policy/integration/collective-intel/main.zeek

Intel
Namespace:Intel
Imports:base/frameworks/intel

Summary

Types

Intel::CIF: record CIF record used for consistent formatting of CIF values.

Redefinitions

Intel::Info: record
New Fields:

Intel::Info

cif: Intel::CIF &log &optional

Intel::MetaData: record

This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek.

New Fields:

Intel::MetaData

cif_tags: string &optional

Maps to the ‘tags’ fields in CIF

cif_confidence: double &optional

Maps to the ‘confidence’ field in CIF

cif_source: string &optional

Maps to the ‘source’ field in CIF

cif_description: string &optional

Maps to the ‘description’ field in CIF

cif_firstseen: string &optional

Maps to the ‘firstseen’ field in CIF

cif_lastseen: string &optional

Maps to the ‘lastseen’ field in CIF

Detailed Interface

Types

Intel::CIF
Type:

record

tags: string &optional &log

CIF tags observations, examples for tags are botnet or exploit.

confidence: double &optional &log

In CIF Confidence details the degree of certainty of a given observation.

source: string &optional &log

Source given in CIF.

description: string &optional &log

description given in CIF.

firstseen: string &optional &log

First time the source observed the behavior.

lastseen: string &optional &log

Last time the source observed the behavior.

CIF record used for consistent formatting of CIF values.