Intelligence Module Comparison: Internet Scanners
Internet Scanner - Intelligence Module Comparision
The following table compares the fields included for each Internet Scanner intelligence module.
Field Name | Triage | Investigate | Hunt | Endpoint(s) |
---|---|---|---|---|
actor | YES | YES | YES | IP/GNQL |
bot | YES | YES | YES | IP/GNQL |
classification | YES | YES | YES | IP/GNQL |
ip | YES | YES | YES | IP/GNQL |
last_seen | YES | YES | YES | IP/GNQL |
last_seen_timestamp | YES | YES | YES | IP/GNQL |
metadata.asn | YES | YES | YES | IP/GNQL |
metadata.category | YES | YES | YES | IP/GNQL |
metadata.city | YES | YES | YES | IP/GNQL |
metadata.destination_countries | YES | YES | YES | IP/GNQL |
metadata.destination_country_codes | YES | YES | YES | IP/GNQL |
metadata.domain | YES | YES | YES | IP/GNQL |
metadata.mobile | YES | YES | YES | IP/GNQL |
metadata.organization | YES | YES | YES | IP/GNQL |
metadata.rdns | YES | YES | YES | IP/GNQL |
metadata.rdns_parent | YES | YES | YES | IP/GNQL |
metadata.region | YES | YES | YES | IP/GNQL |
metadata.single_destination | YES | YES | YES | IP/GNQL |
metadata.source_country | YES | YES | YES | IP/GNQL |
metadata.source_country_code | YES | YES | YES | IP/GNQL |
metadata.tor | YES | YES | YES | IP/GNQL |
spoofable | YES | YES | YES | IP/GNQL |
stats.actor.count | YES | YES | YES | STATS |
stats.category.count | YES | YES | YES | STATS |
stats.classification.count | YES | YES | YES | STATS |
stats.destination_countries.count | YES | YES | YES | STATS |
stats.organization.count | YES | YES | YES | STATS |
stats.source_country.count | YES | YES | YES | STATS |
stats.spoofable.count | YES | YES | YES | STATS |
stats.tags.count | YES | YES | YES | STATS |
tags.created_at\ | YES | YES | YES | IP/GNQL/METADATA |
tags.cves | YES | YES | YES | IP/GNQL/METADATA |
tags.description | YES | YES | YES | IP/GNQL/METADATA |
tags.id | YES | YES | YES | IP/GNQL/METADATA |
tags.intention | YES | YES | YES | IP/GNQL/METADATA |
tags.name | YES | YES | YES | IP/GNQL/METADATA |
tags.recommended_block | YES | YES | YES | IP/GNQL/METADATA |
tags.references | YES | YES | YES | IP/GNQL/METADATA |
tags.slug | YES | YES | YES | IP/GNQL/METADATA |
tags.updated_at | YES | YES | YES | IP/GNQL/METADATA |
tor | YES | YES | YES | IP/GNQL |
vpn | YES | YES | YES | IP/GNQL |
vpn_service | YES | YES | YES | IP/GNQL |
first_seen | YES | YES | IP/GNQL | |
metadata.destination_asns | YES | YES | IP/GNQL | |
metadata.destination_cities | YES | YES | IP/GNQL | |
metadata.sensor_hits | YES | YES | IP/GNQL | |
metadata.sensor_count | YES | YES | IP/GNQL | |
metadata.source_latitude | YES | YES | IP/GNQL | |
metadata.source_longitude | YES | YES | IP/GNQL | |
raw_data.scan.port | YES | YES | IP/GNQL | |
raw_data.scan.protocol | YES | YES | IP/GNQL | |
raw_data.source.bytes | YES | YES | IP/GNQL | |
stats.asn.count | YES | YES | STATS | |
cve | YES | IP/GNQL | ||
metadata.os | YES | IP/GNQL | ||
raw_data.hassh.fingerprint | YES | IP/GNQL | ||
raw_data.hassh.port | YES | IP/GNQL | ||
raw_data.http.cookie_keys | YES | IP/GNQL | ||
raw_data.http.host | YES | IP/GNQL | ||
raw_data.http.md5 | YES | IP/GNQL | ||
raw_data.http.method | YES | IP/GNQL | ||
raw_data.http.path | YES | IP/GNQL | ||
raw_data.http.request_authorization | YES | IP/GNQL | ||
raw_data.http.request_cookies | YES | IP/GNQL | ||
raw_data.http.request_headers | YES | IP/GNQL | ||
raw_data.http.request_origin | YES | IP/GNQL | ||
raw_data.http.useragent | YES | IP/GNQL | ||
raw_data.ja3.fingerprint | YES | IP/GNQL | ||
raw_data.ja3.port | YES | IP/GNQL | ||
raw_data.ssh.key | YES | IP/GNQL | ||
raw_data.tls.cipher | YES | IP/GNQL | ||
raw_data.tls.ja4 - COMING SOON | YES | IP/GNQL | ||
stats.operating_system.count | YES | STATS |
Updated 6 days ago