Threatbook component - Security Center - Alibaba Cloud Documentation Center

The Threatbook component calls Threatbook APIs to retrieve file analysis reports and assess threats from IP addresses and domain names.

Prerequisites

Before you use the Threatbook component, go to System Settings > Feature Settings > Multi-cloud Configuration Management and authorize your off-cloud IDC assets in the Multi-cloud Assets module. If you have already completed the authorization, you can skip this step. The procedure is as follows:

Add authorization and select IDC. In the asset access panel, configure the parameters as follows:
Note
By default, ThreatBook is authorized for Agentic SOC. Other features are not supported.
Parameter
Description
Vendor
ThreatBook.
Product
Threat Intelligence Cloud API.
Account ID
The ThreatBook account ID.
API KEY
The ThreatBook API KEY.
Configure the policy: To prevent an invalid AccessKey from affecting your services, turn on AK Service Status Check.

Features

Action	Description
fileReport	Gets detailed static and dynamic analysis reports for a file. The reports include a summary, network behavior, behavioral signatures, static information, dropped file behavior, process behavior, and antivirus scan engine detection results.
iocReport	Analyzes IP addresses or domain names for outbound access scenarios, such as office or production networks. It uses rules to accurately determine if an IP address or domain name is malicious, its risk severity level, and its confidence level. It also identifies threats such as C2 servers, malware, and miner pools, and provides related security event or threat actor tags.
ipReport	Analyzes IP addresses for inbound scenarios. It provides the geographic location and ASN information of the IP address. It uses rules to accurately determine if the IP address is malicious, its risk severity level, and its confidence level. It also identifies threat types, such as exploits and zombies, and provides related security event or threat actor tags.

Configuration example

This topic provides configuration examples for each action in the Threatbook component. You can import these examples as test playbooks. The visual editor helps you understand and test the configuration parameters for each action. This makes it easy to learn the component's logic and how to use it. For more information, see Import a playbook.

Note

Save the sample data as a JSON file.

Sample data

{
	"cells": [{
		"position": {
			"x": -400,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#63ba4d",
				"strokeWidth": 2
			},
			"label": {
				"text": "start",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			},
			"path": {
				"stroke": "#63ba4d"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
		"zIndex": 1,
		"data": {
			"nodeType": "startEvent",
			"appType": "basic",
			"nodeName": "start",
			"icon": "icon-circle",
			"description": "The start node of the playbook. A playbook must have one and only one start node. You must configure input data for the playbook.",
			"cascaderValue": []
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic",
			"icon": "icon-upper-right-arrow",
			"isRequired": true
		},
		"isNode": false,
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"target": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"router": {
			"name": "normal"
		},
		"visible": true,
		"vertices": [{
			"x": -382,
			"y": -247
		}]
	}, {
		"position": {
			"x": 140,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 2
			},
			"path": {
				"r": 12,
				"refX": "50%",
				"refY": "50%",
				"fill": "#d93026",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 4
			},
			"label": {
				"text": "end",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
		"zIndex": 1,
		"data": {
			"nodeType": "endEvent",
			"appType": "basic",
			"nodeName": "end",
			"icon": "icon-radio-off-full",
			"description": "end"
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "circle",
			"selector": "path"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -280
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "file_report"
			}
		},
		"shape": "activity",
		"id": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "file_report",
			"valueData": {
				"userId": "",
				"resource": "${event.file}",
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Gets detailed static and dynamic analysis reports for a file. The reports include a summary, network behavior, behavioral signatures, static information, dropped file behavior, process behavior, and antivirus scan engine detection results.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "fileReport",
			"cascaderValue": [{
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"status": "success"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -170
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ioc_report"
			}
		},
		"shape": "activity",
		"id": "e0082b2e-d82c-464f-a22f-9b67eb47a363",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ioc_report",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ioc}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Analyzes IP addresses or domain names for outbound access scenarios, such as office or production networks. It uses rules to accurately determine if an IP address or domain name is malicious, its risk severity level, and its confidence level. It also identifies threats such as C2 servers, malware, and miner pools, and provides related security event or threat actor tags.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "iocReport",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"customInput": false,
			"id": 0,
			"name": "iocReport",
			"operateType": "general",
			"parameters": [{
				"dataType": "String",
				"defaultValue": "",
				"description": "",
				"enDescription": "",
				"name": "userId",
				"needCascader": false,
				"required": false,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "The account ID configured for Threatbook in Security Center under Feature Settings > Multicloud Configuration Management.",
				"enDescription": "",
				"name": "cloudUserId",
				"needCascader": false,
				"required": true,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "An IP address or domain name. You can query up to 100 resources in a batch. Separate them with commas. You can query an IP address with a port to get high-confidence results. Example of IP addresses with ports in a request: 8.8.8.8:143,0.0.0.0:80 ",
				"enDescription": "",
				"name": "resource",
				"needCascader": false,
				"required": true,
				"tags": ""
			}],
			"riskLevel": 2,
			"actionDisplayName": "iocReport"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -55
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ip_reputation"
			}
		},
		"shape": "activity",
		"id": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85",
		"zIndex": 1,
		"data": {
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ip_reputation",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ip}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Analyzes IP addresses for inbound scenarios. It provides the geographic location and ASN information of the IP address. It uses rules to accurately determine if the IP address is malicious, its risk severity level, and its confidence level. It also identifies threat types, such as exploits and zombies, and provides related security event or threat actor tags.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "ipReputation",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_2",
				"value": "${Threatbook_2}",
				"children": [{
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity}"
				}, {
					"label": "Threatbook_2.total_exe",
					"name": "Threatbook_2.total_exe",
					"value": "${Threatbook_2.total_exe}"
				}, {
					"label": "Threatbook_2.total_data_successful",
					"name": "Threatbook_2.total_data_successful",
					"value": "${Threatbook_2.total_data_successful}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type}"
				}, {
					"label": "Threatbook_2.total_exe_successful",
					"name": "Threatbook_2.total_exe_successful",
					"value": "${Threatbook_2.total_exe_successful}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats}"
				}, {
					"label": "Threatbook_2.total_data",
					"name": "Threatbook_2.total_data",
					"value": "${Threatbook_2.total_data}"
				}, {
					"label": "Threatbook_2.total_data_with_dup",
					"name": "Threatbook_2.total_data_with_dup",
					"value": "${Threatbook_2.total_data_with_dup}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level}"
				}, {
					"label": "Threatbook_2.status",
					"name": "Threatbook_2.status",
					"value": "${Threatbook_2.status}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank}"
				}]
			}, {
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}]
		},
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ae6ca05c-ebd1-41f1-a94d-489fdc308861",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "8f084c6d-9afd-4ecb-8c9d-3c7824f9de2f",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"vertices": [{
			"x": -382,
			"y": -22
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "e55e80d8-fab6-42ac-91ab-da7697ec80dd",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		},
		"vertices": [{
			"x": 158,
			"y": -247
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ba2021dc-533b-4ba3-a1a7-69f05f3c7515",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "c3c22836-585a-4f5e-a3ec-92ecedfad6ba",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}]
}

