Document toolboxDocument toolbox

threatintel.threatquotient

Introduction

The tags beginning with threatintel.threatquotient identify events generated by ThreatQ Platform belonging to ThreatQ.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as threatintel.threatquotient The third level identifies the type of events sent and the fourth indicate the event subtypes. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

ThreatQ Platform

threatintel.threatquotient.platform.compromisedpkicertificate.1.json

threatintel.threatquotient.platform

threatintel.threatquotient.platform.commandandcontrol.1.json

threatintel.threatquotient.platform.exfiltration.1.json

threatintel.threatquotient.platform.anonymization.1.json

threatintel.threatquotient.platform.dosattack.1.json

threatintel.threatquotient.platform.logincompromise.1.json

threatintel.threatquotient.platform.incident.1.json

threatintel.threatquotient.platform.hostcharacteristics.1.json

threatintel.threatquotient.platform.sighting.1.json

threatintel.threatquotient.platform.sqlinjectionattack.1.json

threatintel.threatquotient.platform.watchlist.1.json

threatintel.threatquotient.platform.malware.1.json

threatintel.threatquotient.platform.userdefined.1.json

threatintel.threatquotient.platform.spearphish.1.json

hreatintel.threatquotient.platform.wateringhole.1.json

threatintel.threatquotient.platform.anonymization.1.json

threatintel.threatquotient.platform.anonymization

threatintel.threatquotient.platform.commandandcontrol.1.json

threatintel.threatquotient.platform.commandandcontrol

threatintel.threatquotient.platform.compromisedpkicertificate.1.json

threatintel.threatquotient.platform.compromisedpkicertificate

threatintel.threatquotient.platform.dosattack.1.json

threatintel.threatquotient.platform.dosattack

threatintel.threatquotient.platform.exfiltration.1.json

threatintel.threatquotient.platform.exfiltration

threatintel.threatquotient.platform.hostcharacteristics.1.json

threatintel.threatquotient.platform.hostcharacteristics

threatintel.threatquotient.platform.incident.1.json

threatintel.threatquotient.platform.incident

threatintel.threatquotient.platform.logincompromise.1.json

threatintel.threatquotient.platform.logincompromise

threatintel.threatquotient.platform.malware.1.json

threatintel.threatquotient.platform.malware

threatintel.threatquotient.platform.sighting.1.json

threatintel.threatquotient.platform.sighting

threatintel.threatquotient.platform.spearphish.1.json

threatintel.threatquotient.platform.spearphish

threatintel.threatquotient.platform.sqlinjectionattack.1.json

threatintel.threatquotient.platform.sqlinjectionattack

threatintel.threatquotient.platform.userdefined.1.json

threatintel.threatquotient.platform.userdefined

threatintel.threatquotient.platform.watchlist.1.json

threatintel.threatquotient.platform.watchlist

threatintel.threatquotient.platform.wateringhole.1.json

threatintel.threatquotient.platform.wateringhole

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables: