FCTI

Download 15
Last updated May 15, 2022

fcti-attack-reports

Fetch attack reports from FCTI

fcti-attack-reports [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
proxy=PROXY
URL of the proxy server
duration=NUM{mon|w|d|h|m|s}
Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.

Output Fields

FieldTypeNameDescription
_timeDateTimeUpload time
titleStringSubject
contentsStringContents
first_seenDateFirst seenMin time of the attack
last_seenDateLast seenMax time of the attack
patternStringSignature
importanceStringSeveritye.g. H (High), M (Medium), L (Low)
confirm_ynStringConfirm requeste.g. Y, N
confirm_statusStringConfirm status
organizationStringOrganization
writerStringAuthor
stix_idStringSTIX ID
shared_scopeStringShared scopeALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM
logsListLogsElements with identity, time, src_ip, src_port, dst_ip, dst_port, src_country, dst_country, signature, file_name, sha256, http_host, http_uri, http_referer, email_sender, email_receiver, email_subject, email_attachments properties.