You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security/threat-intelligence/upload-formats.md
+21-3Lines changed: 21 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,7 +77,13 @@ The following attributes are required:
77
77
* `domain-name`. Domain name. (Entity type in Cloud SIEM is `_domain`.)
78
78
* `email-addr`. Email address. (Entity type in Cloud SIEM is `_email`.)
79
79
* `file`. File name. (Entity type in Cloud SIEM is `_file`.)
80
-
* `file:hashes`. File hash. (Entity type in Cloud SIEM is `_hash`.)<br/>If you want to add the hash algorithm, enter `file:hashes.<HASH-TYPE>`. For example, `[file:hashes.MD5 = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
80
+
* `file:hashes.'<HASH-TYPE>'`. File hash. (Entity type in Cloud SIEM is `_hash`.) Examples:
81
+
* `file:hashes.'MD-5'`
82
+
* `file:hashes.'SHA-1'`
83
+
* `file:hashes.'SHA-2'`
84
+
* `file:hashes.'SHA-3'`
85
+
* `file:hashes.'SHA-256'`
86
+
* `file:hashes.'SHA-512'`. <br/>If you want to add the hash algorithm, enter it with `=`. For example, `[file:hashes.'MD5' = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
81
87
* `ipv4-addr`. IPv4 IP address. (Entity type in Cloud SIEM is `_ip`.)
82
88
* `ipv6-addr`. IPv6 IP address. (Entity type in Cloud SIEM is `_ip`.)
83
89
* `mac-addr`. Mac address name. (Entity type in Cloud SIEM is `_mac`.)
@@ -137,7 +143,13 @@ Columns for the following attributes are required in the upload file:
137
143
* `domain-name`. Domain name. (Entity type in Cloud SIEM is `_domain`.)
138
144
* `email-addr`. Email address. (Entity type in Cloud SIEM is `_email`.)
139
145
* `file`. File name. (Entity type in Cloud SIEM is `_file`.)
140
-
* `file:hashes`. File hash. (Entity type in Cloud SIEM is `_hash`.)<br/>If you want to add the hash algorithm, enter `file:hashes.<HASH-TYPE>`. For example, `[file:hashes.MD5 = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
146
+
* `file:hashes.'<HASH-TYPE>'`. File hash. (Entity type in Cloud SIEM is `_hash`.) Examples:
147
+
* `file:hashes.'MD-5'`
148
+
* `file:hashes.'SHA-1'`
149
+
* `file:hashes.'SHA-2'`
150
+
* `file:hashes.'SHA-3'`
151
+
* `file:hashes.'SHA-256'`
152
+
* `file:hashes.'SHA-512'`. <br/>If you want to add the hash algorithm, enter it with `=`. For example, `[file:hashes.'MD5' = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
141
153
* `ipv4-addr`. IPv4 IP address. (Entity type in Cloud SIEM is `_ip`.)
142
154
* `ipv6-addr`. IPv6 IP address. (Entity type in Cloud SIEM is `_ip`.)
143
155
* `mac-addr`. Mac address name. (Entity type in Cloud SIEM is `_mac`.)
@@ -269,7 +281,13 @@ The following attributes are required:
269
281
* **pattern** (string). The pattern of this indicator (as defined by [pattern in STIX 2.1](https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_me3pzm77qfnf)). Following are valid values:
270
282
* `domain-name`. Domain name. (Entity type in Cloud SIEM is `_domain`.)
271
283
* `email-addr`. Email address. (Entity type in Cloud SIEM is `_email`.)
272
-
* `file:hashes`. File hash. (Entity type in Cloud SIEM is `_hash`.)<br/>If you want to add the hash algorithm, enter `file:hashes.<HASH-TYPE>`. For example, `[file:hashes.MD5 = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
284
+
* `file:hashes.'<HASH-TYPE>'`. File hash. (Entity type in Cloud SIEM is `_hash`.) Examples:
285
+
* `file:hashes.'MD-5'`
286
+
* `file:hashes.'SHA-1'`
287
+
* `file:hashes.'SHA-2'`
288
+
* `file:hashes.'SHA-3'`
289
+
* `file:hashes.'SHA-256'`
290
+
* `file:hashes.'SHA-512'`. <br/>If you want to add the hash algorithm, enter it with `=`. For example, `[file:hashes.'MD5' = '5d41402abc4b2a76b9719d911017c592']` or `[file:hashes.'SHA-256' = '50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c']`.
273
291
* `file`. File name. (Entity type in Cloud SIEM is `_file`.)
274
292
* `ipv4-addr`. IPv4 IP address. (Entity type in Cloud SIEM is `_ip`.)
275
293
* `ipv6-addr`. IPv6 IP address. (Entity type in Cloud SIEM is `_ip`.)
0 commit comments