Threat Intelligence
<code>threat\_intelligence</code>
<blockquote class="callout callout_warn">
<h3>🚧 WARNING: DEPRECATED</h3>
<p>Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0</p>
</blockquote>
Insights from threat intelligence platforms
## Attributes
<table>
<tr>
<th>Caption</th>
<th>Name</th>
<th>Type</th>
<th>Description</th>
</tr>
<tr id="attr-provider">
<td>Provider</td>
<td><code>provider</code></td>
<td>
<a href="/docs/types#string_t">String</a>
</td>
<td>
Threat intelligence data provider name e.g. AlienVaultOTX
</td>
</tr>
<tr id="attr-raw_data">
<td>Raw Data</td>
<td><code>raw_data</code></td>
<td>
<a href="/docs/types#json_t">JSON</a>
</td>
<td>
<strong>Group:</strong><code>context</code><br/>
The event data as received from the event source.
</td>
</tr>
<tr id="attr-record_id">
<td>Record ID</td>
<td><code>record_id</code></td>
<td>
<a href="/docs/types#string_t">String</a>
</td>
<td>
<strong>Group:</strong><code>primary</code><br/>
Unique identifier for the object
</td>
</tr>
<tr id="attr-reputation">
<td>Reputation Scores</td>
<td><code>reputation</code></td>
<td>
<a href="/docs/obj-reputation">Reputation[]</a>
</td>
<td>
Reputation score as reported by provider
</td>
</tr>
<tr id="attr-type_id">
<td>Type ID</td>
<td><code>type_id</code></td>
<td>
<a href="/docs/types#integer_t">Integer</a>
</td>
<td>
Type of entity for which threat info is provided e.g. IP
<ul>
<li><code>0</code>: Unknown (<code>UNKNOWN</code>)</li>
<li><code>1</code>: IP (<code>IP</code>)</li>
<li><code>2</code>: Domain (<code>DOMAIN</code>)</li>
<li><code>3</code>: Url (<code>URL</code>)</li>
<li><code>4</code>: Hash (<code>HASH</code>)</li>
<li><code>99</code>: Other (<code>OTHER</code>)</li>
</ul>
</td>
</tr>
<tr id="attr-unmapped">
<td>Unmapped</td>
<td><code>unmapped</code></td>
<td>
<a href="/docs/obj-unmapped">Unmapped[]</a>
</td>
<td>
Data from the source that was not mapped into the schema.
</td>
</tr>
<tr id="attr-value">
<td>Value</td>
<td><code>value</code></td>
<td>
<a href="/docs/types#string_t">String</a>
</td>
<td>
Entity value for which threat info is provided
</td>
</tr>
</table>
## Relationships
<img src="https://schema.query.ai/images/obj-threat_intelligence.svg" alt="Threat Intelligence shown in context" />
### Outbound Relationships
Threat Intelligence references the following objects and events in its attributes:
<ul>
<li><a href="/docs/obj-reputation">Reputation</a></li>
<li><a href="/docs/obj-unmapped">Unmapped</a></li>
</ul>
<p><small><i>This page describes ocsf-1.4.0</i></small></p>
Updated 10 days ago