McAfee (Trellix) · Schema
Threat
AntivirusCybersecurityEndpoint ProtectionSecurityThreat Intelligence
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique threat ID |
| type | string | |
| attributes | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/Threat",
"title": "Threat",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Unique threat ID"
},
"type": {
"type": "string",
"enum": [
"threats"
]
},
"attributes": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Threat name"
},
"severity": {
"type": "string",
"enum": [
"low",
"medium",
"high",
"critical"
],
"description": "Threat severity level"
},
"status": {
"type": "string",
"enum": [
"new",
"investigating",
"resolved",
"dismissed"
],
"description": "Current threat status"
},
"detectedAt": {
"type": "string",
"format": "date-time",
"description": "Detection timestamp"
},
"hostName": {
"type": "string",
"description": "Affected hostname"
},
"processName": {
"type": "string",
"description": "Associated process name"
},
"filePath": {
"type": "string",
"description": "Associated file path"
},
"sha256": {
"type": "string",
"description": "SHA-256 hash of the associated file"
},
"mitreAttackTechnique": {
"type": "string",
"description": "MITRE ATT&CK technique ID"
}
}
}
}
}