Domain Threat Intelligence

domain_intelligence

Insights from threat intelligence platforms about domains

Attributes

CaptionNameTypeDescription
DetailsdetailsString

Details about the IP address.

DNS Entriesdns_entriesString[]

The Domain Name System (DNS) entries from passive DNS logs or a direct query for enrichment.

DomaindomainString

The name of the domain. See specific usage.

Domain Informationdomain_infoString

None

FindingsfindingsFinding[]

The findings from threat intelligence platforms

LabelslabelsString[]

The labels or tags in the intelligence.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Additional references for more information.referencesString[]

A list of reference URLs supporting the finding/detection.

ReputationsreputationsReputation[]

Reputation score as reported by provider

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Vendor Namevendor_nameString

The vendor that provided the intelligence.

Relationships

Domain Threat Intelligence shown in context

Outbound Relationships

Domain Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0