Data Profiles
Threat data consists of file level fields and record-level fields. The table below contains descriptions of all available fields.
Data Profiles | |
---|---|
FIELD NAME | DESCRIPTION |
File-level fields | |
profile | data profile id or name |
record_type | host, ip, or url |
external_id | string indicating an external ID to assign to the batch |
record | surrounds the individual record(s) in the XML and JSON formats |
Record-level fields | |
host | threat hostname |
ip | threat IP address |
url | threat URL |
property | threat type |
target | target of threat |
detected | date/time threat was detected, in ISO 8601 format |
duration | duration of this threat in XyXmXwXdXh format, expiration date will be set to the detected date + this duration |
XML format:
<feed>Â
 <profile>SampleProfile</profile>Â
 <record_type>ip</record_type>Â
 <record>Â
 <ip>127.1.0.1</ip>Â
 <property>Phishing_Phish</property>Â
 <detected>20170602T154742Z</detected>Â
 </record>Â
 <record>Â
 <ip>8.8.8.8</ip>
<property>Scanner_Generic</property>Â
 <detected>19980927T154242Z</detected>Â
 <duration>1y0m0w0d42h</duration>Â
 </record>Â
</feed> |
JSON format:
{Â
 "feed": {Â
 "profile": "SampleProfile",Â
 "record_type": "host",Â
 "record": [ Â
 {"host": "www.google.com", "property": "Scanner_Generic", "detected": "19980927T154242Z", "duration": "1y0m0w0d42h"},Â
 {"host": "www.example.com", "property": "Phishing_Phish", "detected": "20170602T154742Z"} ]Â
 }Â
} |
CSV format:
record_type,url,profile,detected,propertyÂ
url,"https://example.com/page1.html",
"SampleProfile","20170602T154742Z",
"UnwantedContent_Parasite"
url,"http://example.com/gift.html", "SampleProfile","20170602T154742Z",
"Scam_FakeGiftCard" |
Â
Â
Â