Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
Threat¶
Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| feed | Feed | Threat feed information. | Optional | None |
| framework | Keyword | Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. | Optional | None |
| group | Group | Information about the group related to this threat. | Optional | None |
| indicator | Indicator | Object containing associated indicators enriching the event. | Optional | None |
| software | Software | Information about the software used by this threat. | Optional | None |
| tactic | Tactic | Information about the tactic used by this threat. | Optional | None |
| technique | Tactic | Information about the technique used by this threat. | Optional | None |