File Threat Intelligence
file_intelligence
🚧 WARNING: DEPRECATED
File Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0
Insights from threat intelligence platforms about files
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Details | details | String | Details about the IP address. |
| Filenames | filenames | String[] | The names a file is known by. |
| Findings | findings | Finding[] | The findings from threat intelligence platforms |
| Fingerprints | fingerprints | Fingerprint[] | Entity: |
| First Seen | first_seen_time | Timestamp | The initial detection time of the activity or object. See specific usage |
| Labels | labels | String[] | The labels or tags in the intelligence. |
| Last Seen | last_seen_time | Timestamp | The most recent detection time of the activity or object. See specific usage. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Additional references for more information. | references | String[] | A list of reference URLs supporting the finding/detection. |
| Reputations | reputations | Reputation[] | Reputation score as reported by provider |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Vendor Name | vendor_name | String | The vendor that provided the intelligence. |
Relationships
Outbound Relationships
File Threat Intelligence references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 6 months ago