Document toolboxDocument toolbox

threatintel.flashpoint

Owned by Former user (Deleted)
Last updated: Aug 17, 2023 by Borja Moro Moreno
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags begin with threatintel.flashpoint identifies events generated by Flashpoint Platform belonging to Flashpoint.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as threatintel.flashpoint. The third level identifies the type of events sent and the fourth indicates the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Flashpoint Platform

threatintel.flashpoint.intelligence.alerts

threatintel.flashpoint.intelligence.alerts

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

threatintel.flashpoint.intelligence.alerts

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

alert_id

str

 

fpid

str

 

keyword__keyword_id

str

 

keyword__keyword_text

str

 

highlights

str

 

basetypes

str

 

timestamp

str

 

source__asn

str

 

source__basetypes

str

 

source__country

str

 

source__fpid

str

 

source__highlight_sections__ports

str

 

source__highlight_sections__services

str

 

source__ip_address

ip4

 

source__org

str

 

source__shodan_url

str

 

source__source

str

 

source__vulns

str

 

source__body__text_plain

str

 

source__first_observed_at__date_time

str

 

source__first_observed_at__raw

str

 

source__first_observed_at__timestamp

timestamp

 

source__last_observed_at__date_time

str

 

source__last_observed_at__raw

str

 

source__last_observed_at__timestamp

timestamp

 

source__native_id

str

 

source__site__title

str

 

source__site_actor__names__aliases

str

 

source__site_actor__names__handle

str

 

source__sort_date

timestamp

 

source__title

str

 

source__enriched_secrets

str

 

source__file

str

 

source__owner

str

 

source__repo

str

 

source__snippet

str

 

source__url

str

 

source__type

str

 

source__breach_type

str

 

source__credential_record_fpid

str

 

source__customer_id

str

 

source__domain

str

 

source__email

str

 

source__is_fresh

bool

 

source__password

str

 

source__password_complexity_has_lowercase

str

 

source__password_complexity_has_number

str

 

source__password_complexity_has_symbol

str

 

source__password_complexity_length

str

 

source__password_complexity_probable_hash_algorithms

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