Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Introduction
The tags begin with threatintel.flashpoint
identifies events generated by Flashpoint Platform belonging to Flashpoint.
Valid tags and data tables
The full tag must have n 4 levels. The first two are fixed asthreatintel.flashpoint
. The third level identifies the type of events sent , and the fourth level indicates the event subtypesubtypes.
...
...
Brand
...
Type
...
Subtype
...
threatintel
...
flashpoint
...
intelligence
...
alerts
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service |
---|
Tags | Data |
---|
tables | ||
---|---|---|
Flashpoint Platform |
|
|
...
For more information, read more About Devo tags.
Table structure
This is These are the set displayed by these tables.fields displayed in this table:
threatintel.flashpoint.intelligence.alerts
Field | Type | Extra |
---|
fields | |
---|---|
eventdate |
|
-
hostname |
|
alert_id |
|
-
fpid |
|
keyword__keyword_id |
|
keyword__keyword_text |
|
highlights |
|
-
basetypes |
|
-
timestamp |
|
source__asn |
|
-
source__basetypes |
|
source__country |
|
source__fpid |
|
source__highlight_sections__ports |
|
-
source__highlight_sections__services |
|
source__ip_address |
|
source__org |
|
-
source__shodan_url |
|
source__source |
|
source__vulns |
|
source__body__text_plain |
|
-
source__first_observed_at__date_time |
|
-
source__first_observed_at__raw |
|
source__first_observed_at__timestamp |
|
source__last_observed_at__date_time |
|
source__last_observed_at__raw |
|
-
source__last_observed_at__timestamp |
|
source__native_id |
|
-
source__site__title |
|
-
source__site_actor__names__aliases |
|
-
source__site_actor__names__handle |
|
source__sort_date |
|
-
source__title |
|
source__enriched_secrets |
|
source__file |
|
-
source__owner |
|
-
source__repo |
|
-
source__snippet |
|
source__url |
|
-
source__type |
|
source__breach_type |
|
source__credential_record_fpid |
|
-
source__customer_id |
|
source__domain |
|
source__email |
|
source__is_fresh |
|
-
source__password |
|
source__password_complexity_has_lowercase |
|
source__password_complexity_has_number |
|
-
source__password_complexity_has_symbol |
|
source__password_complexity_length |
|
source__password_complexity_probable_hash_algorithms |
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
How is the data sent to Devo?
...