Document toolboxDocument toolbox

threatintel.cyble

Introduction

The tags beginning with threatintel.cyble identify events generated by Cyble Vision belonging to Cyble.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as threatintel.cyble. The third level identifies the type of events sent and the fourth indicates the event subtypes.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Cyble Vision

threatintel.cyble.vision.alert

threatintel.cyble.vision.alert

For more information, read more About Devo tags.

How is the data sent to Devo?

You can use the Cyble Vision collector to send events to your Devo domain. Events will be sent to the threatintel.cyble.vision.alert data table. Learn more about this in this article.

Table structure

These are the fields displayed in this table:

threatintel.cyble.vision.alert

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

created_at

timestamp

 

updated_at

timestamp

 

deleted_at

timestamp

 

id

str

 

hash

str

 

data_id

str

 

entity_id

int8

 

entity_type

int4

 

service

str

 

metadata__created_at

str

 

metadata__entity__entity_type

int4

 

metadata__entity__entity_id

int4

 

metadata__entity__keyword__id

int4

 

metadata__entity__keyword__tag_name

str

 

metadata__entity__keyword__bucket_id

int4

 

metadata__entity__keyword__company_id

int4

 

metadata__entity__keyword__display_name

str

 

metadata__entity__keyword__created_at

timestamp

 

metadata__entity__keyword__updated_at

timestamp

 

metadata__entity__keyword__k_query__query__search_keyword

str

 

metadata__entity__keyword__k_query__query__search_by_file_name

str

 

metadata__entity__keyword__k_query__query__search_by_language

str

 

metadata__entity__keyword__k_query__query__search_by_extension

str

 

metadata__entity__keyword__k_query__query__short_by

str

 

metadata__entity__keyword__k_query__query__per_page

str

 

metadata__entity__keyword__queries

str

 

company_id

int4

 

priority

str

 

description

str

 

status

str

 

assignee_id

str

 

assignment_date

str

 

archived

bool

 

archive_date

str

 

severity

str

 

updated_by_id

str

 

created_by

str

 

user_severity

str

 

risk_score

str

 

ai_enriched

bool

 

filter_enriched

bool

 

alert_group_id

str

 

data_message__id

str

 

data_message__hash

str

 

data_message__metadata

str

 

data_message__data___id

str

 

data_message__data___index

str

 

data_message__data___score

float8

 

data_message__data___source__app_availability__package_name

str

 

data_message__data___source__cat_key

str

 

data_message__data___source__created

timestamp

 

data_message__data___source__deep_link

str

 

data_message__data___source__description

str

 

data_message__data___source__developer

str

 

data_message__data___source__downloads

str

 

data_message__data___source__email

str

 

data_message__data___source__icon

str

 

data_message__data___source__icon_72

str

 

data_message__data___source__identified_at

str

 

data_message__data___source__market_source

str

 

data_message__data___source__market_status

str

 

data_message__data___source__market_update

timestamp

 

data_message__data___source__market_url

str

 

data_message__data___source__package_name

str

 

data_message__data___source__physical_address

str

 

data_message__data___source__privacy_policy

str

 

data_message__data___source__ratings_1

str

 

data_message__data___source__ratings_3

str

 

data_message__data___source__ratings_4

str

 

data_message__data___source__ratings_5

str

 

data_message__data___source__screenshots

str

 

data_message__data___source__search

str

 

data_message__data___source__short_desc

str

 

data_message__data___source__title

str

 

data_message__data___source__version

str

 

data_message__data___source__website

str

 

data_message__data___source__what_is_new

str

 

data_message__data___type

str

 

data_message__data__highlight__data

str

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Â