FCTI

Download 15
Last updated May 15, 2022

fcti-shared-attacks

Fetch shared attacks from FCTI

fcti-shared-attacks [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
proxy=PROXY
URL of the proxy server
duration=NUM{mon|w|d|h|m|s}
Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.

Output Fields

FieldTypeNameDescription
_timeDateTime
titleStringSubject
importanceStringSeverity
contentsStringContents
organizationStringOrganization
writerStringAuthor
confirm_ynStringConfirm requeste.g. Y, N
confirm_statusStringConfirm status
stix_idStringSTIX ID
shared_scopeStringShared scopee.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM
logsListLogsElements with type, category, watch_ip, src_ip, dst_ip, signature, count, country properties