Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Compromised Systems Intelligence: Spam Propagation

Ingrid

Spam Propagation indicates the presence of spambots, where a device on a company’s network is unsolicitedly sending commercial or bulk email (spam).

Data Structure Diagram

Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Spam Propagation Intelligence data feed:

ERD-spam-propagation.png

Schema

Spam Propagation data available in Compromised Systems Intelligence:

temporary_finding_id

The temporary unique identifier for this finding.

String [temp_finding_guid]

company_guid

The unique identifier of the company.

String [entity_guid]

event_date

When the finding was first observed.

String [YYYY-MM-DD]

affects_rating

true = This finding affects the rating.

Boolean

country

The country where the asset attributed with this finding is located.

String

country_code

The country code where the asset attributed with this finding is located.

String

decay_date

The date when this finding stops impacting the rating if nothing else changes.

String [YYYY-MM-DD]

event_grade

The finding grade.

String

evidence_key

The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port.

String

first_seen

The first time the finding was observed.

String [YYYY-MM-DD HH:MM:SS]

impacts_risk_vector_code

A reason code for why the finding does not impact on the rating.

String

impacts_risk_vector_label

The reason why the finding no longer impacts the rating.

String

last_seen

The most recent time the finding was observed.

String [YYYY-MM-DD HH:MM:SS]

observation_id

The unique identifier of this observation.

String

remediation_duration

The number of days it took to remediate the finding.

Integer

risk_category

The risk category.

String

risk_vector

The risk vector slug name.

String

risk_vector_label

The risk vector name.

String

rollup_start_date

The date when this finding was first observed, which is used for determining the number of Compromised Systems events.

String [YYYY-MM-DD]

rollup_end_date

The date when the infection was last observed, which is used for determining the number of Compromised Systems events.

String [YYYY-MM-DD]

rolledup_observation_id

A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.

String

severity

This finding’s Bitsight severity.

Decimal

severity_category

This finding’s Bitsight severity.

String

count

The number of events. See event count considerations for Compromised Systems events.

Integer

dest_port

A compromised device was observed to be sending traffic from this port.

Integer

detection_method

The method used to detect the infection. See the data collection methods.

String

infection_id

An identifier for the infection.

Integer

sinkhole_ip

The masked destination IP address of the sinkhole.

String

src_port

The port where traffic from a compromised device was observed.

Integer

email_from_address

The email address assigned in the “From” email header field of a spam email.

String

helo

The domain of the Simple Mail Transfer Protocol (SMTP) client.

String

sender_email

The email address of the original sender of the spam email.

String

subject

The subject line of the spam email.

String

  • September 11, 2024: Published.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.