class Aws::SecurityHub::Types::ThreatIntelIndicator
Details about the threat intelligence related to a finding.
@note When making an API call, you may pass ThreatIntelIndicator
data as a hash: { type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL value: "NonEmptyString", category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER last_observed_at: "NonEmptyString", source: "NonEmptyString", source_url: "NonEmptyString", }
@!attribute [rw] type
The type of threat intelligence indicator. @return [String]
@!attribute [rw] value
The value of a threat intelligence indicator. @return [String]
@!attribute [rw] category
The category of a threat intelligence indicator. @return [String]
@!attribute [rw] last_observed_at
Indicates when the most recent instance of a threat intelligence indicator was observed. Uses the `date-time` format specified in [RFC 3339 section 5.6, Internet Date/Time Format][1]. The value cannot contain spaces. For example, `2020-03-22T13:22:13.933Z`. [1]: https://tools.ietf.org/html/rfc3339#section-5.6 @return [String]
@!attribute [rw] source
The source of the threat intelligence indicator. @return [String]
@!attribute [rw] source_url
The URL to the page or site where you can get more information about the threat intelligence indicator. @return [String]
@see docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ThreatIntelIndicator AWS API Documentation
Constants
- SENSITIVE