Threat data consists of file level fields and record-level fields. The table below contains descriptions of all available fields.
Data Profiles | |
---|---|
FIELD NAME | DESCRIPTION |
File-level fields | |
profile | data profile id or name |
record_type | host, ip, or url |
external_id | string indicating an external ID to assign to the batch |
record | surrounds the individual record(s) in the XML and JSON formats |
Record-level fields | |
host | threat hostname |
ip | threat IP address |
url | threat URL |
property | threat type |
target | target of threat |
detected | date/time threat was detected, in ISO 8601 format |
duration | duration of this threat in XyXmXwXdXh format, expiration date will be set to the detected date + this duration |
XML format:
<feed> <profile>SampleProfile</profile> <record_type>ip</record_type> <record> <ip>127.1.0.1</ip> <property>Phishing_Phish</property> <detected>20170602T154742Z</detected> </record> <record> <ip>8.8.8.8</ip> <property>Scanner_Generic</property> <detected>19980927T154242Z</detected> <duration>42y0m0w0d42h</duration> </record> </feed> |
JSON format:
{ "feed": { "profile": "SampleProfile", "record_type": "host", "record": [ {"host": "www.google.com", "property": "Scanner_Generic", "detected": "19980927T154242Z", "duration: "42y0m0w0d42h"}, {"host": "www.example.com", "property": "Phishing_Phish", "detected": "20170602T154742Z"} ] } } |
CSV format:
record_type,url,profile,detected,property url,"https://example.com/page1.html", "SampleProfile","20170602T154742Z", "UnwantedContent_Parasite" url,"http://example.com/gift.html", "SampleProfile","20170602T154742Z", "Scam_FakeGiftCard" |