Threat Actor

threat_actor

Threat actor is responsible for the observed malicious activity.

Attributes

Caption	Name	Type	Description
Name	`name`	String	The name of the threat actor.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Threat Actor Type	`type`	String	The classification of the threat actor based on their motivations, capabilities, or affiliations. Common types include nation-state actors, cybercriminal groups, hacktivists, or insider threats.
Threat Actor Type ID	`type_id`	Integer	The normalized datastore resource type identifier. `0`: Unknown (`UNKNOWN`) `1`: Nation-state (`NATION_STATE`) `2`: Cybercriminal (`CYBERCRIMINAL`) `3`: Hacktivists (`HACKTIVISTS`) `4`: Insider (`INSIDER`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Threat Actor in their attributes:

Threat Actor references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 22 days ago