policy/integration/collective-intel/main.zeek

Intel

Namespace

Intel

Imports

base/frameworks/intel

Summary

Types

Intel::CIF: record

CIF record used for consistent formatting of CIF values.

Redefinitions

Intel::Info: record

New Fields Intel::Info cif: Intel::CIF &log &optional

Intel::MetaData: record

This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek. New Fields Intel::MetaData cif_tags: string &optional Maps to the ‘tags’ fields in CIF cif_confidence: double &optional Maps to the ‘confidence’ field in CIF cif_source: string &optional Maps to the ‘source’ field in CIF cif_description: string &optional Maps to the ‘description’ field in CIF cif_firstseen: string &optional Maps to the ‘firstseen’ field in CIF cif_lastseen: string &optional Maps to the ‘lastseen’ field in CIF

Detailed Interface

Types

Intel::CIF

Type

record

tags: string &optional &log

CIF tags observations, examples for tags are botnet or exploit.

confidence: double &optional &log

In CIF Confidence details the degree of certainty of a given observation.

source: string &optional &log

Source given in CIF.

description: string &optional &log

description given in CIF.

firstseen: string &optional &log

First time the source observed the behavior.

lastseen: string &optional &log

Last time the source observed the behavior.

CIF record used for consistent formatting of CIF values.