File Threat Intelligence

file_intelligence

🚧 WARNING: DEPRECATED

File Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about files

Attributes

CaptionNameTypeDescription
Details details String Details about the IP address.
Filenames filenames String[] The names a file is known by.
Findings findings Finding[] The findings from threat intelligence platforms
Fingerprints fingerprints Fingerprint[] Entity:FINGERPRINT
An array of known fingerprints for the file.
First Seen first_seen_time Timestamp The initial detection time of the activity or object. See specific usage
Labels labels String[] The labels or tags in the intelligence.
Last Seen last_seen_time Timestamp The most recent detection time of the activity or object. See specific usage.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Additional references for more information. references String[] A list of reference URLs supporting the finding/detection.
Reputations reputations Reputation[] Reputation score as reported by provider
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Vendor Name vendor_name String The vendor that provided the intelligence.

Relationships

File Threat Intelligence shown in context

Outbound Relationships

File Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0