geohash | geohash | String |
Geohash of the geo-coordinates (latitude and longitude). Geohashing is a geocoding system used to encode geographic coordinates in decimal degrees, to a single string. |
||
| On Premises | is_on_premises | Boolean | The indication of whether the location is on premises. | ||
| ISP | isp | String | The name of the Internet Service Provider (ISP). | ||
| Latitude | lat | Float |
The geographical Latitude coordinate represented in Decimal Degrees (DD). For example: 42.361145.
|
||
| Longitude | long | Float |
The geographical Longitude coordinate represented in Decimal Degrees (DD). For example: -71.057083.
|
||
| Postal Code | postal_code | String | The postal code of the location. | ||
| Provider | provider | String | The provider of the geographical location data. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Region | region | String | The alphanumeric code that identifies the principal subdivision (e.g. province or state) of the country. Region codes are defined at ISO 3166-2 and have a limit of three characters. For example, see the region codes for the US. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Context
JSON
{
"observable": 26,
"caption": "Geo Location",
"description": "The Geo Location object describes a geographical location, usually associated with an IP address. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:PhysicalLocation/'>d3f:PhysicalLocation</a>.",
"extends": "object",
"name": "location",
"attributes": {
"city": {
"requirement": "recommended",
"caption": "City",
"description": "The name of the city.",
"type": "string_t"
},
"continent": {
"requirement": "recommended",
"caption": "Continent",
"description": "The name of the continent.",
"type": "string_t"
},
"coordinates": {
"requirement": "optional",
"caption": "Coordinates",
"description": "A two-element array, containing a longitude/latitude pair. The format conforms with <a target='_blank' href='https://geojson.org'>GeoJSON</a>. For example: <code>[-73.983, 40.719]</code>.",
"type": "float_t",
"@deprecated": {
"message": "Use specific <code> lat, long </code> attributes instead.",
"since": "1.2.0"
},
"is_array": true
},
"country": {
"requirement": "recommended",
"observable": 14,
"caption": "Country",
"description": "The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see <a target='_blank' href='https://www.iso.org/obp/ui/#iso:pub:PUB500001:en' >ISO 3166-1 alpha-2 codes</a>.<p><b>Note:</b> The two letter country code should be capitalized. For example: <code>US</code> or <code>CA</code>.</p>",
"type": "string_t"
},
"desc": {
"description": "The description of the geographical location.",
"requirement": "optional",
"caption": "Description",
"type": "string_t"
},
"geohash": {
"requirement": "optional",
"caption": "Geohash",
"description": "<p>Geohash of the geo-coordinates (latitude and longitude).</p><a target='_blank' href='https://en.wikipedia.org/wiki/Geohash'>Geohashing</a> is a geocoding system used to encode geographic coordinates in decimal degrees, to a single string.",
"type": "string_t"
},
"is_on_premises": {
"requirement": "optional",
"caption": "On Premises",
"description": "The indication of whether the location is on premises.",
"type": "boolean_t"
},
"isp": {
"requirement": "optional",
"caption": "ISP",
"description": "The name of the Internet Service Provider (ISP).",
"type": "string_t"
},
"lat": {
"requirement": "optional",
"caption": "Latitude",
"description": "The geographical Latitude coordinate represented in Decimal Degrees (DD). For example: <code>42.361145</code>.",
"type": "float_t"
},
"long": {
"requirement": "optional",
"caption": "Longitude",
"description": "The geographical Longitude coordinate represented in Decimal Degrees (DD). For example: <code>-71.057083</code>.",
"type": "float_t"
},
"postal_code": {
"requirement": "optional",
"caption": "Postal Code",
"description": "The postal code of the location.",
"type": "string_t"
},
"provider": {
"description": "The provider of the geographical location data.",
"requirement": "optional",
"caption": "Provider",
"type": "string_t"
},
"region": {
"description": "The alphanumeric code that identifies the principal subdivision (e.g. province or state) of the country. Region codes are defined at <a target='_blank' href='https://www.iso.org/iso-3166-country-codes.html'>ISO 3166-2</a> and have a limit of three characters. For example, see <a target='_blank' href='https://www.iso.org/obp/ui/#iso:code:3166:US'>the region codes for the US</a>.",
"requirement": "optional",
"caption": "Region",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"city",
"country",
"postal_code",
"region"
]
}
}