ThreatIntelIndicator - Amazon Security Hub
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ThreatIntelIndicator

Details about the threat intelligence related to a finding.

Contents

Category

The category of a threat intelligence indicator.

Type: String

Valid Values: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGER

Required: No

LastObservedAt

Indicates when the most recent instance of a threat intelligence indicator was observed.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.

Type: String

Pattern: .*\S.*

Required: No

Source

The source of the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

SourceUrl

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

Type

The type of threat intelligence indicator.

Type: String

Valid Values: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL

Required: No

Value

The value of a threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: