Intelligence Module Comparison: Internet Scanners
Internet Scanner - Intelligence Module Comparision
The following table compares the fields included for each Internet Scanner intelligence module.
| Field Name | Triage | Investigate | Hunt |
|---|---|---|---|
| actor | YES | YES | YES |
| bot | YES | YES | YES |
| classification | YES | YES | YES |
| ip | YES | YES | YES |
| last_seen | YES | YES | YES |
| metadata.asn | YES | YES | YES |
| metadata.category | YES | YES | YES |
| metadata.city | YES | YES | YES |
| metadata.mobile | YES | YES | YES |
| metadata.organization | YES | YES | YES |
| metadata.rdns | YES | YES | YES |
| metadata.region | YES | YES | YES |
| metadata.source_country | YES | YES | YES |
| metadata.source_country_code | YES | YES | YES |
| metadata.tor | YES | YES | YES |
| seen/noise | YES | YES | YES |
| spoofable | YES | YES | YES |
| tags | YES | YES | YES |
| vpn | YES | YES | YES |
| vpn_service | YES | YES | YES |
| first_seen | YES | YES | |
| metadata.destination_countries | YES | YES | |
| metadata.destination_country_codes | YES | YES | |
| metadata.sensor_hits | YES | YES | |
| metadata.sensor_count | YES | YES | |
| raw_data.scan | YES | YES | |
| raw_data.scan.port | YES | YES | |
| raw_data.scan.protocol | YES | YES | |
| cve | YES | ||
| metadata.os | YES | ||
| raw_data.hassh | YES | ||
| raw_data.hassh.fingerprint | YES | ||
| raw_data.hassh.port | YES | ||
| raw_data.ja3 | YES | ||
| raw_data.ja3.fingerprint | YES | ||
| raw_data.ja3.port | YES | ||
| raw_data.web | YES | ||
| raw_data.web.paths | YES | ||
| raw_data.web.useragents | YES |
Updated about 2 months ago