threatintel.threatquotient
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with threatintel.threatquotient identify events generated by ThreatQ.
Valid tags and data tables
The full tag must have four levels. The first two are fixed as threatintel.threatquotient and represent technology and brand. The third level corresponds to the service while the fourth, fifth, and sixth levels identify the type of events sent.
Technology | Brand | Service | Type | Version | Format |
|---|---|---|---|---|---|
threatintel | threatquotient |
|
|
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Devo table |
threatintel.threatquotient.platform.anonymization.1.json | threatintel.threatquotient.platform.anonymization |
threatintel.threatquotient.platform.commandandcontrol.1.json | threatintel.threatquotient.platform.commandandcontrol |
threatintel.threatquotient.platform.logincompromise.1.json | threatintel.threatquotient.platform.logincompromise |
threatintel.threatquotient.platform.userdefined.1.json | threatintel.threatquotient.platform.userdefined |
threatintel.threatquotient.platform.compromisedpkicertificate.1.json | threatintel.threatquotient.platform.compromisedpkicertificate |
threatintel.threatquotient.platform.wateringhole.1.json | threatintel.threatquotient.platform.wateringhole |
threatintel.threatquotient.platform.watchlist.1.json | threatintel.threatquotient.platform.watchlist |
threatintel.threatquotient.platform.incident.1.json | threatintel.threatquotient.platform.incident |
threatintel.threatquotient.platform.exfiltration.1.json | threatintel.threatquotient.platform.exfiltration |
threatintel.threatquotient.platform.spearphish.1.json | threatintel.threatquotient.platform.spearphish |
threatintel.threatquotient.platform.sighting.1.json | threatintel.threatquotient.platform.sighting |
threatintel.threatquotient.platform.hostcharacteristics.1.json | threatintel.threatquotient.platform.hostcharacteristics |
threatintel.threatquotient.platform.sqlinjectionattack.1.json | threatintel.threatquotient.platform.sqlinjectionattack |
threatintel.threatquotient.platform.dosattack.1.json | threatintel.threatquotient.platform.dosattack |
threatintel.threatquotient.platform.malware.1.json | threatintel.threatquotient.platform.malware |
Apart from the data tables above, there’s also a parent table threatintel.threatquotient.platform that displays data from all the tags listed.
How to send data to Devo
To send logs to these tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can learn how to use it in this article.