Page tree

Contents

The 

located within the Cloud Services Portal defines the common threat intelligence data classification groups in the TIDE platform, as well as the specific properties that these groups encompass.

When using the Threat Classification Guide, the threat indicators returned by a search contain Class and Property fields (e.g. class Bot and property Bot_Bankpatch). The Threat Classification Guide contains descriptions of all classes and properties supported by Dossier and TIDE.

Each threat indicator belongs to a specific class and has a default expiration time (TTL). The default expiration time for all threat classes are provided on the Default TTLs page. To search for a specific threat type, search by threat class or property using the search box to narrow down the results.

Expired threat indicators are still available in the database and returned by a search, but they are not included in the BloxOne/DNS Firewall feeds. The Cyber Threat Intelligence team periodically checks the indicators for validity and accuracy.

  • No labels

This page has no comments.