Malware Servers indicates that a system is engaging in malicious activity, such as phishing, fraud, or scams.
Data Structure Diagram
Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Malware Servers Intelligence data feed:
Schema
Malware Servers data available in Compromised Systems Intelligence:
Field | Description |
---|---|
temporary_finding_id String [ |
The temporary unique identifier for this finding. |
entity_guid String [ |
The unique identifier of the company. |
event_date String [ |
When the finding was first observed. |
affects_rating Boolean |
true = This finding affects the rating. |
count Integer |
The number of events. See event count considerations for Compromised Systems events. |
country String |
The country where the asset attributed with this finding is located. |
country_code String |
The country code where the asset attributed with this finding is located. |
decay_date String [ |
The date when this finding stops impacting the rating if nothing else changes. |
dest_port Integer |
A compromised device was observed to be sending traffic from this port. |
detection_method String |
The method used to detect the infection. See the data collection methods. |
event_grade String |
The finding grade. |
evidence_key String |
The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port. |
first_seen String [ |
The first time the finding was observed. |
impacts_risk_vector_code String |
A reason code for why the finding does not impact on the rating. |
impacts_risk_vector_label String |
The reason why the finding no longer impacts the rating. |
infection_id Integer |
An identifier for the infection. |
last_seen String [ |
The most recent time the finding was observed. |
observation_id String |
The unique identifier of this observation. |
portal_type String |
The type of event.
|
remediation_duration Integer |
The number of days it took to remediate the finding. |
risk_category String |
The risk category. |
risk_vector String |
The risk vector slug name. |
risk_vector_label String |
The risk vector name. |
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. |
rollup_end_date String [ |
The date when the infection was last observed, which is used for determining the number of Compromised Systems events. |
rollup_start_date String [ |
The date when this finding was first observed, which is used for determining the number of Compromised Systems events. |
sample_timestamp String [ |
The date and time when this finding was observed. |
server_name String |
The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. |
severity Decimal |
This finding’s Bitsight severity. |
severity_category String |
This finding’s Bitsight severity. |
sinkhole_ip String |
The masked destination IP address of the sinkhole. |
src_port Integer |
The port where traffic from a compromised device was observed. |
- September 11, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.