Domain Threat Intelligence
Insights from threat intelligence platforms about domains
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Details | details |
String | Details about the IP address. |
| DNS Entries | dns_entries |
DNS Answer[] | The Domain Name System (DNS) entries from passive DNS logs or a direct query for enrichment. |
| Domain | domain |
String | The name of the domain. |
| Domain Information | domain_info |
Domain Information[] | The registration information pertaining to a domain. |
| Findings | findings |
Finding[] | The findings from threat intelligence platforms |
| Labels | labels |
String[] | The labels or tags in the intelligence. |
| Raw Data | raw_data |
JSON | The event data as received from the event source. |
| Record ID | record_id |
String | Unique identifier for the object |
| Additional references for more information. | references |
String[] | A list of reference URLs supporting the finding/detection. |
| Reputations | reputations |
Reputation[] | Reputation score as reported by provider |
| Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
| Vendor Name | vendor_name |
String | The vendor that provided the intelligence. |
Relationships
Outbound Relationships
Domain Threat Intelligence references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 2 months ago