Intelligence Module Comparison: Internet Scanners
Internet Scanner - Intelligence Module Comparison
The following table compares the fields included for each Internet Scanner intelligence module.
Last Updated: 2025-10-08
| Field Name | Triage | Investigate | Hunt | Endpoint(s) |
|---|---|---|---|---|
| actor | YES | YES | YES | IP/GNQL |
| bot | YES | YES | YES | IP/GNQL |
| classification | YES | YES | YES | IP/GNQL |
| ip | YES | YES | YES | IP/GNQL |
| last_seen | YES | YES | YES | IP/GNQL |
| last_seen_timestamp | YES | YES | YES | IP/GNQL |
| metadata.asn | YES | YES | YES | IP/GNQL |
| metadata.category | YES | YES | YES | IP/GNQL |
| metadata.city | YES | YES | YES | IP/GNQL |
| metadata.destination_countries | YES | YES | YES | IP/GNQL |
| metadata.destination_country_codes | YES | YES | YES | IP/GNQL |
| metadata.domain | YES | YES | YES | IP/GNQL |
| metadata.mobile | YES | YES | YES | IP/GNQL |
| metadata.organization | YES | YES | YES | IP/GNQL |
| metadata.rdns | YES | YES | YES | IP/GNQL |
| metadata.rdns_parent | YES | YES | YES | IP/GNQL |
| metadata.region | YES | YES | YES | IP/GNQL |
| metadata.single_destination | YES | YES | YES | IP/GNQL |
| metadata.source_country | YES | YES | YES | IP/GNQL |
| metadata.source_country_code | YES | YES | YES | IP/GNQL |
| metadata.tor | YES | YES | YES | IP/GNQL |
| spoofable | YES | YES | YES | IP/GNQL |
| stats.actor.count | YES | YES | YES | STATS |
| stats.category.count | YES | YES | YES | STATS |
| stats.classification.count | YES | YES | YES | STATS |
| stats.destination_countries.count | YES | YES | YES | STATS |
| stats.organization.count | YES | YES | YES | STATS |
| stats.source_country.count | YES | YES | YES | STATS |
| stats.spoofable.count | YES | YES | YES | STATS |
| stats.tags.count | YES | YES | YES | STATS |
| tags.created_at\ | YES | YES | YES | IP/GNQL/METADATA |
| tags.cves | YES | YES | YES | IP/GNQL/METADATA |
| tags.description | YES | YES | YES | IP/GNQL/METADATA |
| tags.id | YES | YES | YES | IP/GNQL/METADATA |
| tags.intention | YES | YES | YES | IP/GNQL/METADATA |
| tags.name | YES | YES | YES | IP/GNQL/METADATA |
| tags.recommended_block | YES | YES | YES | IP/GNQL/METADATA |
| tags.references | YES | YES | YES | IP/GNQL/METADATA |
| tags.slug | YES | YES | YES | IP/GNQL/METADATA |
| tags.updated_at | YES | YES | YES | IP/GNQL/METADATA |
| tor | YES | YES | YES | IP/GNQL |
| vpn | YES | YES | YES | IP/GNQL |
| vpn_service | YES | YES | YES | IP/GNQL |
| first_seen | YES | YES | IP/GNQL | |
| metadata.destination_asns | YES | YES | IP/GNQL | |
| metadata.destination_cities | YES | YES | IP/GNQL | |
| metadata.sensor_hits | YES | YES | IP/GNQL | |
| metadata.sensor_count | YES | YES | IP/GNQL | |
| metadata.source_latitude | YES | YES | IP/GNQL | |
| metadata.source_longitude | YES | YES | IP/GNQL | |
| raw_data.scan.port | YES | YES | IP/GNQL | |
| raw_data.scan.protocol | YES | YES | IP/GNQL | |
| raw_data.source.bytes | YES | YES | IP/GNQL | |
| stats.asn.count | YES | YES | STATS | |
| cve | YES | YES | IP/GNQL | |
| id (cve) | YES | YES | CVE | |
| details.vulnerability_name | YES | YES | CVE | |
| details.vulnerability_description | YES | YES | CVE | |
| details.cve_cvss_score | YES | YES | CVE | |
| details.product | YES | YES | CVE | |
| details.vendor | YES | YES | CVE | |
| details.published_to_nist_nvd | YES | YES | CVE | |
| timeline.cve_published_date | YES | YES | CVE | |
| timeline.cve_last_updated_date | YES | YES | CVE | |
| timeline.first_known_published_date | YES | YES | CVE | |
| timeline.cisa_kev_date_added | YES | YES | CVE | |
| exploitation_details.attack_vector | YES | YES | CVE | |
| exploitation_details.exploit_found | YES | YES | CVE | |
| exploitation_details.exploitation_registered_in_kev | YES | YES | CVE | |
| exploitation_details.epss_score | YES | YES | CVE | |
| exploitation_stats.number_of_available_exploits | YES | YES | CVE | |
| exploitation_stats.number_of_threat_actors_exploiting_vulnerability | YES | YES | CVE | |
| exploitation_stats.number_of_botnets_exploiting_vulnerability | YES | YES | CVE | |
| exploitation_activity.activity_seen | YES | YES | CVE | |
| exploitation_activity.benign_ip_count_1d | YES | YES | CVE | |
| exploitation_activity.benign_ip_count_10d | YES | YES | CVE | |
| exploitation_activity.benign_ip_count_30d | YES | YES | CVE | |
| exploitation_activity.threat_ip_count_1d | YES | YES | CVE | |
| exploitation_activity.threat_ip_count_10d | YES | YES | CVE | |
| exploitation_activity.threat_ip_count_30d | YES | YES | CVE | |
| metadata.os | YES | IP/GNQL | ||
| raw_data.hassh.fingerprint | YES | IP/GNQL | ||
| raw_data.hassh.port | YES | IP/GNQL | ||
| raw_data.http.cookie_keys | YES | IP/GNQL | ||
| raw_data.http.host | YES | IP/GNQL | ||
| raw_data.http.md5 | YES | IP/GNQL | ||
| raw_data.http.method | YES | IP/GNQL | ||
| raw_data.http.path | YES | IP/GNQL | ||
| raw_data.http.request_authorization | YES | IP/GNQL | ||
| raw_data.http.request_cookies | YES | IP/GNQL | ||
| raw_data.http.request_headers | YES | IP/GNQL | ||
| raw_data.http.request_origin | YES | IP/GNQL | ||
| raw_data.http.useragent | YES | IP/GNQL | ||
| raw_data.ja3.fingerprint | YES | IP/GNQL | ||
| raw_data.ja3.port | YES | IP/GNQL | ||
| raw_data.ssh.key | YES | IP/GNQL | ||
| raw_data.tls.cipher | YES | IP/GNQL | ||
| raw_data.tls.ja4 | YES | IP/GNQL | ||
| stats.operating_system.count | YES | STATS |
Updated 6 days ago