Concepts
Understand key concepts related to Oracle Cloud Infrastructure Threat Intelligence.
- Threat Event
-
The National Institute of Standards and Technology defines a threat event as an event or situation that has the potential for causing undesirable consequences or impact.
- Indicator
-
The National Institute of Standards and Technology defines an indicator as a technical artifact or observable that suggests an attack is imminent or is currently underway, or that a compromise may have already occurred.
- Indicator Type
-
The indicator data can be one of several types.
- IP address - The source IP address
- URL - The source URL
- Domain name - The source domain name
- File name - The filename of the malicious program
- MD5 hash - The MD5 hash generated from the request header
- SHA1 hash - The SHA1 hash generated from the request header
- SHA256 hash - The SHA256 hash generated from the request header
- Threat actor - The name of the entity associated with the threat indicator
- Malware - The name of the malware program associated with the threat indicator
- Threat Type
-
Characteristics of the threat indicator based on previous observations or behavior. Can include related tactics, techniques, and procedures.
For example, an indicator might be associated with a
Botnets
program or with emailPhishing
. See Threat Indicator Database Threat Types.This information helps you understand the potential implications of the threat and helps target the scope of investigations or reduce the time to remediation.
- Overall Confidence Score
-
The confidence score is a value from 0 to 100 that represents how confident Threat Intelligence is that the indicator might be associated with malicious activity.
Overall confidence refers to the likelihood that indicator might be associated with malicious behavior. The score is an aggregation of weight and risk scores that Oracle assigns to the source of the indicator, the frequency of sightings across sources, the recency of the sightings, and the maliciousness of the observed behavior. This aggregate score does not refer to confidence in any particular threat type or threat actor attribution. Oracle solely assesses and assigns this score, and it does not reflect a score assigned by any of our sources.
- Actor
-
If applicable, the group or entity suspected to be associated with the indicator.
- Associated Malware
-
The name of a malicious software program used to disrupt, damage, or gain unauthorized access.
- First Reported
-
The date and time that Oracle first detected this indicator, or the date and time it was first reported to Threat Intelligence by one our sources.
- Last Reported
-
The most recent date and time that the indicator was detected.
- Reported By
-
The threat intelligence source that detected the most recent occurrence of this indicator.
- Geolocation
-
The geographic source location of the indicator.