You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security/threat-intelligence/upload-formats.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ Following is an example threat indicator file in normalized JSON format. (For an
34
34
"id": "0001",
35
35
"indicator": "192.0.2.0",
36
36
"type": "ipv4-addr",
37
-
"source": "TAXII2Source",
37
+
"source": "my_custom_source",
38
38
"validFrom": "2023-03-21T12:00:00.000Z",
39
39
"validUntil": "2025-03-21T12:00:00.000Z",
40
40
"confidence": 30,
@@ -50,7 +50,7 @@ Following is an example threat indicator file in normalized JSON format. (For an
50
50
"id": "0002",
51
51
"indicator": "192.0.2.1",
52
52
"type": "ipv4-addr",
53
-
"source": "TAXII2Source",
53
+
"source": "my_custom_source",
54
54
"validFrom": "2023-03-21T12:00:00.000Z",
55
55
"validUntil": "2025-03-21T12:00:00.000Z",
56
56
"confidence": 30,
@@ -90,7 +90,7 @@ The following attributes are required:
90
90
* `process`. Process name. (Entity type in Cloud SIEM is `_process`.)
91
91
* `url`. URL. (Entity type in Cloud SIEM is `_url`.)
92
92
* `user-account`. User ID. (Entity type in Cloud SIEM is `user_username`.)
93
-
* **source** (string). User-provided text to identify the source of the indicator. For example, `TAXII2Source`.
93
+
* **source** (string). User-provided text to identify the source of the indicator. For example, `my_custom_source`.
94
94
* **validFrom** (string [date-time]). Beginning time this indicator is valid. Timestamp in UTC in RFC3339 format. For example, `2023-03-21T12:00:00.000Z`.
95
95
* **validUntil** (string [date-time]). Ending time this indicator is valid. If not set, the indicator never expires. Timestamp in UTC in RFC3339 format. For example, `2024-03-21T12:00:00.000Z`.
96
96
* **confidence** (integer [ 1 .. 100 ]). Confidence that the creator has in the correctness of their data, where 100 is highest (as [defined by the confidence scale in STIX 2.1](https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_1v6elyto0uqg)). For example, `75`.
@@ -123,8 +123,8 @@ Comma-separated value (CSV) is a standard format for data upload.
123
123
When uploading a CSV file with the UI, the format should be the same as used for a standard CSV file:
@@ -156,7 +156,7 @@ Columns for the following attributes are required in the upload file:
156
156
* `process`. Process name. (Entity type in Cloud SIEM is `_process`.)
157
157
* `url`. URL. (Entity type in Cloud SIEM is `_url`.)
158
158
* `user-account`. User ID. (Entity type in Cloud SIEM is `_username`.)
159
-
* **source** (string). User-provided text to identify the source of the indicator. For example, `TAXII2Source`.
159
+
* **source** (string). User-provided text to identify the source of the indicator. For example, `my_custom_source`.
160
160
* **validFrom** (string [date-time]). Beginning time this indicator is valid. Timestamp in UTC in RFC3339 format. For example, `2023-03-21T12:00:00.000Z`.
161
161
* **validUntil** (string [date-time]). Ending time this indicator is valid. If not set, the indicator never expires. Timestamp in UTC in RFC3339 format. For example, `2024-03-21T12:00:00.000Z`.
162
162
* **confidence** (integer [ 1 .. 100 ]). Confidence that the creator has in the correctness of their data, where 100 is highest. For example, `75`.
@@ -218,7 +218,7 @@ As shown in the following example, if uploading via the API you must add the `so
0 commit comments