Guides
Start typing to search…

Threat Actor

threat_actor

Threat actor is responsible for the observed malicious activity.

Attributes

CaptionNameTypeDescription
Name name String The name of the threat actor.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Threat Actor Type type String The classification of the threat actor based on their motivations, capabilities, or affiliations. Common types include nation-state actors, cybercriminal groups, hacktivists, or insider threats.
Threat Actor Type ID type_id Integer The normalized datastore resource type identifier.
  • 0: Unknown (UNKNOWN)
  • 1: Nation-state (NATION_STATE)
  • 2: Cybercriminal (CYBERCRIMINAL)
  • 3: Hacktivists (HACKTIVISTS)
  • 4: Insider (INSIDER)
  • 99: Other (OTHER)
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Threat Actor shown in context

Inbound Relationships

These objects and events reference Threat Actor in their attributes:

Outbound Relationships

Threat Actor references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated about 7 hours ago