IOCSchema

The Indication of Compromise Schema

This schema is used within an engine response to indicate a specific indication of compromise (IOC) found within an analyzed item. It contains the following propeties:

id: (type: str) - Specific identifier for this IOC.
match_type: (type: str) - Must be one of the following values: ** "query": Match was based on an unspecified query. ** "equality": Match was based on a sest for equality with a specified value. ** "regex": Match was based on a regular-expression match with a specified pattern.
values: (type: list) - A list of string values found that show that this item matches a specified indication.
field: (type: str, optional) - Indicates which field that matched to cause the generation of this IOC.
link: (type: str, optional) - A link to information describing more about this IOC.
severity: (type: int) A value between 1 and 10, inclusive, that indicates the severity of this IOC. Higher values indicate more-severe IOCs.

Information here is current as of Carbon Black Cloud Binary Toolkit 1.0.0

CBC Binary Toolkit

Home
Performance Metrics
User Guide
Developer Guide
- Replace Components
  - Analysis Engine
  - Persistence System
- Architecture Overview
- Schemas
- Interfaces
Glossary

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IOCSchema

The Indication of Compromise Schema

CBC Binary Toolkit

Clone this wiki locally