Options
All
  • Public
  • Public/Protected
  • All
Menu

Namespace Indicator

A data signature observed on a network or host that indicates a potential security threat. Indicators can be plain text or computed (hashed) values.

Properties

attributes

attributes: Array<IndicatorAttribute>

A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data).

Optional compartmentId

compartmentId: undefined | string

The OCID of the compartment that contains this indicator.

Optional confidence

confidence: undefined | number

An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.

geodata

id

id: string

The OCID of the indicator.

Optional lifecycleState

lifecycleState: model.LifecycleState

The state of the indicator. It will always be {@code ACTIVE}.

relationships

relationships: Array<IndicatorRelationship>

A map of relationships between the indicator and other entities. Each relationship has a name (string), related entity, and attribution (supporting data).

threatTypes

threatTypes: Array<ThreatType>

Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures.

timeCreated

timeCreated: Date

The date and time that the indicator was first detected. An RFC3339 formatted string.

timeLastSeen

timeLastSeen: Date

The date and time that this indicator was last seen. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.

timeUpdated

timeUpdated: Date

The date and time that this indicator was last updated. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.

type

The type of indicator.

value

value: string

The value for this indicator. The value's format is dependent upon its {@code type}. Examples:

DOMAIN_NAME \"evil.example.com\"

MD5_HASH \"44d88612fea8a8f36de82e1278abb02f\"

IP_ADDRESS \"2001:db8::1\"

Functions

getDeserializedJsonObj

  • getDeserializedJsonObj(obj: Indicator): object

getJsonObj