fcti-malware-urls
Fetch malware urls from FCTI
fcti-malware-urls [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- proxy=PROXY
- URL of the proxy server
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10s
means data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
Field | Type | Name | Description |
---|---|---|---|
_time | Date | Time | |
category | String | Category | |
url | String | URL | Malicious URL |
importance | String | Severity | e.g. H (High), M (Medium), L (Low) |
confirm_yn | String | Confirm request | e.g. Y, N |
confirm_status | String | Confirm status | |
organization | String | Organization | |
writer | String | Author | |
stix_id | String | Stix ID | |
shared_scope | String | Shared scope | e.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM |