quaxar-ip-indicators
Get IP address indicators of compromise from S2W Quaxar service.
quaxar-ip-indicators
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| type | String | Type | e.g. ipv4-addr |
| value | String | Value | IP address |
| categories | String | Categories | e.g. malware, APT, unknown |
| malware | String | Malware | Malware family. e.g. Formbook |
| risk_score | Integer | Risk score | e.g. 1, 2, 3 |
| confidence | Integer | Confidence | e.g. 15, 50, 85 |
| recommend | Integer | Recommend | e.g. 1, 2, 3, 4, 5 |
| description | String | Description | |
| etc | String | Etc | |
| created | Date | Created | |
| modified | Date | Modified | |
| actors | String | Actors | Threat actors separated by new line |
| attack_pattern | String | Attack pattern | TTP separated by new line |
| country | String | Country | Country code |
| reference_ioc | String | IoC reference | URL separated by new line |
| reference_xarvis | String | Xarvis reference | URL separated by new line |
| relation | Map | Relation | STIX object map |
| city | String | City | City name |
| asn | String | ASN | ASN number |
| org | String | Organization | Organization name of ASN |
| hostname | String | Hostname | |
| resolved_at | String | Resolved time |