IP Threat Intelligence

ip_intelligence

🚧 WARNING: DEPRECATED

IP Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms about IP Addresses

Attributes

CaptionNameTypeDescription
ASNasnIntegerThe 2- or 4-byte Autonomous System Number (ASN)
AS Ownerasn_ownerStringThe Autonomous System (AS) owner
DetailsdetailsStringDetails about the IP address.
FindingsfindingsFinding[]The findings from threat intelligence platforms
IP AddressipIP AddressEntity:IP_ADDRESS

The IP address, in either IPv4 or IPv6 format.
LabelslabelsString[]The labels or tags in the intelligence.
Geo LocationlocationGeo Location[]Entity:GEO_LOCATION

The detailed geographical location usually associated with an IP address.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Additional references for more information.referencesString[]A list of reference URLs supporting the finding/detection.
ReputationsreputationsReputation[]Reputation score as reported by provider
SubnetsubnetSubnetEntity:SUBNET

The subnet mask.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
Vendor Namevendor_nameStringThe vendor that provided the intelligence.

Relationships

IP Threat Intelligence shown in context

Inbound Relationships

These objects and events reference IP Threat Intelligence in their attributes:

Outbound Relationships

IP Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0


Did this page help you?