Indicator¶

class oci.threat_intelligence.models.Indicator(**kwargs)¶

Bases: object

A data signature observed on a network or host that indicates a potential security threat. Indicators can be plain text or computed (hashed) values.

Attributes

`LIFECYCLE_STATE_ACTIVE`	A constant which can be used with the lifecycle_state property of a Indicator.
`LIFECYCLE_STATE_DELETED`	A constant which can be used with the lifecycle_state property of a Indicator.
`TYPE_DOMAIN_NAME`	A constant which can be used with the type property of a Indicator.
`TYPE_FILE_NAME`	A constant which can be used with the type property of a Indicator.
`TYPE_IP_ADDRESS`	A constant which can be used with the type property of a Indicator.
`TYPE_MD5_HASH`	A constant which can be used with the type property of a Indicator.
`TYPE_SHA1_HASH`	A constant which can be used with the type property of a Indicator.
`TYPE_SHA256_HASH`	A constant which can be used with the type property of a Indicator.
`TYPE_URL`	A constant which can be used with the type property of a Indicator.
`attributes`	[Required] Gets the attributes of this Indicator.
`compartment_id`	Gets the compartment_id of this Indicator.
`confidence`	Gets the confidence of this Indicator.
`geodata`	[Required] Gets the geodata of this Indicator.
`id`	[Required] Gets the id of this Indicator.
`lifecycle_state`	Gets the lifecycle_state of this Indicator.
`relationships`	[Required] Gets the relationships of this Indicator.
`threat_types`	[Required] Gets the threat_types of this Indicator.
`time_created`	[Required] Gets the time_created of this Indicator.
`time_last_seen`	[Required] Gets the time_last_seen of this Indicator.
`time_updated`	[Required] Gets the time_updated of this Indicator.
`type`	[Required] Gets the type of this Indicator.
`value`	[Required] Gets the value of this Indicator.

Methods

__init__(**kwargs) Initializes a new Indicator object with values from keyword arguments.

LIFECYCLE_STATE_ACTIVE = 'ACTIVE'¶: A constant which can be used with the lifecycle_state property of a Indicator. This constant has a value of “ACTIVE”

LIFECYCLE_STATE_DELETED = 'DELETED'¶: A constant which can be used with the lifecycle_state property of a Indicator. This constant has a value of “DELETED”

TYPE_DOMAIN_NAME = 'DOMAIN_NAME'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “DOMAIN_NAME”

TYPE_FILE_NAME = 'FILE_NAME'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “FILE_NAME”

TYPE_IP_ADDRESS = 'IP_ADDRESS'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “IP_ADDRESS”

TYPE_MD5_HASH = 'MD5_HASH'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “MD5_HASH”

TYPE_SHA1_HASH = 'SHA1_HASH'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “SHA1_HASH”

TYPE_SHA256_HASH = 'SHA256_HASH'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “SHA256_HASH”

TYPE_URL = 'URL'¶: A constant which can be used with the type property of a Indicator. This constant has a value of “URL”

__init__(**kwargs)¶

Initializes a new Indicator object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:

id (str) – The value to assign to the id property of this Indicator.
type (str) – The value to assign to the type property of this Indicator. Allowed values for this property are: “DOMAIN_NAME”, “FILE_NAME”, “MD5_HASH”, “SHA1_HASH”, “SHA256_HASH”, “IP_ADDRESS”, “URL”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
value (str) – The value to assign to the value property of this Indicator.
confidence (int) – The value to assign to the confidence property of this Indicator.
compartment_id (str) – The value to assign to the compartment_id property of this Indicator.
threat_types (list[oci.threat_intelligence.models.ThreatType]) – The value to assign to the threat_types property of this Indicator.
attributes (list[oci.threat_intelligence.models.IndicatorAttribute]) – The value to assign to the attributes property of this Indicator.
relationships (list[oci.threat_intelligence.models.IndicatorRelationship]) – The value to assign to the relationships property of this Indicator.
lifecycle_state (str) – The value to assign to the lifecycle_state property of this Indicator. Allowed values for this property are: “ACTIVE”, “DELETED”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
time_created (datetime) – The value to assign to the time_created property of this Indicator.
time_updated (datetime) – The value to assign to the time_updated property of this Indicator.
time_last_seen (datetime) – The value to assign to the time_last_seen property of this Indicator.
geodata (oci.threat_intelligence.models.GeodataDetails) – The value to assign to the geodata property of this Indicator.

attributes¶

[Required] Gets the attributes of this Indicator. A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data).

Returns:	The attributes of this Indicator.
Return type:	list[oci.threat_intelligence.models.IndicatorAttribute]

compartment_id¶

Gets the compartment_id of this Indicator. The OCID of the compartment that contains this indicator.

Returns:	The compartment_id of this Indicator.
Return type:	str

confidence¶

Gets the confidence of this Indicator. An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator.

Returns:	The confidence of this Indicator.
Return type:	int

geodata¶

[Required] Gets the geodata of this Indicator.

Returns:	The geodata of this Indicator.
Return type:	oci.threat_intelligence.models.GeodataDetails

id¶

[Required] Gets the id of this Indicator. The OCID of the indicator.

Returns:	The id of this Indicator.
Return type:	str

lifecycle_state¶

Gets the lifecycle_state of this Indicator. The state of the indicator. It will always be ACTIVE.

Allowed values for this property are: “ACTIVE”, “DELETED”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:	The lifecycle_state of this Indicator.
Return type:	str

relationships¶

[Required] Gets the relationships of this Indicator. A map of relationships between the indicator and other entities. Each relationship has a name (string), related entity, and attribution (supporting data).

Returns:	The relationships of this Indicator.
Return type:	list[oci.threat_intelligence.models.IndicatorRelationship]

threat_types¶

[Required] Gets the threat_types of this Indicator. Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures.

Returns:	The threat_types of this Indicator.
Return type:	list[oci.threat_intelligence.models.ThreatType]

time_created¶

[Required] Gets the time_created of this Indicator. The date and time that the indicator was first detected. An RFC3339 formatted string.

Returns:	The time_created of this Indicator.
Return type:	datetime

time_last_seen¶

[Required] Gets the time_last_seen of this Indicator. The date and time that this indicator was last seen. The value is the same as timeCreated for a new indicator. An RFC3339 formatted string.

Returns:	The time_last_seen of this Indicator.
Return type:	datetime

time_updated¶

[Required] Gets the time_updated of this Indicator. The date and time that this indicator was last updated. The value is the same as timeCreated for a new indicator. An RFC3339 formatted string.

Returns:	The time_updated of this Indicator.
Return type:	datetime

type¶

[Required] Gets the type of this Indicator. The type of indicator.

Allowed values for this property are: “DOMAIN_NAME”, “FILE_NAME”, “MD5_HASH”, “SHA1_HASH”, “SHA256_HASH”, “IP_ADDRESS”, “URL”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:	The type of this Indicator.
Return type:	str

value¶

[Required] Gets the value of this Indicator. The value for this indicator. The value’s format is dependent upon its type. Examples:

DOMAIN_NAME “evil.example.com”

MD5_HASH “44d88612fea8a8f36de82e1278abb02f”

IP_ADDRESS “2001:db8::1”

Returns:	The value of this Indicator.
Return type:	str