Intelligence Module Comparison: Internet Scanners
Internet Scanner - Intelligence Module Comparision
The following table compares the fields included for each Internet Scanner intelligence module.
| Field Name | Triage | Investigate | Hunt | Endpoint(s) |
|---|---|---|---|---|
| actor | YES | YES | YES | IP/GNQL |
| bot | YES | YES | YES | IP/GNQL |
| classification | YES | YES | YES | IP/GNQL |
| ip | YES | YES | YES | IP/GNQL |
| last_seen | YES | YES | YES | IP/GNQL |
| last_seen_timestamp | YES | YES | YES | IP/GNQL |
| metadata.asn | YES | YES | YES | IP/GNQL |
| metadata.category | YES | YES | YES | IP/GNQL |
| metadata.city | YES | YES | YES | IP/GNQL |
| metadata.destination_countries | YES | YES | YES | IP/GNQL |
| metadata.destination_country_codes | YES | YES | YES | IP/GNQL |
| metadata.domain | YES | YES | YES | IP/GNQL |
| metadata.mobile | YES | YES | YES | IP/GNQL |
| metadata.organization | YES | YES | YES | IP/GNQL |
| metadata.rdns | YES | YES | YES | IP/GNQL |
| metadata.rdns_parent | YES | YES | YES | IP/GNQL |
| metadata.region | YES | YES | YES | IP/GNQL |
| metadata.single_destination | YES | YES | YES | IP/GNQL |
| metadata.source_country | YES | YES | YES | IP/GNQL |
| metadata.source_country_code | YES | YES | YES | IP/GNQL |
| metadata.tor | YES | YES | YES | IP/GNQL |
| spoofable | YES | YES | YES | IP/GNQL |
| stats.actor.count | YES | YES | YES | STATS |
| stats.category.count | YES | YES | YES | STATS |
| stats.classification.count | YES | YES | YES | STATS |
| stats.destination_countries.count | YES | YES | YES | STATS |
| stats.organization.count | YES | YES | YES | STATS |
| stats.source_country.count | YES | YES | YES | STATS |
| stats.spoofable.count | YES | YES | YES | STATS |
| stats.tags.count | YES | YES | YES | STATS |
| tags.created_at\ | YES | YES | YES | IP/GNQL/METADATA |
| tags.cves | YES | YES | YES | IP/GNQL/METADATA |
| tags.description | YES | YES | YES | IP/GNQL/METADATA |
| tags.id | YES | YES | YES | IP/GNQL/METADATA |
| tags.intention | YES | YES | YES | IP/GNQL/METADATA |
| tags.name | YES | YES | YES | IP/GNQL/METADATA |
| tags.recommended_block | YES | YES | YES | IP/GNQL/METADATA |
| tags.references | YES | YES | YES | IP/GNQL/METADATA |
| tags.slug | YES | YES | YES | IP/GNQL/METADATA |
| tags.updated_at | YES | YES | YES | IP/GNQL/METADATA |
| tor | YES | YES | YES | IP/GNQL |
| vpn | YES | YES | YES | IP/GNQL |
| vpn_service | YES | YES | YES | IP/GNQL |
| first_seen | YES | YES | IP/GNQL | |
| metadata.destination_asns | YES | YES | IP/GNQL | |
| metadata.destination_cities | YES | YES | IP/GNQL | |
| metadata.sensor_hits | YES | YES | IP/GNQL | |
| metadata.sensor_count | YES | YES | IP/GNQL | |
| metadata.source_latitude | YES | YES | IP/GNQL | |
| metadata.source_longitude | YES | YES | IP/GNQL | |
| raw_data.scan.port | YES | YES | IP/GNQL | |
| raw_data.scan.protocol | YES | YES | IP/GNQL | |
| raw_data.source.bytes | YES | YES | IP/GNQL | |
| stats.asn.count | YES | YES | STATS | |
| cve | YES | IP/GNQL | ||
| metadata.os | YES | IP/GNQL | ||
| raw_data.hassh.fingerprint | YES | IP/GNQL | ||
| raw_data.hassh.port | YES | IP/GNQL | ||
| raw_data.http.cookie_keys | YES | IP/GNQL | ||
| raw_data.http.host | YES | IP/GNQL | ||
| raw_data.http.md5 | YES | IP/GNQL | ||
| raw_data.http.method | YES | IP/GNQL | ||
| raw_data.http.path | YES | IP/GNQL | ||
| raw_data.http.request_authorization | YES | IP/GNQL | ||
| raw_data.http.request_cookies | YES | IP/GNQL | ||
| raw_data.http.request_headers | YES | IP/GNQL | ||
| raw_data.http.request_origin | YES | IP/GNQL | ||
| raw_data.http.useragent | YES | IP/GNQL | ||
| raw_data.ja3.fingerprint | YES | IP/GNQL | ||
| raw_data.ja3.port | YES | IP/GNQL | ||
| raw_data.ssh.key | YES | IP/GNQL | ||
| raw_data.tls.cipher | YES | IP/GNQL | ||
| raw_data.tls.ja4 | YES | IP/GNQL | ||
| stats.operating_system.count | YES | STATS |
Updated 4 months ago