Every day, security researchers publish information about malicious and potentially harmful activities. Keeping an overview of this and tracking only the relevant topics can offer great added value.
Property | Data type | Comment |
target_sectors | list of strings | A list of sectors that were mentioned in the source document, e.g. ["financial", "internet", "telecom"] |
summary | string | A short summary of the document. |
victim_names | list of strings | A list organisation names that were mentioned as victims in the source document, e.g. [“Acme Inc.“] |
references | List of URLs | The URLs which are mentioned in the original source. |
publishing_company | string | The name of the organisation which has published this threat intelligence document. |
target_geographies | list of strings | A list geographic names that were mentioned in the source document, e.g. ["Vietnam", "Russia", "Brazil", "Spain", "US"] |
groups | list of strings | A list adversarial group names that were mentioned in the source document, e.g. ["APT29”] |
version_info | string | The information about the actual document version given in the source document. |
classification | string | In this case it is always “Threat Intelligence” |
title | string | The title of the source document. |
tools | list of strings | A list of tools that were mentioned in the source document, e.g. ["command center"] |
url | URL | The URL of the source document. |
cves | list of strings | All mentioned CVE IDs from the source document. |
campaigns | list of strings | A list of campaigns that were mentioned in the source document, e.g. ["operation dracula"] |
scraped_date | datetime string (ISO 8601 standard) | The date when the source document was scraped. The data type is an standard for representing date and time in a machine-readable format. This format includes: Date: 2024-06-29 (Year-Month-Day) Time: T00:00:00 (Hour:Minute:Second) Time Zone Offset: +00:00 (UTC offset) Example: "2024-06-29T00:00:00+00:00" |
last_updated_date | datetime string (ISO 8601 standard) | The date when the source document was last updated. The data type is an standard for representing date and time in a machine-readable format. This format includes: Date: 2024-06-29 (Year-Month-Day) Time: T00:00:00 (Hour:Minute:Second) Time Zone Offset: +00:00 (UTC offset) Example: "2024-06-29T00:00:00+00:00" |
published_date | datetime string (ISO 8601 standard) | The date when the source document was published. The data type is an standard for representing date and time in a machine-readable format. This format includes: Date: 2024-06-29 (Year-Month-Day) Time: T00:00:00 (Hour:Minute:Second) Time Zone Offset: +00:00 (UTC offset) Example: "2024-06-29T00:00:00+00:00" |
botnets | list of strings | A list of botnets that were mentioned in the source document, e.g. ["botnet 1"] |
Threat Intelligence nodes can have relations to:
CVE nodes
Software nodes
Group nodes
Campaign nodes
IOC nodes