Domain Threat Intelligence
domain_intelligence
Insights from threat intelligence platforms about domains
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Details | details | String | Details about the IP address. |
DNS Entries | dns_entries | String[] | The Domain Name System (DNS) entries from passive DNS logs or a direct query for enrichment. |
Domain | domain | String | The name of the domain. See specific usage. |
Domain Information | domain_info | String | None |
Findings | findings | Finding[] | The findings from threat intelligence platforms |
Labels | labels | String[] | The labels or tags in the intelligence. |
Raw Data | raw_data | JSON | Group: |
Record ID | record_id | String | Group: |
Additional references for more information. | references | String[] | A list of reference URLs supporting the finding/detection. |
Reputations | reputations | Reputation[] | Reputation score as reported by provider |
Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Vendor Name | vendor_name | String | The vendor that provided the intelligence. |
Relationships
Outbound Relationships
Domain Threat Intelligence references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated about 1 month ago