Geo Location
The Geo Location object describes a geographical location, usually associated with an IP address. Defined by D3FEND d3f:PhysicalLocation.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| City | city |
String | The name of the city. |
| Continent | continent |
String | The name of the continent. |
| Coordinates | coordinates |
Float[] |
A two-element array, containing a longitude/latitude pair. The format conforms with GeoJSON. For example: [-73.983, 40.719].
|
| Country | country |
String |
The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see ISO 3166-1 alpha-2 codes. Note: The two letter country code should be capitalized. For example: |
| Description | desc |
String | The description of the geographical location. |
| Geohash | geohash |
String |
Geohash of the geo-coordinates (latitude and longitude). Geohashing is a geocoding system used to encode geographic coordinates in decimal degrees, to a single string. |
| On Premises | is_on_premises |
Boolean | The indication of whether the location is on premises. |
| ISP | isp |
String | The name of the Internet Service Provider (ISP). |
| Latitude | lat |
Float |
The geographical Latitude coordinate represented in Decimal Degrees (DD). For example: 42.361145.
|
| Longitude | long |
Float |
The geographical Longitude coordinate represented in Decimal Degrees (DD). For example: -71.057083.
|
| Postal Code | postal_code |
String | The postal code of the location. |
| Provider | provider |
String | The provider of the geographical location data. |
| Raw Data | raw_data |
JSON | The event data as received from the event source. |
| Record ID | record_id |
String | Unique identifier for the object |
| Region | region |
String | The alphanumeric code that identifies the principal subdivision (e.g. province or state) of the country. Region codes are defined at ISO 3166-2 and have a limit of three characters. For example, see the region codes for the US. |
| Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Geo Location in their attributes:
- Endpoint
- Network Proxy Endpoint
- Domain Contact
- Network Endpoint
- OSINT
- LDAP Person
- IP Threat Intelligence
- Device
Outbound Relationships
Geo Location references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 6 months ago