Class IoCIndicatorDetailed

An indicator of compromise with extended context from your environment.

Hierarchy

  • IoCIndicatorDetailed

Constructors

constructor

Properties

additionalData? additionalProperties? asCidrBlock? asGeo? asNumber? asOrganization? asType? benignSources? categories? criticalAssets? firstSeen? hosts? id? indicator? indicatorType? lastSeen? logMatches? logSources? mAsType? mPersistence? mSignal? mSources? maliciousSources? maxTrustScore? score? services? signalMatches? signalSeverity? signalTier? suspiciousSources? tags? users?

Constructors

constructor

Properties

Optional additionalData

additionalData?: {
    [key: string]: any;
}

Additional domain-specific context from threat intelligence sources.

Type declaration

  • [key: string]: any

Optional additionalProperties

additionalProperties?: {
    [key: string]: any;
}

A container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.

Type declaration

  • [key: string]: any

Optional asCidrBlock

asCidrBlock?: string

Autonomous system CIDR block.

Optional asGeo

asGeo?: IoCGeoLocation

Geographic location information for an IP indicator.

Optional asNumber

asNumber?: string

Autonomous system number.

Optional asOrganization

asOrganization?: string

Autonomous system organization name.

Optional asType

asType?: string

Autonomous system type.

Optional benignSources

benignSources?: IoCSource[]

Threat intelligence sources that flagged this indicator as benign.

Optional categories

categories?: string[]

Threat categories associated with the indicator.

Optional criticalAssets

criticalAssets?: string[]

Critical assets associated with this indicator.

Optional firstSeen

firstSeen?: Date

Timestamp when the indicator was first seen.

Optional hosts

hosts?: string[]

Hosts associated with this indicator.

Optional id

id?: string

Unique identifier for the indicator.

Optional indicator

indicator?: string

The indicator value (for example, an IP address or domain).

Optional indicatorType

indicatorType?: string

Type of indicator (for example, IP address or domain).

Optional lastSeen

lastSeen?: Date

Timestamp when the indicator was last seen.

Optional logMatches

logMatches?: number

Number of logs that matched this indicator.

Optional logSources

logSources?: string[]

Log sources where this indicator was observed.

Optional mAsType

mAsType?: IoCScoreEffect

Effect of a scoring factor on the indicator's threat score.

Optional mPersistence

mPersistence?: IoCScoreEffect

Effect of a scoring factor on the indicator's threat score.

Optional mSignal

mSignal?: IoCScoreEffect

Effect of a scoring factor on the indicator's threat score.

Optional mSources

mSources?: IoCScoreEffect

Effect of a scoring factor on the indicator's threat score.

Optional maliciousSources

maliciousSources?: IoCSource[]

Threat intelligence sources that flagged this indicator as malicious.

Optional maxTrustScore

maxTrustScore?: IoCScoreEffect

Effect of a scoring factor on the indicator's threat score.

Optional score

score?: number

Threat score for the indicator (0-100).

Optional services

services?: string[]

Services where this indicator was observed.

Optional signalMatches

signalMatches?: number

Number of security signals that matched this indicator.

Optional signalSeverity

signalSeverity?: IoCSignalSeverityCount[]

Breakdown of security signals by severity.

Optional signalTier

signalTier?: number

Signal tier level.

Optional suspiciousSources

suspiciousSources?: IoCSource[]

Threat intelligence sources that flagged this indicator as suspicious.

Optional tags

tags?: string[]

Tags associated with the indicator.

Optional users

users?: {
    [key: string]: string[];
}

Users associated with this indicator, grouped by category.

Type declaration

  • [key: string]: string[]

Settings

Member Visibility

Theme

Generated using TypeDoc