class OTX::Indicators

Pulse Indicator of Compromise (IoC) records

@attr [String] id IoC record ID value @attr [String] _id IoC record ID value @attr [String] indicator Value of the indicator type @attr [String] type Type of IoC @attr [String] description Description associated with the IoC @attr [String] title @attr [String] content @attr [String] is_active value 0 or 1 if active @attr [String] role @attr [String] observations @attr [String] expiration @attr [Array] access_groups @attr [String] access_reason @attr [String] access_type

Indicator of Compromise types:

IPv4 - An IPv4 address indicating the online location of a server or other computer.
IPv6 - An IPv6 address indicating the online location of a server or other computer.
domain - A domain name for a website or server. Domains encompass a series of hostnames.
hostname - The hostname for a server located within a domain.
email - An email associated with suspicious activity.
URL - Uniform Resource Location (URL) summarizing the online location of a file or resource.
URI - Uniform Resource Indicator (URI) describing the explicit path to a file hosted online.
FileHash-MD5 - A MD5-format hash that summarizes the architecture and content of a file.
FileHash-SHA1 - A SHA-format hash that summarizes the architecture and content of a file.
FileHash-SHA256 - A SHA-256-format hash that summarizes the architecture and content of a file.
FileHash-PEHASH - A PEPHASH-format hash that summarizes the architecture and content of a file.
FileHash-IMPHASH - An IMPHASH-format hash that summarizes the architecture and content of a file.
CIDR - Classless Inter-Domain Routing (CIDR) address, which describes both a server's IP address and the network architecture (routing path) surrounding that server.
FilePath - A unique location in a file system.
Mutex - The name of a mutex resource describing the execution architecture of a file.
CVE - Common Vulnerability and Exposure (CVE) entry describing a software vulnerability that can be exploited to engage in malicious activity.

Attributes

_id[RW]
access_groups[RW]
access_reason[RW]
access_type[RW]
content[RW]
description[RW]
expiration[RW]
indicator[RW]
is_active[RW]
observations[RW]
role[RW]
title[RW]
type[RW]