URL Threat Intelligence
URL Threat Intelligence is a searchable entity at the top of Query's UI.
url_intelligence
Insights from threat intelligence platforms about URLs
Contents
Attributes
Caption | Name | Type | Is Array | Default | Description |
---|---|---|---|---|---|
Website Categorization IDs | category_ids | Integer |
The Website categorization identifiers.
|
||
Details | details | String | Details about the IP address. | ||
Findings | findings | Finding | The findings from threat intelligence platforms | ||
First Seen | first_seen_time | Timestamp | The initial detection time of the activity or object. See specific usage | ||
Labels | labels | String | The labels or tags in the intelligence. | ||
Last Seen | last_seen_time | Timestamp | The most recent detection time of the activity or object. See specific usage. | ||
Raw Data | raw_data | JSON | The event data as received from the event source. | ||
Record ID | record_id | String | Unique identifier for the object | ||
Additional references for more information. | references | String | A list of reference URLs supporting the finding/detection. | ||
Reputations | reputations | Reputation | Reputation score as reported by provider | ||
Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
URL | url | Uniform Resource Locator | The URL the intelligence applies to. | ||
Vendor Name | vendor_name | String | The vendor that provided the intelligence. |
References
Referenced By
Context
JSON
{
"description": "Insights from threat intelligence platforms about URLs",
"caption": "URL Threat Intelligence",
"name": "url_intelligence",
"extends": "_base_threat_intelligence",
"attributes": {
"url": {
"description": "The URL the intelligence applies to.",
"requirement": "optional",
"caption": "URL",
"type": "url"
},
"category_ids": {
"requirement": "optional",
"caption": "Website Categorization IDs",
"description": "The Website categorization identifiers.",
"enum": {
"99": {
"caption": "Other",
"description": "The Domain/URL category is not mapped. See the <code>categories</code> attribute, which contains a data source specific value."
},
"0": {
"caption": "Unknown",
"description": "The Domain/URL category is unknown."
},
"1": {
"caption": "Adult/Mature Content"
},
"101": {
"caption": "Spam"
},
"102": {
"caption": "Potentially Unwanted Software"
},
"103": {
"caption": "Dynamic DNS Host"
},
"106": {
"caption": "E-Card/Invitations"
},
"107": {
"caption": "Informational"
},
"108": {
"caption": "Computer/Information Security"
},
"109": {
"caption": "Internet Connected Devices"
},
"11": {
"caption": "Gambling"
},
"110": {
"caption": "Internet Telephony"
},
"111": {
"caption": "Online Meetings"
},
"112": {
"caption": "Media Sharing"
},
"113": {
"caption": "Radio/Audio Streams"
},
"114": {
"caption": "TV/Video Streams"
},
"118": {
"caption": "Piracy/Copyright Concerns"
},
"121": {
"caption": "Marijuana"
},
"14": {
"caption": "Violence/Hate/Racism"
},
"15": {
"caption": "Weapons"
},
"16": {
"caption": "Abortion"
},
"17": {
"caption": "Hacking"
},
"18": {
"caption": "Phishing"
},
"20": {
"caption": "Entertainment"
},
"21": {
"caption": "Business/Economy"
},
"22": {
"caption": "Alternative Spirituality/Belief"
},
"23": {
"caption": "Alcohol"
},
"24": {
"caption": "Tobacco"
},
"25": {
"caption": "Controlled Substances"
},
"26": {
"caption": "Child Pornography"
},
"27": {
"caption": "Education"
},
"29": {
"caption": "Charitable Organizations"
},
"3": {
"caption": "Pornography"
},
"30": {
"caption": "Art/Culture"
},
"31": {
"caption": "Financial Services"
},
"32": {
