fcti-shared-attacks
Fetch shared attacks from FCTI
fcti-shared-attacks [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- proxy=PROXY
- URL of the proxy server
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10s
means data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
Field | Type | Name | Description |
---|---|---|---|
_time | Date | Time | |
title | String | Subject | |
importance | String | Severity | |
contents | String | Contents | |
organization | String | Organization | |
writer | String | Author | |
confirm_yn | String | Confirm request | e.g. Y, N |
confirm_status | String | Confirm status | |
stix_id | String | STIX ID | |
shared_scope | String | Shared scope | e.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM |
logs | List | Logs | Elements with type, category, watch_ip, src_ip, dst_ip, signature, count, country properties |