The OSINT (Open Source Intelligence) profile contains one or more indicators and associated analysis and details, such as registrar (WHOIS) information and commentary about a hostname, or information about a digital certificate and its usage within a campaign. This information can be used to further enrich a detection or finding by providing decisioning support to other analysts and engineers within the profile itself.
Attributes
Section titled “Attributes”osint
- Type:
osint - Requirement: required
The OSINT (Open Source Intelligence) object contains details related to an indicator such as the indicator itself, related indicators, geolocation, registrar information, subdomains, analyst commentary, and other contextual information. This information can be used to further enrich a detection or finding by providing decisioning support to other analysts and engineers.
Available In
Section titled “Available In”account_changeadmin_group_queryairborne_broadcast_activityapi_activityapplication_errorapplication_lifecycleapplication_security_posture_findingauthenticationauthorize_sessionbase_eventcloud_resources_inventory_infocompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activitydrone_flights_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_log_actvityevidence_infofile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityiam_analysis_findingincident_findinginventory_infojob_querykernel_activitykernel_extension_activitykernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activityosint_inventory_infopatch_stateperipheral_activityperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activityscript_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitystartup_item_querytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/windows_resource_activitywin/windows_service_activity