IP Threat Intelligence
ip_intelligence
🚧 WARNING: DEPRECATED
IP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0
Insights from threat intelligence platforms about IP Addresses
Attributes
Caption | Name | Type | Description |
---|---|---|---|
ASN | asn | Integer | The 2- or 4-byte Autonomous System Number (ASN) |
AS Owner | asn_owner | String | The Autonomous System (AS) owner |
Details | details | String | Details about the IP address. |
Findings | findings | Finding[] | The findings from threat intelligence platforms |
IP Address | ip | IP Address | Entity: |
Labels | labels | String[] | The labels or tags in the intelligence. |
Geo Location | location | Geo Location[] | Entity: |
Raw Data | raw_data | JSON | Group: |
Record ID | record_id | String | Group: |
Additional references for more information. | references | String[] | A list of reference URLs supporting the finding/detection. |
Reputations | reputations | Reputation[] | Reputation score as reported by provider |
Subnet | subnet | Subnet | Entity: |
Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Vendor Name | vendor_name | String | The vendor that provided the intelligence. |
Relationships
Inbound Relationships
These objects and events reference IP Threat Intelligence in their attributes:
Outbound Relationships
IP Threat Intelligence references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 15 days ago