A map of attributes with additional information about the indicator. Each attribute has a name (string), value (string), and attribution (supporting data).
The OCID of the compartment that contains this indicator.
An integer from 0 to 100 that represents how certain we are that the indicator is malicious and a potential threat if it is detected communicating with your cloud resources. This confidence value is aggregated from the confidence in the threat types, attributes, and relationships to create an overall value for the indicator. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The OCID of the indicator.
The state of the indicator. It will always be {@code ACTIVE}.
A map of relationships between the indicator and other entities. Each relationship has a name (string), related entity, and attribution (supporting data).
Characteristics of the threat indicator based on previous observations or behavior. May include related tactics, techniques, and procedures.
The date and time that the indicator was first detected. An RFC3339 formatted string.
The date and time that this indicator was last seen. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.
The date and time that this indicator was last updated. The value is the same as {@code timeCreated} for a new indicator. An RFC3339 formatted string.
The type of indicator.
The value for this indicator. The value's format is dependent upon its {@code type}. Examples:
DOMAIN_NAME \"evil.example.com\"
MD5_HASH \"44d88612fea8a8f36de82e1278abb02f\"
IP_ADDRESS \"2001:db8::1\"
A data signature observed on a network or host that indicates a potential security threat. Indicators can be plain text or computed (hashed) values.