policy/integration/collective-intel/main.zeek¶
-
Intel¶
| Namespace: | Intel |
|---|---|
| Imports: | base/frameworks/intel |
Summary¶
Types¶
Intel::CIF: record |
CIF record used for consistent formatting of CIF values. |
Redefinitions¶
Intel::Info: record |
|
Intel::MetaData: record |
This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek. |
Detailed Interface¶
Types¶
-
Intel::CIF¶ Type: - tags:
string&optional&log CIF tags observations, examples for tags are
botnetorexploit.- confidence:
double&optional&log In CIF Confidence details the degree of certainty of a given observation.
- source:
string&optional&log Source given in CIF.
- description:
string&optional&log description given in CIF.
- firstseen:
string&optional&log First time the source observed the behavior.
- lastseen:
string&optional&log Last time the source observed the behavior.
CIF record used for consistent formatting of CIF values.
- tags: