Domain Threat Intelligence

domain_intelligence

Insights from threat intelligence platforms about domains

Attributes

CaptionNameTypeDescription
DetailsdetailsStringDetails about the IP address.
DNS Entriesdns_entriesString[]The Domain Name System (DNS) entries from passive DNS logs or a direct query for enrichment.
DomaindomainStringThe name of the domain. See specific usage.
Domain Informationdomain_infoStringNone
FindingsfindingsFinding[]The findings from threat intelligence platforms
LabelslabelsString[]The labels or tags in the intelligence.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Additional references for more information.referencesString[]A list of reference URLs supporting the finding/detection.
ReputationsreputationsReputation[]Reputation score as reported by provider
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
Vendor Namevendor_nameStringThe vendor that provided the intelligence.

Relationships

Domain Threat Intelligence shown in context

Outbound Relationships

Domain Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0