fcti-shared-attacks
Fetch shared attacks from FCTI
fcti-shared-attacks [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- proxy=PROXY
- URL of the proxy server
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| title | String | Subject | |
| importance | String | Severity | |
| contents | String | Contents | |
| organization | String | Organization | |
| writer | String | Author | |
| confirm_yn | String | Confirm request | e.g. Y, N |
| confirm_status | String | Confirm status | |
| stix_id | String | STIX ID | |
| shared_scope | String | Shared scope | e.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM |
| logs | List | Logs | Elements with type, category, watch_ip, src_ip, dst_ip, signature, count, country properties |