Threat Intelligence

threat_intelligence

🚧 WARNING: DEPRECATED
Threat Intelligence has been deprecated since 1.4.0. Deprecated in QDM 1.4.0

Insights from threat intelligence platforms

Attributes

Caption	Name	Type	Description
Provider	`provider`	String	Threat intelligence data provider name e.g. AlienVaultOTX
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Reputation Scores	`reputation`	Reputation[]	Reputation score as reported by provider
Type ID	`type_id`	Integer	Type of entity for which threat info is provided e.g. IP `0`: Unknown (`UNKNOWN`) `1`: IP (`IP`) `2`: Domain (`DOMAIN`) `3`: Url (`URL`) `4`: Hash (`HASH`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Value	`value`	String	Entity value for which threat info is provided

Threat Intelligence references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated about 6 hours ago