Guides

Threat Intelligence

Suggest Edits

threat_intelligence

🚧 WARNING: DEPRECATED

Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms

Attributes

CaptionNameTypeDescription
Provider provider String Threat intelligence data provider name e.g. AlienVaultOTX
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Reputation Scores reputation Reputation[] Reputation score as reported by provider
Type ID type_id Integer Type of entity for which threat info is provided e.g. IP
  • 0: Unknown (UNKNOWN)
  • 1: IP (IP)
  • 2: Domain (DOMAIN)
  • 3: Url (URL)
  • 4: Hash (HASH)
  • 99: Other (OTHER)
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Value value String Entity value for which threat info is provided

Relationships

Threat Intelligence shown in context

Outbound Relationships

Threat Intelligence references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 9 days ago