Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Introduction

The tags begin with threatintel.flashpoint identifies events generated by Flashpoint Platform belonging to Flashpoint.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed asthreatintel.flashpoint. The third level identifies the type of events sent and the fourth indicates the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Flashpoint Platform

threatintel.flashpoint.intelligence.alerts

threatintel.flashpoint.intelligence.alerts

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

threatintel.flashpoint.intelligence.alerts

Field

Type

Extra fields

eventdate

timestamp

hostname

str

alert_id

str

fpid

str

keyword__keyword_id

str

keyword__keyword_text

str

highlights

str

basetypes

str

timestamp

str

source__asn

str

source__basetypes

str

source__country

str

source__fpid

str

source__highlight_sections__ports

str

source__highlight_sections__services

str

source__ip_address

ip4

source__org

str

source__shodan_url

str

source__source

str

source__vulns

str

source__body__text_plain

str

source__first_observed_at__date_time

str

source__first_observed_at__raw

str

source__first_observed_at__timestamp

timestamp

source__last_observed_at__date_time

str

source__last_observed_at__raw

str

source__last_observed_at__timestamp

timestamp

source__native_id

str

source__site__title

str

source__site_actor__names__aliases

str

source__site_actor__names__handle

str

source__sort_date

timestamp

source__title

str

source__enriched_secrets

str

source__file

str

source__owner

str

source__repo

str

source__snippet

str

source__url

str

source__type

str

source__breach_type

str

source__credential_record_fpid

str

source__customer_id

str

source__domain

str

source__email

str

source__is_fresh

bool

source__password

str

source__password_complexity_has_lowercase

str

source__password_complexity_has_number

str

source__password_complexity_has_symbol

str

source__password_complexity_length

str

source__password_complexity_probable_hash_algorithms

str

hostchain

str

tag

str

rawMessage

str