Threat Intelligence

threat_intelligence

🚧 WARNING: DEPRECATED

Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms

Attributes

CaptionNameTypeDescription
ProviderproviderStringThreat intelligence data provider name e.g. AlienVaultOTX
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Reputation ScoresreputationReputation[]Reputation score as reported by provider
Type IDtype_idIntegerType of entity for which threat info is provided e.g. IP
  • 0: Unknown (UNKNOWN)
  • 1: IP (IP)
  • 2: Domain (DOMAIN)
  • 3: Url (URL)
  • 4: Hash (HASH)
  • 99: Other (OTHER)
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
ValuevalueStringEntity value for which threat info is provided

Relationships

Threat Intelligence shown in context

Outbound Relationships

Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0


Did this page help you?