sonar-indicators
Enumerate indicators of compromise in Logpresso Sonar.
sonar-indicators [type=TYPE]
- type=TYPE
- Filter indicators by types. Use comma-separated values. e.g. IP, DOMAIN, URL, MD5, EMAIL
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| type | String | Type | Type of indicator. e.g. URL, MD5, IP, DOMAIN, EMAIL |
| value | String | Value | Value of the indicator. |
| risk | String | Risk | Risk level. e.g. BENIGN, LOW, MEDIUM, HIGH |
| reputation | String | Reputation | Reputation. e.g. WAIT, UNKNOWN, BENIGN, SUSPICIOUS, MALICIOUS |
| status | String | Status | Status. e.g. WAIT, ERROR, RETRY, DONE |
| first_seen | Date | First seen | First detection time. |
| last_seen | Date | Last seen | Last detection time. |
| created | Date | Created | Creation time. |
| updated | Date | Updated | Last update time. |