When using the Threat Classification Guide, the threat indicators returned by a search contain Class and Property fields (e.g. class Bot and property Bot_Bankpatch). The Threat Classification Guide contains descriptions of all classes and properties supported by Dossier and TIDE.
Each threat indicator belongs to a specific class and has a default expiration time (TTL). The default expiration time for all threat classes are provided on the Default TTLs page. To search for a specific threat type, search by threat class or property using the search box to narrow down the results.
Expired threat indicators are still available in the database and returned by a search, but they are not included in the BloxOne/DNS Firewall feeds. The Cyber Threat Intelligence team periodically checks the indicators for validity and accuracy.
This page has no comments.