ThreatIntelIndicator - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ThreatIntelIndicator

Details about the threat intelligence related to a finding.

Contents

Category

The category of a threat intelligence indicator.

Type: String

Valid Values: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGER

Required: No

LastObservedAt

Indicates when the most recent instance of a threat intelligence indicator was observed.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

Source

The source of the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

SourceUrl

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

Type

The type of threat intelligence indicator.

Type: String

Valid Values: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL

Required: No

Value

The value of a threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: