-
Notifications
You must be signed in to change notification settings - Fork 4
IOCSchema
Luke Lyon edited this page Apr 29, 2020
·
2 revisions
This schema is used within an engine response to represent an indicator of compromise (IOC) found within an analyzed item. It contains the following properties:
-
id:(type:str) - Specific identifier for this IOC. -
match_type:(type:str) - Must be one of the following values: ** "query": Match was based on an unspecified query. ** "equality": Match was based on a sest for equality with a specified value. ** "regex": Match was based on a regular-expression match with a specified pattern. -
values:(type:list) - A list of string values found that show that this item matches a specified indication. -
field:(type:str, optional) - Indicates which field that matched to cause the generation of this IOC. -
link:(type:str, optional) - A link to information describing more about this IOC. -
severity:(type:int) A value between 1 and 10, inclusive, that indicates the severity of this IOC. Higher values indicate more-severe IOCs.
Copyright © 2020 VMware Inc., All Rights Reserved.
Information here is current as of Carbon Black Cloud Binary Toolkit 1.0.0