IP Threat Intelligence
ip_intelligence
Insights from threat intelligence platforms about IP Addresses
🚧 WARNING: DEPRECATEDIP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0
Attributes
Caption | Name | Type | Description |
---|---|---|---|
ASN | asn |
Integer | The 2- or 4-byte Autonomous System Number (ASN) |
AS Owner | asn_owner |
String | The Autonomous System (AS) owner |
Details | details |
String | Details about the IP address. |
Findings | findings |
Finding[] | The findings from threat intelligence platforms |
IP Address | ip |
IP Address |
Entity:IP_ADDRESS The IP address, in either IPv4 or IPv6 format. |
Labels | labels |
String[] | The labels or tags in the intelligence. |
Geo Location | location |
Geo Location[] |
Entity:GEO_LOCATION The detailed geographical location usually associated with an IP address. |
Raw Data | raw_data |
JSON |
Group:context The event data as received from the event source. |
Record ID | record_id |
String |
Group:primary Unique identifier for the object |
Additional references for more information. | references |
String[] | A list of reference URLs supporting the finding/detection. |
Reputations | reputations |
Reputation[] | Reputation score as reported by provider |
Subnet | subnet |
Subnet |
Entity:SUBNET The subnet mask. |
Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Vendor Name | vendor_name |
String | The vendor that provided the intelligence. |
Relationships
Inbound Relationships
These objects and events reference IP Threat Intelligence in their attributes:
Outbound Relationships
IP Threat Intelligence references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 8 days ago