RedXray-Plus Guide
  • Introduction
  • Overview
    • Cyber Threat Analysis Center (CTAC)
  • RedXray
    • API
      • 1. /COMPANIES
      • 2. /COMPANIES/IDS
      • 3. /COMPANIES/{COMPANY ID}
      • 4. /THREATS/COUNTS/{COMPANY ID}
      • 5. /THREATS/HITS/{COMPANY ID}
    • Appendices
      • Data Sets - Unique Fields
      • Data Sets - Common Fields
    • Data Sets
      • Indices
      • botnet_tracker
      • breach_data
      • keylogger_data
      • malicious_emails
      • pastebin
      • sinkhole_traffic
      • threat_recon
    • How-To Section
      • Create a Company Profile
      • Create a Portfolio (E-mail Notifications)
      • Export/Import a Company Profile
      • Export/Import a Portfolio
      • Export RedXray Indicators
      • Search Indicators
Powered by GitBook
On this page

Was this helpful?

  1. RedXray
  2. Appendices

Data Sets - Common Fields

Field

Description

Data_Sets

area_code

area code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

attribution

provides malware attribution or actor attribution for sinkhole

sinkhole_traffic, threat_recon

city

city name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

country

two character country code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

domain_cat

general site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

etl_date

date data was exported, transformed or loaded(ETL)

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon,

first_seen

when output was first observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator

indicator extracted from output

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator_context

context in which indicator observed (i.e. keylogged email, portal, etc.)

keylogger_data, malicious_emails, sinkhole_traffic, threat_recon

indicator_type

indicator type

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

last_seen

when output was last observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

location

latitude longitude coordinates

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

postal_code

postal code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

raw_data_file

normalized name of output file- consists of md5 hash +_content.txt or .eml

keylogger_data, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

reference

URL for paste: may not resolve if paste taken down

darkweb, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

region

region name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

url_cat

specific site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

PreviousData Sets - Unique FieldsNextData Sets

Last updated 3 years ago

Was this helpful?