| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| Action |
Action to take on indicator match. |
String |
| Active |
Indicates whether indicator is active. |
Boolean |
| ActivityGroupNames |
Activity groups associated with indicator. |
String |
| AdditionalInformation |
Free text additional information for indicator. |
String |
| ConfidenceScore |
Confidence rating of the indicator, from 0 to 100. |
Double |
| Description |
Description of the indicator. |
String |
| DiamondModel |
Diamond model value for the indicator, one of adversary, capability, infrastructure or victim. |
String |
| DomainName |
The domain name observable. |
String |
| EmailEncoding |
The email encoding observable. |
String |
| EmailLanguage |
The email language observable. |
String |
| EmailRecipient |
The email recipient observable. |
String |
| EmailSenderAddress |
The email sender address observable. |
String |
| EmailSenderName |
The email sender name observable. |
String |
| EmailSourceDomain |
The email source domain observable. |
String |
| EmailSourceIpAddress |
The email source IP address observable. |
String |
| EmailSubject |
The email subject observable. |
String |
| EmailXMailer |
The email X-Mailer observable. |
String |
| ExpirationDateTime |
Time of indicator expiration. |
DateTime |
| ExternalIndicatorId |
Identifier for indicator from submitting system. |
String |
| FileCompileDateTime |
The file compilation time observable. |
DateTime |
| FileCreatedDateTime |
The file creation time observable. |
DateTime |
| FileHashType |
The file hash type observable. |
String |
| FileHashValue |
The file hash value observable. |
String |
| FileMutexName |
The file mutex name observable. |
String |
| FileName |
The file name observable. |
String |
| FilePacker |
The file packer observable. |
String |
| FilePath |
The file path observable. |
String |
| FileSize |
The file size observable. |
Int32 |
| FileType |
The file type observable. |
String |
| IndicatorId |
Unique identifier for indicator, calculated by receiving system. |
String |
| IndicatorProvider |
The name of the entity that provided the indicator. |
String |
| KillChainActions |
Indicates whether kill chain value ‘actions’ is set. |
Boolean |
| KillChainC2 |
Indicates whether kill chain value ‘C2’ is set. |
Boolean |
| KillChainDelivery |
Indicates whether kill chain value ‘delivery’ is set. |
Boolean |
| KillChainExploitation |
Indicates whether kill chain value ’exploitation’ is set. |
Boolean |
| KillChainReconnaissance |
Indicates whether kill chain value ‘reconniassance’ is set. |
Boolean |
| KillChainWeaponization |
Indicates whether kill chain value ‘weaponization’ is set. |
Boolean |
| KnownFalsePositives |
Text describing situations where indicator may cause false positives. |
String |
| MalwareNames |
List of malware names associated with indicator |
String |
| NetworkCidrBlock |
The network CIDR block observable. |
String |
| NetworkDestinationAsn |
The network destination autonomous system number observable. |
Int32 |
| NetworkDestinationCidrBlock |
The network destination CIDR block observable. |
String |
| NetworkDestinationIP |
The network destination IP address. |
String |
| NetworkDestinationPort |
The network destination port observable. |
Int32 |
| NetworkIP |
The network IP address observable. |
String |
| NetworkPort |
The network port observable. |
Int32 |
| NetworkProtocol |
The network protocol observable. |
Int32 |
| NetworkSourceAsn |
The network source autonomous system number observable. |
Int32 |
| NetworkSourceCidrBlock |
The network source CIDR block observable. |
String |
| NetworkSourceIP |
The network source IP address observable. |
String |
| NetworkSourcePort |
The network source port observable. |
Int32 |
| PassiveOnly |
Indicates whether the indicator should trigger an event that is visible to a user. |
Boolean |
| SourceSystem |
Source system. |
String |
| Tags |
Free form tags. |
String |
| TenantId |
|
String |
| ThreatSeverity |
Indicator severity rating from 0 to 5. Higher value indicates greater severity. |
Int32 |
| ThreatType |
Threat type of indicator. |
String |
| TimeGenerated |
Time of indicator ingestion. |
DateTime |
| TrafficLightProtocolLevel |
Industry standard traffic light protocol level, one of white, green, amber or red. |
String |
| Type |
The name of the table |
String |
| Url |
The url observable. |
String |
| UserAgent |
The user agent observable. |
String |