policy/integration/collective-intel/main.zeek

Intel
Namespace:Intel
Imports:base/frameworks/intel

Summary

Types

Intel::CIF: record CIF record used for consistent formatting of CIF values.

Redefinitions

Intel::Info: record  
Intel::MetaData: record This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek.

Detailed Interface

Types

Intel::CIF
Type:

record

tags: string &optional &log

CIF tags observations, examples for tags are botnet or exploit.

confidence: double &optional &log

In CIF Confidence details the degree of certainty of a given observation.

source: string &optional &log

Source given in CIF.

description: string &optional &log

description given in CIF.

firstseen: string &optional &log

First time the source observed the behavior.

lastseen: string &optional &log

Last time the source observed the behavior.

CIF record used for consistent formatting of CIF values.