Compromised Systems Intelligence: Malware Servers Ingrid Malware Servers indicates that a system is engaging in malicious activity, such as phishing, fraud, or scams. Data Structure Diagram Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Malware Servers Intelligence data feed: Schema Malware Servers data available in Compromised Systems Intelligence: temporary_finding_id The temporary unique identifier for this finding. String [temp_finding_guid] company_guid The unique identifier of the company. String [entity_guid] event_date When the finding was first observed. String [YYYY-MM-DD] affects_rating true = This finding affects the rating. Boolean count The number of events. See event count considerations for Compromised Systems events. Integer country The country where the asset attributed with this finding is located. String country_code The country code where the asset attributed with this finding is located. String decay_date The date when this finding stops impacting the rating if nothing else changes. String [YYYY-MM-DD] dest_port A compromised device was observed to be sending traffic from this port. Integer detection_method The method used to detect the infection. See the data collection methods. String event_grade The finding grade. String evidence_key The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port. String first_seen The first time the finding was observed. String [YYYY-MM-DD HH:MM:SS] impacts_risk_vector_code A reason code for why the finding does not impact on the rating. String impacts_risk_vector_label The reason why the finding no longer impacts the rating. String infection_id An identifier for the infection. Integer last_seen The most recent time the finding was observed. String [YYYY-MM-DD HH:MM:SS] observation_id The unique identifier of this observation. String portal_type The type of event. Values: malicious = The event involves a malicious server. malware = The event involves specific malware. String remediation_duration The number of days it took to remediate the finding. Integer risk_category The risk category. String risk_vector The risk vector slug name. String risk_vector_label The risk vector name. String rolledup_observation_id A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. String rollup_end_date The date when the infection was last observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] rollup_start_date The date when this finding was first observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] sample_timestamp The date and time when this finding was observed. String [YYYY-MM-DD HH:MM:SS] server_name The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. String severity This finding’s Bitsight severity. Decimal severity_category This finding’s Bitsight severity. String sinkhole_ip The masked destination IP address of the sinkhole. String src_port The port where traffic from a compromised device was observed. Integer September 11, 2024: Published. Related articles Compromised Systems Intelligence: Potentially Exploited Compromised Systems Intelligence: Botnet Infections Data Solutions: Compromised Systems Intelligence GET: Malware Servers Finding Details Finding Behavior Feedback 0 comments Please sign in to leave a comment.