"caption": "Brokerage/Trading"
},
"33": {
"caption": "Games"
},
"34": {
"caption": "Government/Legal"
},
"35": {
"caption": "Military"
},
"36": {
"caption": "Political/Social Advocacy"
},
"37": {
"caption": "Health"
},
"38": {
"caption": "Technology/Internet"
},
"4": {
"caption": "Sex Education"
},
"40": {
"caption": "Search Engines/Portals"
},
"43": {
"caption": "Malicious Sources/Malnets"
},
"44": {
"caption": "Malicious Outbound Data/Botnets"
},
"45": {
"caption": "Job Search/Careers"
},
"46": {
"caption": "News/Media"
},
"47": {
"caption": "Personals/Dating"
},
"49": {
"caption": "Reference"
},
"5": {
"caption": "Intimate Apparel/Swimsuit"
},
"50": {
"caption": "Mixed Content/Potentially Adult"
},
"51": {
"caption": "Chat (IM)/SMS"
},
"52": {
"caption": "Email"
},
"53": {
"caption": "Newsgroups/Forums"
},
"54": {
"caption": "Religion"
},
"55": {
"caption": "Social Networking"
},
"56": {
"caption": "File Storage/Sharing"
},
"57": {
"caption": "Remote Access Tools"
},
"58": {
"caption": "Shopping"
},
"59": {
"caption": "Auctions"
},
"6": {
"caption": "Nudity"
},
"60": {
"caption": "Real Estate"
},
"61": {
"caption": "Society/Daily Living"
},
"63": {
"caption": "Personal Sites"
},
"64": {
"caption": "Restaurants/Dining/Food"
},
"65": {
"caption": "Sports/Recreation"
},
"66": {
"caption": "Travel"
},
"67": {
"caption": "Vehicles"
},
"68": {
"caption": "Humor/Jokes"
},
"7": {
"caption": "Extreme"
},
"71": {
"caption": "Software Downloads"
},
"83": {
"caption": "Peer-to-Peer (P2P)"
},
"84": {
"caption": "Audio/Video Clips"
},
"85": {
"caption": "Office/Business Applications"
},
"86": {
"caption": "Proxy Avoidance"
},
"87": {
"caption": "For Kids"
},
"88": {
"caption": "Web Ads/Analytics"
},
"89": {
"caption": "Web Hosting"
},
"9": {
"caption": "Scam/Questionable/Illegal"
},
"90": {
"caption": "Uncategorized"
},
"92": {
"caption": "Suspicious"
},
"93": {
"caption": "Sexual Expression"
},
"95": {
"caption": "Translation"
},
"96": {
"caption": "Non-Viewable/Infrastructure"
},
"97": {
"caption": "Content Servers"
},
"98": {
"caption": "Placeholders"
}
},
"is_array": true,
"sibling": "categories",
"type": "integer_t"
},
"first_seen_time": {
"requirement": "optional",
"caption": "First Seen",
"description": "The initial detection time of the activity or object. See specific usage",
"type": "timestamp_t"
},
"last_seen_time": {
"requirement": "optional",
"caption": "Last Seen",
"description": "The most recent detection time of the activity or object. See specific usage.",
"type": "timestamp_t"
},
"vendor_name": {
"description": "The vendor that provided the intelligence.",
"requirement": "optional",
"caption": "Vendor Name",
"type": "string_t"
},
"references": {
"caption": "Additional references for more information.",
"requirement": "optional",
"description": "A list of reference URLs supporting the finding/detection.",
"is_array": true,
"type": "string_t"
},
"reputations": {
"description": "Reputation score as reported by provider",
"requirement": "optional",
"caption": "Reputations",
"is_array": true,
"type": "reputation"
},
"findings": {
"description": "The findings from threat intelligence platforms",
"requirement": "optional",
"caption": "Findings",
"type": "finding",
"is_array": true
},
"labels": {
"description": "The labels or tags in the intelligence.",
"requirement": "optional",
"caption": "Labels",
"is_array": true,
"type": "string_t"
},
"details": {
"description": "Details about the IP address.",
"requirement": "optional",
"caption": "Details",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"extension": "query"
}