Guides

Threat Intelligence

Suggest Edits

Insights from threat intelligence platforms

Attributes

CaptionNameTypeDescription
Provider provider String Threat intelligence data provider name e.g. AlienVaultOTX
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Reputation Scores reputation Reputation[] Reputation score as reported by provider
Type ID type_id Integer Type of entity for which threat info is provided e.g. IP
  • 0: Unknown (UNKNOWN)
  • 1: IP (IP)
  • 2: Domain (DOMAIN)
  • 3: Url (URL)
  • 4: Hash (HASH)
  • 99: Other (OTHER)
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Value value String Entity value for which threat info is provided

Relationships

Threat Intelligence shown in context

Outbound Relationships

Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 1 month ago