Update machinetag.json
parent
04a5878739
commit
f18fbb3878
|
@ -1,57 +1,56 @@
|
||||||
{
|
{
|
||||||
"namespace": "sentinel-threattype",
|
"namespace": "sentinel-threattype",
|
||||||
"expanded": "sentinel-threattype",
|
"expanded": "sentinel-threattype",
|
||||||
"description": "Sentinel indicator threat types.",
|
"description": "Sentinel indicator threat types.",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"exclusive": true,
|
"exclusive": true,
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://learn.microsoft.com/en-us/graph/api/resources/tiindicator?view=graph-rest-beta#threattype-values"
|
"https://learn.microsoft.com/en-us/graph/api/resources/tiindicator?view=graph-rest-beta#threattype-values"
|
||||||
],
|
],
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "Botnet",
|
"value": "Botnet",
|
||||||
"expanded": "Indicator is detailing a botnet node/member."
|
"expanded": "Indicator is detailing a botnet node/member."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "C2",
|
"value": "C2",
|
||||||
"expanded": "Indicator is detailing a Command & Control node of a botnet."
|
"expanded": "Indicator is detailing a Command & Control node of a botnet."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "CryptoMining",
|
"value": "CryptoMining",
|
||||||
"expanded": "Traffic involving this network address / URL is an indication of CyrptoMining / Resource abuse."
|
"expanded": "Traffic involving this network address / URL is an indication of CyrptoMining / Resource abuse."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Darknet",
|
"value": "Darknet",
|
||||||
"expanded": "Indicator is that of a Darknet node/network."
|
"expanded": "Indicator is that of a Darknet node/network."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "DDoS",
|
"value": "DDoS",
|
||||||
"expanded": "Indicators relating to an active or upcoming DDoS campaign."
|
"expanded": "Indicators relating to an active or upcoming DDoS campaign."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "MaliciousUrl",
|
"value": "MaliciousUrl",
|
||||||
"expanded": "URL that is serving malware."
|
"expanded": "URL that is serving malware."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Malware",
|
"value": "Malware",
|
||||||
"expanded": "Indicator describing a malicious file or files."
|
"expanded": "Indicator describing a malicious file or files."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Phishing",
|
"value": "Phishing",
|
||||||
"expanded": "Indicators relating to a phishing campaign."
|
"expanded": "Indicators relating to a phishing campaign."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Proxy",
|
"value": "Proxy",
|
||||||
"expanded": "Indicator is that of a proxy service."
|
"expanded": "Indicator is that of a proxy service."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "PUA",
|
"value": "PUA",
|
||||||
"expanded": "Potentially Unwanted Application."
|
"expanded": "Potentially Unwanted Application."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "WatchList",
|
"value": "WatchList",
|
||||||
"expanded": "This is the generic bucket into which indicators are placed when it cannot be determined exactly what the threat is or will require manual interpretation. This should typically not be used by partners submitting data into the system."
|
"expanded": "This is the generic bucket into which indicators are placed when it cannot be determined exactly what the threat is or will require manual interpretation. This should typically not be used by partners submitting data into the system."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue