| ClassificationЕxt |
classification |
Optional |
String |
The threat classification. |
| Classification IDs |
classification_ids |
Recommended |
Integer Array |
The array of threat classifications.
| 0 | Unclassified | | |
| 1 | Ad Clicker | | |
| 2 | ADS | | |
| 3 | Adware | | |
| 4 | Android | | |
| 5 | APT | | |
| 6 | Backdoor | | |
| 7 | Banker | | |
| 8 | Banking | | |
| 9 | Bitcoin | | |
| 10 | Bitcoin miner | | |
| 11 | Bootkit | | |
| 12 | Bot | | |
| 13 | Botnet | | |
| 14 | Browser Hijack | | |
| 15 | Browser Modifier | | |
| 16 | Bundle Installer | | |
| 17 | Clicker | | |
| 18 | Click Fraud | | |
| 19 | DDOS | | |
| 20 | Destructive | | |
| 21 | Dialer | | |
| 22 | DOS | | |
| 23 | Downloader | | |
| 24 | Downware | | |
| 25 | Dropper | | |
| 26 | EmailWorm | | |
| 27 | Evasion | | |
| 28 | Exploit | | |
| 29 | FakeAV | | |
| 30 | File Infector | | |
| 31 | Gaming | | |
| 32 | Hack Tool | | |
| 33 | Info | | |
| 34 | Injector | | |
| 35 | iOS | | |
| 36 | IRCBot | | |
| 37 | Key Logger | | |
| 38 | Kill AV | | |
| 39 | Macro | | |
| 40 | Mass Mailer | | |
| 41 | Miner | | |
| 42 | More Info | | |
| 43 | Password Stealer | | |
| 44 | POS | | |
| 45 | POST | | |
| 46 | Power Shell | | |
| 47 | Proxy | | |
| 48 | Proxy Avoidance | | |
| 49 | PUA | | |
| 50 | PWS | | |
| 51 | Ransom | | |
| 52 | Ransomware | | |
| 53 | RAT | | |
| 54 | Remote Admin | | |
| 55 | Riskware | | |
| 56 | Rootkit | | |
| 57 | SMS-Send | | |
| 58 | SMS Worm | | |
| 59 | SMTP Client | | |
| 60 | Spam | | |
| 61 | Spy | | |
| 62 | Spyware | | |
| 63 | Start Page | | |
| 64 | Test tool | | |
| 65 | Toolbar | | |
| 66 | TOR | | |
| 67 | Trojan | | |
| 68 | Virus | | |
| 69 | Web Injects | | |
| 70 | WMI | | |
| 71 | Worm | | |
| 72 | Man in the Middle (MITM) | | |
| 73 | Suspicious Network | | |
| 74 | SMS Phishing | | |
| 75 | C&C Server | | |
|
| CVE IDЕxt |
cve_uid |
Optional |
String |
The common vulnerabilities and exposures (CVE) identifier. |
| ID |
id |
Recommended |
Long |
The threat identifier as reported by the detection engine; for example a virus id or an IPS signature id. |
| Name |
name |
Recommended |
String |
The threat name as reported by the detection engine. |
| ProviderЕxt |
provider |
Optional |
String |
The origin of the reputation and category information. For example: "CAS", "CASMA", "Cynic", "Skeptic", or "Synapse". |
| Risk |
risk_id |
Recommended |
Integer |
The cumulative risk rating of the threat as defined by the Foresight policy.
| 0 | Unknown | | |
| 100 | Bad | | |
| 200 | Somewhat Bad | | |
| 300 | Neutral | | |
| 400 | Somewhat Good | | |
| 500 | Untrusted | | |
| 501 | Bad IPS Signature from Safe URL | | |
|
| Threat Sub IDЕxt |
sub_id |
Optional |
Integer |
The threat sub identifier as reported by the detection engine. Note: Pertains only to IPS threats. |
| Type |
type_id |
Recommended |
Integer |
The threat type as reported by the detection engine.
| 1 | Malware | | |
| 2 | Behavioral | | |
| 3 | Potentially Unwanted Applications | | |
| 4 | Exploit (MEM) | | |
| 5 | Heuristic | | |
| 6 | Security Risk | | |
|