rf-threat-evidences
List threat evidences from Recorded Future Threat Map.
Syntax
rf-threat-evidences [profile=PROFILE] [org-id=ORG-ID]
- profile=PROFILE
- Optional. Recorded Future connect profile code
- org-id=ORG-ID
- Optional. Organization ID for organization-specific threat evidences
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Evidence time |
| msg | String | Message | Evidence message |
| actor_name | String | Actor Name | Threat actor name |
| entity_name | String | Entity Name | Target entity name |
| watchlist_name | String | Watchlist Name | Watchlist name |
| severity_label | String | Severity Label | Severity label (High/Moderate/Basic/Limited) |
| axis | String | Axis | Axis type (intent/capability) |
| actor_id | String | Actor ID | Threat actor ID |
| entity_id | String | Entity ID | Target entity ID |
| watchlist_id | String | Watchlist ID | Watchlist ID |
| severity | Integer | Severity | Severity level (1-4) |