Microsoft Graph · Schema

microsoft.graph.security.intelligenceProfile

Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
View JSON Schema on GitHub

JSON Schema

microsoft-graph-microsoftgraphsecurityintelligenceprofile-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.security.intelligenceProfile",
  "title": "microsoft.graph.security.intelligenceProfile",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.entity"
    },
    {
      "title": "intelligenceProfile",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "aliases": {
          "type": "array",
          "items": {
            "type": "string",
            "nullable": true
          },
          "description": "A list of commonly-known aliases for the threat intelligence included in the intelligenceProfile."
        },
        "countriesOrRegionsOfOrigin": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.security.intelligenceProfileCountryOrRegionOfOrigin"
          },
          "description": "The country/region of origin for the given actor or threat associated with this intelligenceProfile."
        },
        "description": {
          "$ref": "#/components/schemas/microsoft.graph.security.formattedContent"
        },
        "firstActiveDateTime": {
          "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
          "type": "string",
          "description": "The date and time when this intelligenceProfile was first active. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
          "format": "date-time"
        },
        "kind": {
          "$ref": "#/components/schemas/microsoft.graph.security.intelligenceProfileKind"
        },
        "summary": {
          "$ref": "#/components/schemas/microsoft.graph.security.formattedContent"
        },
        "targets": {
          "type": "array",
          "items": {
            "type": "string",
            "nullable": true
          },
          "description": "Known targets related to this intelligenceProfile."
        },
        "title": {
          "type": "string",
          "description": "The title of this intelligenceProfile."
        },
        "tradecraft": {
          "anyOf": [
            {
              "$ref": "#/components/schemas/microsoft.graph.security.formattedContent"
            },
            {
              "type": "object",
              "nullable": true
            }
          ],
          "description": "Formatted information featuring a description of the distinctive tactics, techniques, and procedures (TTP) of the group, followed by a list of all known custom, commodity, and publicly available implants used by the group."
        },
        "indicators": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.security.intelligenceProfileIndicator"
          },
          "description": "Includes an assemblage of high-fidelity network indicators of compromise.",
          "x-ms-navigationProperty": true
        },
        "@odata.type": {
          "type": "string"
        }
      }
    }
  ],
  "x-ms-discriminator-value": "#microsoft.graph.security.intelligenceProfile"
}