IP Threat Intelligence

ip_intelligence

🚧 WARNING: DEPRECATED
IP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about IP Addresses

Attributes

Caption	Name	Type	Description
ASN	`asn`	Integer	The 2- or 4-byte Autonomous System Number (ASN)
AS Owner	`asn_owner`	String	The Autonomous System (AS) owner
Details	`details`	String	Details about the IP address.
Findings	`findings`	Finding[]	The findings from threat intelligence platforms
IP Address	`ip`	IP Address	Entity:`IP_ADDRESS` The IP address, in either IPv4 or IPv6 format.
Labels	`labels`	String[]	The labels or tags in the intelligence.
Geo Location	`location`	Geo Location[]	Entity:`GEO_LOCATION` The detailed geographical location usually associated with an IP address.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Additional references for more information.	`references`	String[]	A list of reference URLs supporting the finding/detection.
Reputations	`reputations`	Reputation[]	Reputation score as reported by provider
Subnet	`subnet`	Subnet	Entity:`SUBNET` The subnet mask.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Vendor Name	`vendor_name`	String	The vendor that provided the intelligence.

These objects and events reference IP Threat Intelligence in their attributes:

IP Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 6 months ago