Compromised Systems Intelligence: Spam Propagation Ingrid Spam Propagation indicates the presence of spambots, where a device on a company’s network is unsolicitedly sending commercial or bulk email (spam). Data Structure Diagram Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Spam Propagation Intelligence data feed: Schema Spam Propagation data available in Compromised Systems Intelligence: temporary_finding_id The temporary unique identifier for this finding. String [temp_finding_guid] company_guid The unique identifier of the company. String [entity_guid] event_date When the finding was first observed. String [YYYY-MM-DD] affects_rating true = This finding affects the rating. Boolean country The country where the asset attributed with this finding is located. String country_code The country code where the asset attributed with this finding is located. String decay_date The date when this finding stops impacting the rating if nothing else changes. String [YYYY-MM-DD] event_grade The finding grade. String evidence_key The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port. String first_seen The first time the finding was observed. String [YYYY-MM-DD HH:MM:SS] impacts_risk_vector_code A reason code for why the finding does not impact on the rating. String impacts_risk_vector_label The reason why the finding no longer impacts the rating. String last_seen The most recent time the finding was observed. String [YYYY-MM-DD HH:MM:SS] observation_id The unique identifier of this observation. String remediation_duration The number of days it took to remediate the finding. Integer risk_category The risk category. String risk_vector The risk vector slug name. String risk_vector_label The risk vector name. String rollup_start_date The date when this finding was first observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] rollup_end_date The date when the infection was last observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] rolledup_observation_id A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. String severity This finding’s Bitsight severity. Decimal severity_category This finding’s Bitsight severity. String count The number of events. See event count considerations for Compromised Systems events. Integer dest_port A compromised device was observed to be sending traffic from this port. Integer detection_method The method used to detect the infection. See the data collection methods. String infection_id An identifier for the infection. Integer sinkhole_ip The masked destination IP address of the sinkhole. String src_port The port where traffic from a compromised device was observed. Integer email_from_address The email address assigned in the “From” email header field of a spam email. String helo The domain of the Simple Mail Transfer Protocol (SMTP) client. String sender_email The email address of the original sender of the spam email. String subject The subject line of the spam email. String September 11, 2024: Published. Related articles Compromised Systems Intelligence: Unsolicited Communications Finding Behavior Data Solutions: Compromised Systems Intelligence Data Feeds and Historical Analytics GET: Peer Comparison Group Configuration Details Feedback 0 comments Please sign in to leave a comment.