CyfirmaIndicators_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Schema (19 columns)

Source: KQL validation test schema

Column Name Type
ConfidenceScore int
Country dynamic
created datetime
Description string
extensions dynamic
IndicatorID string
IPAbuse string
modified datetime
name string
pattern string
RecommendedActions string
Roles string
SecurityVendors string
Sources string
Tags dynamic
ThreatActors dynamic
ThreatType dynamic
TimeGenerated datetime
valid_from datetime

Solutions (1)

This table is used by the following solutions:

Connectors (1)

This table is ingested by the following connectors:

Connector Selection Criteria
CYFIRMA Cyber Intelligence

Content Items Using This Table (36)

Analytic Rules (36)

In solution Cyfirma Cyber Intelligence:

Analytic Rule Selection Criteria
CYFIRMA - High severity Command & Control Network Indicators with Block Recommendation Rule
CYFIRMA - High severity Command & Control Network Indicators with Monitor Recommendation Rule
CYFIRMA - High severity File Hash Indicators with Block Action Rule
CYFIRMA - High severity File Hash Indicators with Block Action and Malware
CYFIRMA - High severity File Hash Indicators with Monitor Action Rule
CYFIRMA - High severity File Hash Indicators with Monitor Action and Malware
CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Block Recommended Rule
CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule
CYFIRMA - High severity Malicious Network Indicators with Block Action Rule
CYFIRMA - High severity Malicious Network Indicators with Monitor Action Rule
CYFIRMA - High severity Malicious Phishing Network Indicators - Block Recommended Rule
CYFIRMA - High severity Malicious Phishing Network Indicators - Monitor Recommended Rule
CYFIRMA - High severity TOR Node Network Indicators - Block Recommended Rule
CYFIRMA - High severity TOR Node Network Indicators - Monitor Recommended Rule
CYFIRMA - High severity Trojan File Hash Indicators with Block Action Rule
CYFIRMA - High severity Trojan File Hash Indicators with Monitor Action Rule
CYFIRMA - High severity Trojan Network Indicators - Block Recommended Rule
CYFIRMA - High severity Trojan Network Indicators - Monitor Recommended Rule
CYFIRMA - Medium severity Command & Control Network Indicators with Block Recommendation Rule
CYFIRMA - Medium severity Command & Control Network Indicators with Monitor Recommendation Rule
CYFIRMA - Medium severity File Hash Indicators with Block Action Rule
CYFIRMA - Medium severity File Hash Indicators with Block Action and Malware
CYFIRMA - Medium severity File Hash Indicators with Monitor Action Rule
CYFIRMA - Medium severity File Hash Indicators with Monitor Action and Malware
CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Block Recommended Rule
CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule
CYFIRMA - Medium severity Malicious Network Indicators with Block Action Rule
CYFIRMA - Medium severity Malicious Network Indicators with Monitor Action Rule
CYFIRMA - Medium severity Malicious Phishing Network Indicators - Block Recommended Rule
CYFIRMA - Medium severity Malicious Phishing Network Indicators - Monitor Recommended Rule
CYFIRMA - Medium severity TOR Node Network Indicators - Block Recommended Rule
CYFIRMA - Medium severity TOR Node Network Indicators - Monitor Recommended Rule
CYFIRMA - Medium severity Trojan File Hash Indicators with Block Action Rule
CYFIRMA - Medium severity Trojan File Hash Indicators with Monitor Action Rule
CYFIRMA - Medium severity Trojan Network Indicators - Block Recommended Rule
CYFIRMA - Medium severity Trojan Network Indicators - Monitor Recommended Rule

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index