threatintel.cyble
Introduction
The tags beginning with threatintel.cyble
identify events generated by Cyble Vision belonging to Cyble.
Valid tags and data tablesÂ
The full tag must have 4 levels. The first two are fixed as threatintel.cyble
. The third level identifies the type of events sent and the fourth indicates the event subtypes.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Cyble Vision |
|
|
For more information, read more About Devo tags.
How is the data sent to Devo?
You can use the Cyble Vision collector to send events to your Devo domain. Events will be sent to the threatintel.cyble.vision.alert
data table. Learn more about this in this article.
Table structure
These are the fields displayed in this table:
threatintel.cyble.vision.alert
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
created_at |
| Â |
updated_at |
| Â |
deleted_at |
| Â |
id |
| Â |
hash |
| Â |
data_id |
| Â |
entity_id |
| Â |
entity_type |
| Â |
service |
| Â |
metadata__created_at |
| Â |
metadata__entity__entity_type |
| Â |
metadata__entity__entity_id |
| Â |
metadata__entity__keyword__id |
| Â |
metadata__entity__keyword__tag_name |
| Â |
metadata__entity__keyword__bucket_id |
| Â |
metadata__entity__keyword__company_id |
| Â |
metadata__entity__keyword__display_name |
| Â |
metadata__entity__keyword__created_at |
| Â |
metadata__entity__keyword__updated_at |
| Â |
metadata__entity__keyword__k_query__query__search_keyword |
| Â |
metadata__entity__keyword__k_query__query__search_by_file_name |
| Â |
metadata__entity__keyword__k_query__query__search_by_language |
| Â |
metadata__entity__keyword__k_query__query__search_by_extension |
| Â |
metadata__entity__keyword__k_query__query__short_by |
| Â |
metadata__entity__keyword__k_query__query__per_page |
| Â |
metadata__entity__keyword__queries |
| Â |
company_id |
| Â |
priority |
| Â |
description |
| Â |
status |
| Â |
assignee_id |
| Â |
assignment_date |
| Â |
archived |
| Â |
archive_date |
| Â |
severity |
| Â |
updated_by_id |
| Â |
created_by |
| Â |
user_severity |
| Â |
risk_score |
| Â |
ai_enriched |
| Â |
filter_enriched |
| Â |
alert_group_id |
| Â |
data_message__id |
| Â |
data_message__hash |
| Â |
data_message__metadata |
| Â |
data_message__data___id |
| Â |
data_message__data___index |
| Â |
data_message__data___score |
| Â |
data_message__data___source__app_availability__package_name |
| Â |
data_message__data___source__cat_key |
| Â |
data_message__data___source__created |
| Â |
data_message__data___source__deep_link |
| Â |
data_message__data___source__description |
| Â |
data_message__data___source__developer |
| Â |
data_message__data___source__downloads |
| Â |
data_message__data___source__email |
| Â |
data_message__data___source__icon |
| Â |
data_message__data___source__icon_72 |
| Â |
data_message__data___source__identified_at |
| Â |
data_message__data___source__market_source |
| Â |
data_message__data___source__market_status |
| Â |
data_message__data___source__market_update |
| Â |
data_message__data___source__market_url |
| Â |
data_message__data___source__package_name |
| Â |
data_message__data___source__physical_address |
| Â |
data_message__data___source__privacy_policy |
| Â |
data_message__data___source__ratings_1 |
| Â |
data_message__data___source__ratings_3 |
| Â |
data_message__data___source__ratings_4 |
| Â |
data_message__data___source__ratings_5 |
| Â |
data_message__data___source__screenshots |
| Â |
data_message__data___source__search |
| Â |
data_message__data___source__short_desc |
| Â |
data_message__data___source__title |
| Â |
data_message__data___source__version |
| Â |
data_message__data___source__website |
| Â |
data_message__data___source__what_is_new |
| Â |
data_message__data___type |
| Â |
data_message__data__highlight__data |
| Â |
at_devo_pulling_id |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Â