File Threat Intelligence

file_intelligence

🚧 WARNING: DEPRECATED

File Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about files

Attributes

CaptionNameTypeDescription
DetailsdetailsStringDetails about the IP address.
FilenamesfilenamesString[]The names a file is known by.
FindingsfindingsFinding[]The findings from threat intelligence platforms
FingerprintsfingerprintsFingerprint[]Entity:FINGERPRINT

An array of known fingerprints for the file.
First Seenfirst_seen_timeTimestampThe initial detection time of the activity or object. See specific usage
LabelslabelsString[]The labels or tags in the intelligence.
Last Seenlast_seen_timeTimestampThe most recent detection time of the activity or object. See specific usage.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Additional references for more information.referencesString[]A list of reference URLs supporting the finding/detection.
ReputationsreputationsReputation[]Reputation score as reported by provider
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
Vendor Namevendor_nameStringThe vendor that provided the intelligence.

Relationships

File Threat Intelligence shown in context

Outbound Relationships

File Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0