S2W Quaxar

Download 14
Last updated Jul 7, 2022

quaxar-recent-indicators

Get indicators of compromise from S2W Quaxar service.

quaxar-recent-indicators days=DAYS [order=ORDER]
days=DAYS
max 7 days. 1 by default.
order=ORDER
asc or desc. desc by default.

Output Fields

FieldTypeNameDescription
typeStringTypee.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name
valueStringValueIoC value
categoriesStringCategoriese.g. malware, APT, unknown
malwareStringMalwareMalware family. e.g. Formbook
risk_scoreIntegerRisk scoree.g. 1, 2, 3
confidenceIntegerConfidencee.g. 15, 50, 85
recommendIntegerRecommende.g. 1, 2, 3, 4, 5
descriptionStringDescription
etcStringEtc
createdDateCreated
modifiedDateModified
actorsStringActorsThreat actors separated by new line
attack_patternStringAttack patternTTP separated by new line
countryStringCountry
reference_iocStringIoC referenceURL separated by new line
reference_xarvisStringXarvis referenceURL separated by new line
relationMapRelationSTIX object map