IP Threat Intelligence

ip_intelligence

🚧 WARNING: DEPRECATED

IP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about IP Addresses

Attributes

CaptionNameTypeDescription
ASN asn Integer The 2- or 4-byte Autonomous System Number (ASN)
AS Owner asn_owner String The Autonomous System (AS) owner
Details details String Details about the IP address.
Findings findings Finding[] The findings from threat intelligence platforms
IP Address ip IP Address Entity:IP_ADDRESS
The IP address, in either IPv4 or IPv6 format.
Labels labels String[] The labels or tags in the intelligence.
Geo Location location Geo Location[] Entity:GEO_LOCATION
The detailed geographical location usually associated with an IP address.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Additional references for more information. references String[] A list of reference URLs supporting the finding/detection.
Reputations reputations Reputation[] Reputation score as reported by provider
Subnet subnet Subnet Entity:SUBNET
The subnet mask.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Vendor Name vendor_name String The vendor that provided the intelligence.

Relationships

IP Threat Intelligence shown in context

Inbound Relationships

These objects and events reference IP Threat Intelligence in their attributes:

Outbound Relationships

IP Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0