Threat Intelligence Functions
Package: DBMS_CLOUD_OCI_TI_THREATINTEL
GET_INDICATOR Function
Get detailed information about a threat indicator with a given identifier.
Syntax
FUNCTION get_indicator (
indicator_id varchar2,
compartment_id varchar2,
opc_request_id varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_ti_threatintel_get_indicator_response_t;Parameters
| Parameter | Description |
|---|---|
|
|
(required) The unique identifier (OCID) of the threat indicator. |
|
|
(required) The OCID of the tenancy (root compartment) that is used to filter results. |
|
|
(optional) The client request ID for tracing. |
|
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
|
(optional) The endpoint of the service to call using this function. e.g https://api-threatintel.{region}.oci.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |
LIST_INDICATOR_COUNTS Function
Get the current count of each threat indicator type. Indicator counts can be sorted in ascending or descending order.
Syntax
FUNCTION list_indicator_counts (
compartment_id varchar2,
opc_request_id varchar2 DEFAULT NULL,
sort_order varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_ti_threatintel_list_indicator_counts_response_t;Parameters
| Parameter | Description |
|---|---|
|
|
(required) The OCID of the tenancy (root compartment) that is used to filter results. |
|
|
(optional) The client request ID for tracing. |
|
|
(optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: 'ASC', 'DESC' |
|
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
|
(optional) The endpoint of the service to call using this function. e.g https://api-threatintel.{region}.oci.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |
LIST_INDICATORS Function
Get a list of threat indicator summaries based on the search criteria.
Syntax
FUNCTION list_indicators (
compartment_id varchar2,
threat_type_name dbms_cloud_oci_threat_intelligence_varchar2_tbl DEFAULT NULL,
l_type varchar2 DEFAULT NULL,
value varchar2 DEFAULT NULL,
confidence_greater_than_or_equal_to number DEFAULT NULL,
time_updated_greater_than_or_equal_to timestamp with time zone DEFAULT NULL,
time_updated_less_than timestamp with time zone DEFAULT NULL,
time_last_seen_greater_than_or_equal_to timestamp with time zone DEFAULT NULL,
time_last_seen_less_than timestamp with time zone DEFAULT NULL,
time_created_greater_than_or_equal_to timestamp with time zone DEFAULT NULL,
time_created_less_than timestamp with time zone DEFAULT NULL,
limit number DEFAULT NULL,
page varchar2 DEFAULT NULL,
sort_order varchar2 DEFAULT NULL,
sort_by varchar2 DEFAULT NULL,
opc_request_id varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_ti_threatintel_list_indicators_response_t;Parameters
| Parameter | Description |
|---|---|
|
|
(required) The OCID of the tenancy (root compartment) that is used to filter results. |
|
|
(optional) The threat type of entites to be returned. To filter for multiple threat types, repeat this parameter. |
|
|
(optional) The indicator type of entities to be returned. Allowed values are: 'DOMAIN_NAME', 'FILE_NAME', 'MD5_HASH', 'SHA1_HASH', 'SHA256_HASH', 'IP_ADDRESS', 'URL' |
|
|
(optional) The indicator value of entities to be returned. |
|
|
(optional) The minimum confidence score of entities to be returned. |
|
|
(optional) The oldest update time of entities to be returned. |
|
|
(optional) Return indicators updated before the provided time. |
|
|
(optional) The oldest last seen time of entities to be returned. |
|
|
(optional) Return indicators last seen before the provided time. |
|
|
(optional) The oldest created/first seen time of entities to be returned. |
|
|
(optional) Return indicators created/first seen before the provided time. |
|
|
(optional) The maximum number of items to return. |
|
|
(optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. |
|
|
(optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: 'ASC', 'DESC' |
|
|
(optional) The field to sort by. Only one field to sort by may be provided. Allowed values are: 'confidence', 'timeCreated', 'timeUpdated', 'timeLastSeen' |
|
|
(optional) The client request ID for tracing. |
|
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
|
(optional) The endpoint of the service to call using this function. e.g https://api-threatintel.{region}.oci.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |
LIST_THREAT_TYPES Function
Gets a list of threat types that are available to use as parameters when querying indicators. The list is sorted by threat type name according to the sort order query param.
Syntax
FUNCTION list_threat_types (
compartment_id varchar2,
limit number DEFAULT NULL,
page varchar2 DEFAULT NULL,
sort_order varchar2 DEFAULT NULL,
opc_request_id varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_ti_threatintel_list_threat_types_response_t;Parameters
| Parameter | Description |
|---|---|
|
|
(required) The OCID of the tenancy (root compartment) that is used to filter results. |
|
|
(optional) The maximum number of items to return. |
|
|
(optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. |
|
|
(optional) The sort order to use, either 'ASC' or 'DESC'. Allowed values are: 'ASC', 'DESC' |
|
|
(optional) The client request ID for tracing. |
|
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
|
(optional) The endpoint of the service to call using this function. e.g https://api-threatintel.{region}.oci.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |
SUMMARIZE_INDICATORS Function
Get indicator summaries based on advanced search criteria.
Syntax
FUNCTION summarize_indicators (
compartment_id varchar2,
summarize_indicators_details dbms_cloud_oci_threat_intelligence_summarize_indicators_details_t,
opc_request_id varchar2 DEFAULT NULL,
limit number DEFAULT NULL,
page varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_ti_threatintel_summarize_indicators_response_t;Parameters
| Parameter | Description |
|---|---|
|
|
(required) The OCID of the tenancy (root compartment) that is used to filter results. |
|
|
(required) Query Parameters to search for indicators. |
|
|
(optional) The client request ID for tracing. |
|
|
(optional) The maximum number of items to return. |
|
|
(optional) A token representing the position at which to start retrieving results. This must come from the `opc-next-page` header field of a previous response. |
|
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
|
(optional) The endpoint of the service to call using this function. e.g https://api-threatintel.{region}.oci.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |