A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data).
The OCID of the compartment that contains this indicator.
An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The OCID of the indicator.
The state of the indicator. It will always be {@code ACTIVE}.
Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures.
The date and time that the indicator was first detected. An RFC3339 formatted string.
The date and time that this indicator was last seen. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.
The date and time that this indicator was last updated by the system. Updates can include new reports or regular updates in confidence. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.
The type of indicator.
The indicator data value.
Summary of a data signature observed on a network or host that indicates a potential security threat.