Oracle Cloud Infrastructure Documentation

Threat Intelligence Indicators

The following threat intelligence indicators are available for you to analyze and mitigate the threat detected with the Threat IPs field in the logs:

Threat Intelligence Indicator Description
OCID Unique Threat Intelligence resource identifier
Overall confidence The confidence score is a value from 0 to 100 that represents how confident Threat Intelligence is that the indicator might be associated with malicious activity. Overall confidence refers to the likelihood that indicator might be associated with malicious behavior. The score is an aggregation of weight and risk scores that Oracle assigns to the source of the indicator, the frequency of sightings across sources, the recency of the sightings, and the maliciousness of the observed behavior. This aggregate score does not refer to confidence in any particular threat type or threat actor attribution. Oracle solely assesses and assigns this score, and it does not reflect a score assigned by any of Threat Intelligence sources.
Last reported The most recent date and time that the indicator was detected.
First reported The date and time that Oracle first detected this indicator, or the date and time it was first reported to Threat Intelligence by one of the sources.
Type The indicator data can be one of several types.
  • IP address - The source IP address
  • URL - The source URL
  • Domain name - The source domain name
  • File name - The filename of the malicious program
  • MD5 hash - The MD5 hash generated from the request header
  • SHA1 hash - The SHA1 hash generated from the request header
  • SHA256 hash - The SHA256 hash generated from the request header
  • Threat actor - The name of the entity associated with the threat indicator
  • Malware - The name of the malware program associated with the threat indicator
Most recently reported by The threat intelligence source that detected the most recent occurrence of this indicator.
Geolocation The geographic source location of the indicator.
Indicator history Historical information of the threat as reported by the Threat Intelligence source. The table lists the following indicators:
  • Last reported: See the previous rows in the table
  • First reported: See the previous rows in the table
  • Threat type: Characteristics of the threat indicator based on previous observations or behavior. Can include related tactics,techniques, and procedures. For the list of threat types, see Threat Indicator Database Threat Types.
  • Associated malware: The name of a malicious software program used to disrupt, damage, or gain unauthorized access.
  • Actor: If applicable, the group or entity suspected to be associated with the indicator.
  • Reported by: See the previous rows in the table