IP Threat Intelligence

ip_intelligence

🚧 WARNING: DEPRECATED

IP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about IP Addresses

Attributes

CaptionNameTypeDescription
ASNasnInteger

The 2- or 4-byte Autonomous System Number (ASN)

AS Ownerasn_ownerString

The Autonomous System (AS) owner

DetailsdetailsString

Details about the IP address.

FindingsfindingsFinding[]

The findings from threat intelligence platforms

IP AddressipIP Address

Entity:IP_ADDRESS
The IP address, in either IPv4 or IPv6 format.

LabelslabelsString[]

The labels or tags in the intelligence.

Geo LocationlocationGeo Location[]

Entity:GEO_LOCATION
The detailed geographical location usually associated with an IP address.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Additional references for more information.referencesString[]

A list of reference URLs supporting the finding/detection.

ReputationsreputationsReputation[]

Reputation score as reported by provider

SubnetsubnetSubnet

Entity:SUBNET
The subnet mask.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Vendor Namevendor_nameString

The vendor that provided the intelligence.

Relationships

IP Threat Intelligence shown in context

Inbound Relationships

These objects and events reference IP Threat Intelligence in their attributes:

Outbound Relationships

IP Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0