Intelligence Module Comparison: Internet Scanners
Internet Scanner - Intelligence Module Comparison
The following table compares the fields included for each Internet Scanner intelligence module.
Last Updated: 2025-10-08
Field Name | Triage | Investigate | Hunt | Endpoint(s) |
---|---|---|---|---|
actor | YES | YES | YES | IP/GNQL |
bot | YES | YES | YES | IP/GNQL |
classification | YES | YES | YES | IP/GNQL |
ip | YES | YES | YES | IP/GNQL |
last_seen | YES | YES | YES | IP/GNQL |
last_seen_timestamp | YES | YES | YES | IP/GNQL |
metadata.asn | YES | YES | YES | IP/GNQL |
metadata.category | YES | YES | YES | IP/GNQL |
metadata.city | YES | YES | YES | IP/GNQL |
metadata.destination_countries | YES | YES | YES | IP/GNQL |
metadata.destination_country_codes | YES | YES | YES | IP/GNQL |
metadata.domain | YES | YES | YES | IP/GNQL |
metadata.mobile | YES | YES | YES | IP/GNQL |
metadata.organization | YES | YES | YES | IP/GNQL |
metadata.rdns | YES | YES | YES | IP/GNQL |
metadata.rdns_parent | YES | YES | YES | IP/GNQL |
metadata.region | YES | YES | YES | IP/GNQL |
metadata.single_destination | YES | YES | YES | IP/GNQL |
metadata.source_country | YES | YES | YES | IP/GNQL |
metadata.source_country_code | YES | YES | YES | IP/GNQL |
metadata.tor | YES | YES | YES | IP/GNQL |
spoofable | YES | YES | YES | IP/GNQL |
stats.actor.count | YES | YES | YES | STATS |
stats.category.count | YES | YES | YES | STATS |
stats.classification.count | YES | YES | YES | STATS |
stats.destination_countries.count | YES | YES | YES | STATS |
stats.organization.count | YES | YES | YES | STATS |
stats.source_country.count | YES | YES | YES | STATS |
stats.spoofable.count | YES | YES | YES | STATS |
stats.tags.count | YES | YES | YES | STATS |
tags.created_at\ | YES | YES | YES | IP/GNQL/METADATA |
tags.cves | YES | YES | YES | IP/GNQL/METADATA |
tags.description | YES | YES | YES | IP/GNQL/METADATA |
tags.id | YES | YES | YES | IP/GNQL/METADATA |
tags.intention | YES | YES | YES | IP/GNQL/METADATA |
tags.name | YES | YES | YES | IP/GNQL/METADATA |
tags.recommended_block | YES | YES | YES | IP/GNQL/METADATA |
tags.references | YES | YES | YES | IP/GNQL/METADATA |
tags.slug | YES | YES | YES | IP/GNQL/METADATA |
tags.updated_at | YES | YES | YES | IP/GNQL/METADATA |
tor | YES | YES | YES | IP/GNQL |
vpn | YES | YES | YES | IP/GNQL |
vpn_service | YES | YES | YES | IP/GNQL |
first_seen | YES | YES | IP/GNQL | |
metadata.destination_asns | YES | YES | IP/GNQL | |
metadata.destination_cities | YES | YES | IP/GNQL | |
metadata.sensor_hits | YES | YES | IP/GNQL | |
metadata.sensor_count | YES | YES | IP/GNQL | |
metadata.source_latitude | YES | YES | IP/GNQL | |
metadata.source_longitude | YES | YES | IP/GNQL | |
raw_data.scan.port | YES | YES | IP/GNQL | |
raw_data.scan.protocol | YES | YES | IP/GNQL | |
raw_data.source.bytes | YES | YES | IP/GNQL | |
stats.asn.count | YES | YES | STATS | |
cve | YES | YES | IP/GNQL | |
id (cve) | YES | YES | CVE | |
details.vulnerability_name | YES | YES | CVE | |
details.vulnerability_description | YES | YES | CVE | |
details.cve_cvss_score | YES | YES | CVE | |
details.product | YES | YES | CVE | |
details.vendor | YES | YES | CVE | |
details.published_to_nist_nvd | YES | YES | CVE | |
timeline.cve_published_date | YES | YES | CVE | |
timeline.cve_last_updated_date | YES | YES | CVE | |
timeline.first_known_published_date | YES | YES | CVE | |
timeline.cisa_kev_date_added | YES | YES | CVE | |
exploitation_details.attack_vector | YES | YES | CVE | |
exploitation_details.exploit_found | YES | YES | CVE | |
exploitation_details.exploitation_registered_in_kev | YES | YES | CVE | |
exploitation_details.epss_score | YES | YES | CVE | |
exploitation_stats.number_of_available_exploits | YES | YES | CVE | |
exploitation_stats.number_of_threat_actors_exploiting_vulnerability | YES | YES | CVE | |
exploitation_stats.number_of_botnets_exploiting_vulnerability | YES | YES | CVE | |
exploitation_activity.activity_seen | YES | YES | CVE | |
exploitation_activity.benign_ip_count_1d | YES | YES | CVE | |
exploitation_activity.benign_ip_count_10d | YES | YES | CVE | |
exploitation_activity.benign_ip_count_30d | YES | YES | CVE | |
exploitation_activity.threat_ip_count_1d | YES | YES | CVE | |
exploitation_activity.threat_ip_count_10d | YES | YES | CVE | |
exploitation_activity.threat_ip_count_30d | YES | YES | CVE | |
metadata.os | YES | IP/GNQL | ||
raw_data.hassh.fingerprint | YES | IP/GNQL | ||
raw_data.hassh.port | YES | IP/GNQL | ||
raw_data.http.cookie_keys | YES | IP/GNQL | ||
raw_data.http.host | YES | IP/GNQL | ||
raw_data.http.md5 | YES | IP/GNQL | ||
raw_data.http.method | YES | IP/GNQL | ||
raw_data.http.path | YES | IP/GNQL | ||
raw_data.http.request_authorization | YES | IP/GNQL | ||
raw_data.http.request_cookies | YES | IP/GNQL | ||
raw_data.http.request_headers | YES | IP/GNQL | ||
raw_data.http.request_origin | YES | IP/GNQL | ||
raw_data.http.useragent | YES | IP/GNQL | ||
raw_data.ja3.fingerprint | YES | IP/GNQL | ||
raw_data.ja3.port | YES | IP/GNQL | ||
raw_data.ssh.key | YES | IP/GNQL | ||
raw_data.tls.cipher | YES | IP/GNQL | ||
raw_data.tls.ja4 | YES | IP/GNQL | ||
stats.operating_system.count | YES | STATS |
Updated 6 days ago