NGFCTI

Download 81
Last updated Aug 5, 2023

ngfcti-domains

Retrieve a list of threat domains from the FCTI service.

ngfcti-domains [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=asc|desc] [assessment=0|1|2|3|4|5]
proxy=PROXY
Proxy server URL
duration=NUM{mon|w|d|h|m|s}
Limited to logs within a certain time range from the current time. Can be specified in s (seconds), m (minutes), h (hours), d (days), and mon (months). For example, 10s means a range from the current time to 10 seconds before.
from=yyyyMMddHHmmss
Specify the start of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
to=yyyyMMddHHmmss
Specify the end of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
order=asc|desc
Sort order. If unspecified, fetches the most recent data first.
assessment=0|1|2|3|4|5
Selectively look up only domains with a specified Threat Intelligence Assessment level or higher.
fieldtypenamedescription
_timeDatetimeRegistration timee.g.: 2022-12-30 01:19:04+0900
domainStringDomain addresse.g.: hk2.jumptoserver.com
categoryStringThreat categorye.g.: Anonymizer
descriptionStringThreat descriptione.g.: VPN service(FASTESTVPN)
tlp32-bit integerScope of information disclosure0: TLP:CLEAR, 1: TLP:GREEN, 2: TLP:AMBER, 3: TLP:AMBER+STRICT, 4: TLP:RED
tlp_nameStringScope of information disclosure namee.g.: TLP:GREEN
assessment32-bit integerThreat Information Assessment Level0: Safe, 1: Unknown, 2: Low, 3: Moderate, 4: Danger, 5: Critical
assessment_nameStringThreat Information Assessment Level namee.g.: Moderate
created_atDatetimeThreat level creation datee.g.: 2022-12-30 01:19:04+0900
modified_atDatetimeThreat level modification datee.g.: 2023-01-06 17:08:15+0900
expire_atDatetimeThreat level expiration date
first_seen_atDatetimeFirst discovered datee.g.: 2022-12-30 01:19:04+0900
last_seen_atDatetimeLatest discovered datee.g.: 2022-12-30 01:19:04+0900
intel_idStringUnique identifiere.g.: 02rwR1vEOgGxPVqyNp8eyx
resolved_ipIP addressIP address
registrarStringDomain registrar
nameserver_primaryStringPrimary nameserver
nameserver_secondaryStringSecondary nameserver
registrant_nameStringRegistrant nameGDPR issues leave a lot of information missing
registrant_emailStringRegistrant emailGDPR issues leave a lot of information missing
owner_nameStringOwner nameGDPR issues leave a lot of information missing
owner_emailStringOwner emailGDPR issues leave a lot of information missing
owner_telephoneStringOwner telephoneGDPR issues leave a lot of information missing
relationships_outgoingArrayList of outgoing relationships
relationships_incomingArrayList of incoming relationships