ThreatIntelIndicator - AWS Security Hub CSPM
ContentsSee Also
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

ThreatIntelIndicator

Details about the threat intelligence related to a finding.

Contents

Category

The category of a threat intelligence indicator.

Type: String

Valid Values: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGER

Required: No

LastObservedAt

Indicates when the most recent instance of a threat intelligence indicator was observed.

For more information about the validation and formatting of timestamp fields in AWS Security Hub CSPM, see Timestamps.

Type: String

Pattern: .*\S.*

Required: No

Source

The source of the threat intelligence indicator.

Length Constraints: Minimum of 1 length. Maximum of 64 length.

Type: String

Pattern: .*\S.*

Required: No

SourceUrl

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: No

Type

The type of threat intelligence indicator.

Type: String

Valid Values: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL

Required: No

Value

The value of a threat intelligence indicator.

Length Constraints: Minimum of 1 length. Maximum of 512 length.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: