Threat Intelligence Common Types
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_VARCHAR2_TBL Type
Nested table type of varchar2(32767).
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_varchar2_tbl FORCE IS TABLE OF (varchar2(32767)) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_SOURCE_SUMMARY_T Type
Information about the source of threat indicator data.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_source_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
name varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_source_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_source_summary_t (
name varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The name of the source. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_DATA_VISIBILITY_T Type
The visibility level of attribution data, including its Traffic Light Protocol (TLP) color.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_data_visibility_t FORCE AUTHID CURRENT_USER IS OBJECT (
name varchar2(32767),
tlp_name varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_data_visibility_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_data_visibility_t (
name varchar2,
tlp_name varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The name of the visibility level. |
|
|
(required) The Traffic Light Protocol (TLP) color of the visibility level. Allowed values are: 'TLP_INTERNAL_AUDIT', 'TLP_WHITE', 'TLP_GREEN', 'TLP_AMBER', 'TLP_RED' |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_DATA_ATTRIBUTION_T Type
The confidence, source information, and visibility for a particular sighting or observation of some data associated with a threat indicator. This associated data can be the indicator's threat type, attribute, or relationship.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_data_attribution_t FORCE AUTHID CURRENT_USER IS OBJECT (
confidence number,
source dbms_cloud_oci_threat_intelligence_indicator_source_summary_t,
visibility dbms_cloud_oci_threat_intelligence_data_visibility_t,
time_first_seen timestamp with time zone,
time_last_seen timestamp with time zone,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_data_attribution_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_data_attribution_t (
confidence number,
source dbms_cloud_oci_threat_intelligence_indicator_source_summary_t,
visibility dbms_cloud_oci_threat_intelligence_data_visibility_t,
time_first_seen timestamp with time zone,
time_last_seen timestamp with time zone
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) An integer from 0 to 100 that provides a measure of our certainty in the maliciousness of data attributed to an indicator. For example, if the source of the data being attributed is the Tor Project, our confidence that the associated indicator is a tor exit node would be 100. |
|
|
(required) |
|
|
(required) |
|
|
(optional) The date and time the attribution data was first seen for this entity. If the data source does not provide this information, it is set to the last time it was seen. An RFC3339 formatted string. |
|
|
(required) The last date and time the attribution data was seen for this entity. An RFC3339 formatted string. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_ENTITY_REFERENCE_T Type
A reference to a resource or other entity.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_entity_reference_t FORCE AUTHID CURRENT_USER IS OBJECT (
l_type varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_entity_reference_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_entity_reference_t (
l_type varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE NOT FINAL;Fields
| Field | Description |
|---|---|
|
|
(required) The type of the referenced entity. Allowed values are: 'INDICATOR' |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_ERROR_T Type
Error Information.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_error_t FORCE AUTHID CURRENT_USER IS OBJECT (
code varchar2(32767),
message varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_error_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_error_t (
code varchar2,
message varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) A short error code that defines the error, meant for programmatic parsing. |
|
|
(required) A human-readable error string. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_GEODATA_DETAILS_T Type
Geodata information for a given IP address
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_geodata_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
routed_prefix varchar2(32767),
origin varchar2(32767),
geo_id varchar2(32767),
country_code varchar2(32767),
admin_div varchar2(32767),
city varchar2(32767),
latitude varchar2(32767),
longitude varchar2(32767),
label varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_geodata_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_geodata_details_t (
routed_prefix varchar2,
origin varchar2,
geo_id varchar2,
country_code varchar2,
admin_div varchar2,
city varchar2,
latitude varchar2,
longitude varchar2,
label varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Encompassing assigned prefix for the IP |
|
|
(required) ASN entry |
|
|
(optional) Unique Identifier (optional) |
|
|
(required) Two-letter abbreviation for country of origin |
|
|
(required) State/Province/subdivision within the country |
|
|
(required) City of origin |
|
|
(required) Latitude |
|
|
(required) Longitude |
|
|
(required) Information on source providing the information |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_DATA_ATTRIBUTION_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_data_attribution_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_data_attribution_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_data_attribution_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_THREAT_TYPE_T Type
A threat type along with attribution data that associates it to a threat indicator.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_threat_type_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
name varchar2(32767),
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_type_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_type_t (
id varchar2,
name varchar2,
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the threat type. |
|
|
(required) The name of the threat type. |
|
|
(required) The list of supporting attribution information. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_ATTRIBUTE_T Type
An attribute name and list of values with attribution.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_attribute_t FORCE AUTHID CURRENT_USER IS OBJECT (
name varchar2(32767),
value varchar2(32767),
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_attribute_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_attribute_t (
name varchar2,
value varchar2,
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The name of the attribute. |
|
|
(required) The value of the attribute. |
|
|
(required) The array of attribution data that support this attribute. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_RELATIONSHIP_T Type
A relationship name and list of releated entities.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_relationship_t FORCE AUTHID CURRENT_USER IS OBJECT (
name varchar2(32767),
related_entity dbms_cloud_oci_threat_intelligence_entity_reference_t,
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_relationship_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_relationship_t (
name varchar2,
related_entity dbms_cloud_oci_threat_intelligence_entity_reference_t,
attribution dbms_cloud_oci_threat_intelligence_data_attribution_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The name of the attribute. |
|
|
(required) |
|
|
(required) The array of attribution data that support this relationship. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_THREAT_TYPE_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_threat_type_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_threat_type_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_threat_type_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_ATTRIBUTE_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_indicator_attribute_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_attribute_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_indicator_attribute_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_RELATIONSHIP_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_indicator_relationship_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_relationship_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_indicator_relationship_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_T Type
A data signature observed on a network or host that indicates a potential security threat. Indicators can be plain text or computed (hashed) values.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
l_type varchar2(32767),
value varchar2(32767),
confidence number,
compartment_id varchar2(32767),
threat_types dbms_cloud_oci_threat_intelligence_threat_type_tbl,
attributes dbms_cloud_oci_threat_intelligence_indicator_attribute_tbl,
relationships dbms_cloud_oci_threat_intelligence_indicator_relationship_tbl,
lifecycle_state varchar2(32767),
time_created timestamp with time zone,
time_updated timestamp with time zone,
time_last_seen timestamp with time zone,
geodata dbms_cloud_oci_threat_intelligence_geodata_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_t (
id varchar2,
l_type varchar2,
value varchar2,
confidence number,
compartment_id varchar2,
threat_types dbms_cloud_oci_threat_intelligence_threat_type_tbl,
attributes dbms_cloud_oci_threat_intelligence_indicator_attribute_tbl,
relationships dbms_cloud_oci_threat_intelligence_indicator_relationship_tbl,
lifecycle_state varchar2,
time_created timestamp with time zone,
time_updated timestamp with time zone,
time_last_seen timestamp with time zone,
geodata dbms_cloud_oci_threat_intelligence_geodata_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the indicator. |
|
|
(required) The type of indicator. Allowed values are: 'DOMAIN_NAME', 'FILE_NAME', 'MD5_HASH', 'SHA1_HASH', 'SHA256_HASH', 'IP_ADDRESS', 'URL' |
|
|
(required) The value for this indicator. The value's format is dependent upon its `type`. Examples: DOMAIN_NAME \"evil.example.com\" MD5_HASH \"44d88612fea8a8f36de82e1278abb02f\" IP_ADDRESS \"2001:db8::1\" |
|
|
(optional) An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator. |
|
|
(optional) The OCID of the compartment that contains this indicator. |
|
|
(required) Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures. |
|
|
(required) A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data). |
|
|
(required) A map of relationships between the indicator and other entities. Each relationship has a name (string), related entity, and attribution (supporting data). |
|
|
(optional) The state of the indicator. It will always be `ACTIVE`. Allowed values are: 'ACTIVE', 'DELETED' |
|
|
(required) The date and time that the indicator was first detected. An RFC3339 formatted string. |
|
|
(required) The date and time that this indicator was last updated. The value is the same as `timeCreated` for a new indicator. An RFC3339 formatted string. |
|
|
(required) The date and time that this indicator was last seen. The value is the same as `timeCreated` for a new indicator. An RFC3339 formatted string. |
|
|
(required) |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_ATTRIBUTE_SUMMARY_T Type
An attribute name and list of values.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
name varchar2(32767),
value varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_t (
name varchar2,
value varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The name of the attribute. |
|
|
(required) The value of the attribute. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_COUNT_DIMENSIONS_T Type
The indicator dimension that was counted, such as the indicator type.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_count_dimensions_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
l_type varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_dimensions_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_dimensions_t (
compartment_id varchar2,
l_type varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) The compartment OCID that contains the indicator type. |
|
|
(optional) The indicator type that was counted. Allowed values are: 'DOMAIN_NAME', 'FILE_NAME', 'MD5_HASH', 'SHA1_HASH', 'SHA256_HASH', 'IP_ADDRESS', 'URL' |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_COUNT_SUMMARY_T Type
A group of indicators with the same dimensions, such as the same indicator type.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_count_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
dimensions dbms_cloud_oci_threat_intelligence_indicator_count_dimensions_t,
l_count number,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_summary_t (
dimensions dbms_cloud_oci_threat_intelligence_indicator_count_dimensions_t,
l_count number
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) |
|
|
(required) The count of indicators in the group. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_COUNT_SUMMARY_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_indicator_count_summary_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_count_summary_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_indicator_count_summary_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_COUNT_COLLECTION_T Type
A list of indicator counts by indicator type.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_count_collection_t FORCE AUTHID CURRENT_USER IS OBJECT (
items dbms_cloud_oci_threat_intelligence_indicator_count_summary_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_collection_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_count_collection_t (
items dbms_cloud_oci_threat_intelligence_indicator_count_summary_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The list of aggregated indicator counts. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_REFERENCE_T Type
A reference to a threat indicator resource.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_reference_t FORCE AUTHID CURRENT_USER UNDER dbms_cloud_oci_threat_intelligence_entity_reference_t (
indicator_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_reference_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_reference_t (
l_type varchar2,
indicator_id varchar2
) RETURN SELF AS RESULT
);dbms_cloud_oci_threat_intelligence_indicator_reference_t is a subtype of the dbms_cloud_oci_threat_intelligence_entity_reference_t type.
Fields
| Field | Description |
|---|---|
|
|
(required) The unique OCID of the referenced threat indicator. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_ATTRIBUTE_SUMMARY_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_SUMMARY_T Type
Summary of a data signature observed on a network or host that indicates a potential security threat.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
l_type varchar2(32767),
value varchar2(32767),
confidence number,
compartment_id varchar2(32767),
threat_types dbms_cloud_oci_threat_intelligence_varchar2_tbl,
attributes dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_tbl,
lifecycle_state varchar2(32767),
time_created timestamp with time zone,
time_updated timestamp with time zone,
time_last_seen timestamp with time zone,
geodata dbms_cloud_oci_threat_intelligence_geodata_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_summary_t (
id varchar2,
l_type varchar2,
value varchar2,
confidence number,
compartment_id varchar2,
threat_types dbms_cloud_oci_threat_intelligence_varchar2_tbl,
attributes dbms_cloud_oci_threat_intelligence_indicator_attribute_summary_tbl,
lifecycle_state varchar2,
time_created timestamp with time zone,
time_updated timestamp with time zone,
time_last_seen timestamp with time zone,
geodata dbms_cloud_oci_threat_intelligence_geodata_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the indicator. |
|
|
(required) The type of indicator. Allowed values are: 'DOMAIN_NAME', 'FILE_NAME', 'MD5_HASH', 'SHA1_HASH', 'SHA256_HASH', 'IP_ADDRESS', 'URL' |
|
|
(required) The indicator data value. |
|
|
(optional) An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator. |
|
|
(optional) The OCID of the compartment that contains this indicator. |
|
|
(required) Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures. |
|
|
(required) A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data). |
|
|
(optional) The state of the indicator. It will always be `ACTIVE`. Allowed values are: 'ACTIVE', 'DELETED' |
|
|
(required) The date and time that the indicator was first detected. An RFC3339 formatted string. |
|
|
(required) The date and time that this indicator was last updated by the system. Updates can include new reports or regular updates in confidence. The value is the same as `timeCreated` for a new indicator. An RFC3339 formatted string. |
