ThreatIntelIndicator - AWS Security Hub

ThreatIntelIndicator

Details about the threat intelligence related to a finding.

Contents

Category

The category of a threat intelligence indicator.

Type: String

Valid Values: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGER

Required: No

LastObservedAt

The date and time when the most recent instance of a threat intelligence indicator was observed.

Type: String

Pattern: .*\S.*

Required: No

Source

The source of the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

SourceUrl

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

Type

The type of threat intelligence indicator.

Type: String

Valid Values: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL

Required: No

Value

The value of a threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: