You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/unversioned/cti_api/taxonomy/cti_fields.md
+11-12Lines changed: 11 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -400,8 +400,7 @@ Longitude of the IP, when available.
400
400
"days_age" : 40,
401
401
}
402
402
```
403
-
404
-
The geo location information about the IP address.
403
+
Historical information we have collected about the IP.
405
404
406
405
### `first_seen`
407
406
@@ -411,7 +410,7 @@ The geo location information about the IP address.
411
410
"first_seen" : "2022-01-01T00:00:00+00:00"
412
411
```
413
412
414
-
Date of the first time this IP was reported. Please note that due to "progressive data degradation" this date might be later than the first time the IP was actually seen.
413
+
Date of the first time this IP was reported. Please note that due to our progressive data degradation mechanism this date might be later than the first time the IP was actually seen.
415
414
416
415
### `last_seen`
417
416
@@ -450,7 +449,7 @@ Delta in days between first and last seen timestamps.
450
449
```json
451
450
"behaviors" : [
452
451
{
453
-
"name" : "protocol:protocol:behavior",
452
+
"name" : "protocol:behavior",
454
453
"label" : "Protocol Behavior",
455
454
"description" : "Protocol Behavior description"
456
455
}
@@ -527,7 +526,7 @@ The possible false positives and classifications attributed to this IP address.
527
526
]
528
527
```
529
528
530
-
A list of false positives tags associated with the IP. Any IP with `false_positives` tags shouldn't be considered as malicious.
529
+
A list of false positive tags associated with the IP. Any IP with `false_positives` tags shouldn't be considered as malicious.
531
530
532
531
#### `name`
533
532
@@ -566,14 +565,14 @@ Human-friendly description of the false positive.
566
565
```json
567
566
"classifications" : [
568
567
{
569
-
"name" : "classifications",
568
+
"name" : "classification",
570
569
"label" : "Classification",
571
570
"description" : "Classification description"
572
571
}
573
572
]
574
573
```
575
574
576
-
A list of `classifications` tags associated with the IP.
575
+
A list of `classification` tags associated with the IP.
577
576
578
577
#### `name`
579
578
@@ -666,7 +665,7 @@ Human-friendly description of the scenario.
666
665
]
667
666
```
668
667
669
-
A list of Mitre techniques associated with the IP.
668
+
A list of Mitre techniques associated with the IP. More detail on the Mitre Att&ck can be found [here](https://attack.mitre.org/techniques/enterprise/).
670
669
671
670
### `name`
672
671
@@ -725,7 +724,7 @@ A list of CVEs for which the IP has been reported for.
725
724
},
726
725
```
727
726
728
-
The top 10 reports repartition by country about the IP, as a percentage
727
+
The top 10 countries targeted by the IP. The numbers represent the percentage of the total number of attacks.
729
728
730
729
## `scores`
731
730
@@ -764,9 +763,9 @@ The top 10 reports repartition by country about the IP, as a percentage
764
763
}
765
764
```
766
765
767
-
Indicators of Malevolence computed on different time periods.
766
+
Indicators of Malevolence computed over different time periods.
768
767
769
-
:warning: All scores are from a scall of 0 to 5.
768
+
:warning: All scores are on a scale from 0 to 5.
770
769
771
770
### `overall`
772
771
@@ -1101,4 +1100,4 @@ Only present for the `fire` route.
1101
1100
1102
1101
Only present for the `fire` route.
1103
1102
1104
-
Date at which the IP address expire from the community blocklist.
1103
+
Date at which the IP address expires from the community blocklist.
0 commit comments