|
|
(required) The date and time that this indicator was last seen. The value is the same as `timeCreated` for a new indicator. An RFC3339 formatted string. |
|
|
(required) |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_SUMMARY_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_indicator_summary_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_summary_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_indicator_summary_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_INDICATOR_SUMMARY_COLLECTION_T Type
List of indicator summary objects.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_indicator_summary_collection_t FORCE AUTHID CURRENT_USER IS OBJECT (
items dbms_cloud_oci_threat_intelligence_indicator_summary_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_summary_collection_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_indicator_summary_collection_t (
items dbms_cloud_oci_threat_intelligence_indicator_summary_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The list of indicator summaries. |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_SUMMARIZE_INDICATORS_DETAILS_T Type
Query parameters to filter indicators
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_summarize_indicators_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
indicator_type varchar2(32767),
indicator_value varchar2(32767),
threat_types dbms_cloud_oci_threat_intelligence_varchar2_tbl,
confidence_greater_than_or_equal_to number,
time_updated_greater_than_or_equal_to timestamp with time zone,
time_updated_less_than timestamp with time zone,
time_last_seen_greater_than_or_equal_to timestamp with time zone,
time_last_seen_less_than timestamp with time zone,
time_created_greater_than_or_equal_to timestamp with time zone,
time_created_less_than timestamp with time zone,
indicator_seen_by varchar2(32767),
malware varchar2(32767),
threat_actor varchar2(32767),
sort_order varchar2(32767),
sort_by varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_summarize_indicators_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_summarize_indicators_details_t (
indicator_type varchar2,
indicator_value varchar2,
threat_types dbms_cloud_oci_threat_intelligence_varchar2_tbl,
confidence_greater_than_or_equal_to number,
time_updated_greater_than_or_equal_to timestamp with time zone,
time_updated_less_than timestamp with time zone,
time_last_seen_greater_than_or_equal_to timestamp with time zone,
time_last_seen_less_than timestamp with time zone,
time_created_greater_than_or_equal_to timestamp with time zone,
time_created_less_than timestamp with time zone,
indicator_seen_by varchar2,
malware varchar2,
threat_actor varchar2,
sort_order varchar2,
sort_by varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) The type of indicator this is Allowed values are: 'DOMAIN_NAME', 'FILE_NAME', 'MD5_HASH', 'SHA1_HASH', 'SHA256_HASH', 'IP_ADDRESS', 'URL' |
|
|
(optional) The value for the type of indicator this is |
|
|
(optional) The threat type of entites to be returned. |
|
|
(optional) The minimum level of confidence to return |
|
|
(optional) The oldest update time of entities to be returned. |
|
|
(optional) The newest update time of entities to be returned. |
|
|
(optional) The oldest last seen time of entities to be returned. |
|
|
(optional) The newest last seen time of entities to be returned. |
|
|
(optional) The oldest creation time of entities to be returned. |
|
|
(optional) The newest creation time of entities to be returned. |
|
|
(optional) Filter to include indicators that have been seen by the provided source. |
|
|
(optional) Filter to include indicators associated with the provided malware. |
|
|
(optional) Filter to included indicators associated with the provided threat actor. |
|
|
(optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: 'ASC', 'DESC' |
|
|
(optional) The field to sort by. Only one field to sort by may be provided Allowed values are: 'CONFIDENCE', 'TIMECREATED', 'TIMEUPDATED', 'TIMELASTSEEN' |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_THREAT_TYPE_SUMMARY_T Type
The name of a threat type and its ID.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_threat_type_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
name varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_type_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_type_summary_t (
id varchar2,
name varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the threat type |
|
|
(required) The name of the threat type |
DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_THREAT_TYPE_SUMMARY_TBL Type
Nested table type of dbms_cloud_oci_threat_intelligence_threat_type_summary_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_threat_type_summary_tbl FORCE IS TABLE OF (dbms_cloud_oci_threat_intelligence_threat_type_summary_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_THREAT_INTELLIGENCE_THREAT_TYPES_COLLECTION_T Type
List of threat types that can be associated with threat indicators.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_threat_intelligence_threat_types_collection_t FORCE AUTHID CURRENT_USER IS OBJECT (
items dbms_cloud_oci_threat_intelligence_threat_type_summary_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_types_collection_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_threat_intelligence_threat_types_collection_t (
items dbms_cloud_oci_threat_intelligence_threat_type_summary_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The list of threat types that can be used to search for threat indicators. |