ThreatIntel
Threat intelligence captures information collected from vulnerability risk analysis by those with substantive expertise and access to all-source information. Threat intelligence helps a security professional determine the risk of a vulnerability finding to their organization.
ThreatIntel properties
| Property | Type | Description | Specifications |
|---|---|---|---|
references | array of strings | The array of links to references. |
Inherited properties
| Property | Type | Description | Specifications |
|---|---|---|---|
_class * | string | array of strings | One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'. | |
_key * | string | An identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role. | minLength: 10 |
_type * | string | The type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'. | minLength: 3 |
displayName * | string | Display name, e.g. a person's preferred name or an AWS account alias | |
name * | string | Name of this entity | |
approved | boolean | If this is record has been reviewed and approved. | |
approvedOn | number | The timestamp (in milliseconds since epoch) when this record was approved. | Format: date-time |
approvers | array of strings | The list of approvers on the record. | |
category | string | The category of the official record Examples: exception, finding, hr, incident, issue, job, legal, request, policy, procedure, problem, review, risk, other | |
classification | string | The sensitivity of the data; should match company data classification scheme. For example: critical - confidential - internal - public. Examples: critical, confidential, internal, public | |
content | string | Text content of the record/documentation | |
createdOn | number | The timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne. | Format: date-time |
description | string | An extended description of this entity. | |
exception | boolean | Indicates if this record has an applied exception. For example, exception for a known finding or a PR that is not fully approved. | |
exceptionReason | string | Reason / description of the exception. | |
open | boolean | Indicates if this record is currently open. For example, an open Vulnerability finding (Vulnerability extends Record). | |
production | boolean | If this is a production record. For example, a production change management ticket would have this set to true, and have a category = change property. Another example would be a Vulnerability finding in production. | |
public | boolean | If this is a public record. Defaults to false. | default: false |
reportedOn | number | The timestamp (in milliseconds since epoch) when this record was reported/opened. In most cases, this would be the same as createdOn but occasionally a record can be created at a different time than when it was first reported. | Format: date-time |
reporter | string | The person or system that reported or created this record. | |
summary | string | A summary / short description of this entity. | |
updatedOn | number | The timestamp (in milliseconds since epoch) when the entity was last updated at the source. | Format: date-time |
webLink | string | Hyperlink to the location of this record, e.g. URL to a Jira issue | Format: uri |
Required properties
_key_class_typenamedisplayName