ngfcti-domains
Retrieve a list of threat domains from the FCTI service.
ngfcti-domains [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=asc|desc] [assessment=0|1|2|3|4|5]
- proxy=PROXY
- Proxy server URL
- duration=NUM{mon|w|d|h|m|s}
- Limited to logs within a certain time range from the current time. Can be specified in s (seconds), m (minutes), h (hours), d (days), and mon (months). For example, 10s means a range from the current time to 10 seconds before.
- from=yyyyMMddHHmmss
- Specify the start of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
- to=yyyyMMddHHmmss
- Specify the end of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
- order=asc|desc
- Sort order. If unspecified, fetches the most recent data first.
- assessment=0|1|2|3|4|5
- Selectively look up only domains with a specified Threat Intelligence Assessment level or higher.
| field | type | name | description |
|---|---|---|---|
| _time | Datetime | Registration time | e.g.: 2022-12-30 01:19:04+0900 |
| domain | String | Domain address | e.g.: hk2.jumptoserver.com |
| category | String | Threat category | e.g.: Anonymizer |
| description | String | Threat description | e.g.: VPN service(FASTESTVPN) |
| tlp | 32-bit integer | Scope of information disclosure | 0: TLP:CLEAR, 1: TLP:GREEN, 2: TLP:AMBER, 3: TLP:AMBER+STRICT, 4: TLP:RED |
| tlp_name | String | Scope of information disclosure name | e.g.: TLP:GREEN |
| assessment | 32-bit integer | Threat Information Assessment Level | 0: Safe, 1: Unknown, 2: Low, 3: Moderate, 4: Danger, 5: Critical |
| assessment_name | String | Threat Information Assessment Level name | e.g.: Moderate |
| created_at | Datetime | Threat level creation date | e.g.: 2022-12-30 01:19:04+0900 |
| modified_at | Datetime | Threat level modification date | e.g.: 2023-01-06 17:08:15+0900 |
| expire_at | Datetime | Threat level expiration date | |
| first_seen_at | Datetime | First discovered date | e.g.: 2022-12-30 01:19:04+0900 |
| last_seen_at | Datetime | Latest discovered date | e.g.: 2022-12-30 01:19:04+0900 |
| intel_id | String | Unique identifier | e.g.: 02rwR1vEOgGxPVqyNp8eyx |
| resolved_ip | IP address | IP address | |
| registrar | String | Domain registrar | |
| nameserver_primary | String | Primary nameserver | |
| nameserver_secondary | String | Secondary nameserver | |
| registrant_name | String | Registrant name | GDPR issues leave a lot of information missing |
| registrant_email | String | Registrant email | GDPR issues leave a lot of information missing |
| owner_name | String | Owner name | GDPR issues leave a lot of information missing |
| owner_email | String | Owner email | GDPR issues leave a lot of information missing |
| owner_telephone | String | Owner telephone | GDPR issues leave a lot of information missing |
| relationships_outgoing | Array | List of outgoing relationships | |
| relationships_incoming | Array | List of incoming relationships |