ThreatIntelIndicator
Details about the threat intelligence related to a finding.
Contents
- Category
-
The category of a threat intelligence indicator.
Type: String
Valid Values:
BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGERRequired: No
- LastObservedAt
-
Indicates when the most recent instance of a threat intelligence indicator was observed.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:-
YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -
YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -
YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Type: String
Pattern:
.*\S.*Required: No
-
- Source
-
The source of the threat intelligence indicator.
Length Constraints: Minimum of 1 length. Maximum of 64 length.
Type: String
Pattern:
.*\S.*Required: No
- SourceUrl
-
The URL to the page or site where you can get more information about the threat intelligence indicator.
Type: String
Pattern:
.*\S.*Required: No
- Type
-
The type of threat intelligence indicator.
Type: String
Valid Values:
DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URLRequired: No
- Value
-
The value of a threat intelligence indicator.
Length Constraints: Minimum of 1 length. Maximum of 512 length.
Type: String
Pattern:
.*\S.*Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
