Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Introduction

The tags begin with threatintel.flashpoint identifies events generated by Flashpoint Platform belonging to Flashpoint.

Valid tags and data tables

The full tag must have n 4 levels. The first two are fixed asthreatintel.flashpoint. The third level identifies the type of events sent , and the fourth level indicates the event subtypesubtypes.

...

...

Brand

...

Type

...

Subtype

...

threatintel

...

flashpoint

...

  • intelligence

...

  • alerts

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tag

Tags

Data

table

tables

Flashpoint Platform

threatintel.flashpoint.intelligence.alerts

threatintel.flashpoint.intelligence.alerts

...

For more information, read more About Devo tags.

Table structure

This is These are the set displayed by these tables.fields displayed in this table:

threatintel.flashpoint.intelligence.alerts

Field

Type

Extra

Label

fields

eventdate

timestamp

-

hostname

str

-

alert_id

str

-

fpid

str

-

keyword__keyword_id

str

-

keyword__keyword_text

str

-

highlights

str

-

basetypes

str

-

timestamp

str

-

source__asn

str

-

source__basetypes

str

-

source__country

str

-

source__fpid

str

-

source__highlight_sections__ports

str

-

source__highlight_sections__services

str

-

source__ip_address

ip4

-

source__org

str

-

source__shodan_url

str

-

source__source

str

-

source__vulns

str

-

source__body__text_plain

str

-

source__first_observed_at__date_time

str

-

source__first_observed_at__raw

str

-

source__first_observed_at__timestamp

timestamp

-

source__last_observed_at__date_time

str

-

source__last_observed_at__raw

str

-

source__last_observed_at__timestamp

timestamp

-

source__native_id

str

-

source__site__title

str

-

source__site_actor__names__aliases

str

-

source__site_actor__names__handle

str

-

source__sort_date

timestamp

-

source__title

str

-

source__enriched_secrets

str

-

source__file

str

-

source__owner

str

-

source__repo

str

-

source__snippet

str

-

source__url

str

-

source__type

str

-

source__breach_type

str

-

source__credential_record_fpid

str

-

source__customer_id

str

-

source__domain

str

-

source__email

str

-

source__is_fresh

bool

-

source__password

str

-

source__password_complexity_has_lowercase

str

-

source__password_complexity_has_number

str

-

source__password_complexity_has_symbol

str

-

source__password_complexity_length

str

-

source__password_complexity_probable_hash_algorithms

str

-

hostchain

str

tag

str

rawMessage

str

How is the data sent to Devo?

...