Class: Aws::SecurityHub::Types::ThreatIntelIndicator

Inherits:

Struct

• Object
• Struct
• Aws::SecurityHub::Types::ThreatIntelIndicator

Defined in:

(unknown)

Overview

Note:

When passing ThreatIntelIndicator as input to an Aws::Client method, you can use a vanilla Hash:

{
  type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL
  value: "NonEmptyString",
  category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER
  last_observed_at: "NonEmptyString",
  source: "NonEmptyString",
  source_url: "NonEmptyString",
}

Details about the threat intelligence related to a finding.

See Also:

• AWS API Documentation

Instance Attribute Summary

• #category ⇒ String

  The category of a threat intelligence indicator.

• #last_observed_at ⇒ String

  Indicates when the most recent instance of a threat intelligence indicator was observed.

• #source ⇒ String

  The source of the threat intelligence indicator.

• #source_url ⇒ String

  The URL to the page or site where you can get more information about the threat intelligence indicator.

• #type ⇒ String

  The type of threat intelligence indicator.

• #value ⇒ String

  The value of a threat intelligence indicator.

Instance Attribute Details

#category ⇒ String

The category of a threat intelligence indicator.

Possible values:

• BACKDOOR
• CARD_STEALER
• COMMAND_AND_CONTROL
• DROP_SITE
• EXPLOIT_SITE
• KEYLOGGER

Returns:

• (String) —

  The category of a threat intelligence indicator.

#last_observed_at ⇒ String

Indicates when the most recent instance of a threat intelligence indicator was observed.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Returns:

• (String) —

  Indicates when the most recent instance of a threat intelligence indicator was observed.

#source ⇒ String

The source of the threat intelligence indicator.

Returns:

• (String) —

  The source of the threat intelligence indicator.

#source_url ⇒ String

The URL to the page or site where you can get more information about the threat intelligence indicator.

Returns:

• (String) —

  The URL to the page or site where you can get more information about the threat intelligence indicator.

#type ⇒ String

The type of threat intelligence indicator.

Possible values:

• DOMAIN
• EMAIL_ADDRESS
• HASH_MD5
• HASH_SHA1
• HASH_SHA256
• HASH_SHA512
• IPV4_ADDRESS
• IPV6_ADDRESS
• MUTEX
• PROCESS
• URL

Returns:

• (String) —

  The type of threat intelligence indicator.

#value ⇒ String

The value of a threat intelligence indicator.

Returns:

• (String) —

  The value of a threat intelligence indicator.