Threat Actor

threat_actor

Threat actor is responsible for the observed malicious activity.

Attributes

CaptionNameTypeDescription
NamenameStringThe name of the threat actor.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Threat Actor TypetypeStringThe classification of the threat actor based on their motivations, capabilities, or affiliations. Common types include nation-state actors, cybercriminal groups, hacktivists, or insider threats.
Threat Actor Type IDtype_idIntegerThe normalized datastore resource type identifier.
  • 0: Unknown (UNKNOWN)
  • 1: Nation-state (NATION_STATE)
  • 2: Cybercriminal (CYBERCRIMINAL)
  • 3: Hacktivists (HACKTIVISTS)
  • 4: Insider (INSIDER)
  • 99: Other (OTHER)
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Threat Actor shown in context

Inbound Relationships

These objects and events reference Threat Actor in their attributes:

Outbound Relationships

Threat Actor references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0


Did this page help you?