fileReport

Retrieves detailed static and dynamic analysis reports for a file. The reports include a summary, network behavior, behavioral signatures, static information, dropped file behavior, process behavior, and antivirus scan engine detection results.

Note

For more information, see the Threatbook document File Reputation Report.

Input parameters

Parameter	Description	Example
userId	The ID of the associated Alibaba Cloud account. Important You can set this to the ID of a member account managed by the current Alibaba Cloud account. For more information about how to add a member account, see Multi-account security management. If you leave this parameter empty, the ID of the current Alibaba Cloud account is used.	XXX
cloudUserId	The Threatbook account ID. For more information, see Prerequisites.	7f7c*************7fcca4
resource	The hash of the file for which you want to get an analysis report. SHA256, SHA1, and MD5 are supported.	44d88612*************1278abb02f

Output parameters

Parameter	Description
multiengines	The detection results from antivirus scan engines. This is a JSON object. The fields are described as follows: result: The detection result from each scan engine. The values are described as follows: If no threat is detected, the value is safe. If a threat is detected, the value is the tag of the detected virus. scan_time: The time when the sample was scanned by multiple engines, for example, 2019-10-22 16:17:48.
summary	Summary information. This is a JSON object. The fields are described as follows: threat_level: The threat level, which is a comprehensive result determined from static analysis, multi-engine antivirus scans, and dynamic analysis in multiple sandbox environments. malicious: Malicious suspicious: Suspicious Status: Safe unknown: Unknown malware_type: Threat classification. For a complete list of threat classifications, see Complete List of Sample Threat Classifications. malware_family: The virus family, such as Xorddos. is_whitelist: Indicates whether the file is on the whitelist. true: The file is on the whitelist. false: The file is not on the whitelist. submit_time: The time the file was submitted, for example, 2019-01-22 17:36:21. file_name: The file name. file_type: The file type. sample_sha256: The SHA256 hash of the file. md5: The MD5 hash of the file. sha1: The SHA1 hash of the file. scenes: Scenario detection. Cybercrime: Cybercrime sample. CS_Detect: Cobalt Strike trojan sample. RT_Tools: Red team tool. Exploit: Vulnerability exploit. HW202X: Major event support sample. The value varies by year. tag: Tags. This is a JSON object. The fields are described as follows: s: Static tags. This is a JSON array. An example is "abnormal timestamp". For some common tags, see Some Common Sample Tags. x: Antivirus engine detection tags. threat_score: The threat score. sandbox_type: The specified sandbox environment for this analysis. For a complete list of runtime environments, see Complete List of Sandbox Runtime Environments. sandbox_type_list: A list of all sandbox environments where the sample was successfully analyzed. multi_engines: The detection rate of the antivirus scan engines.
signature	Behavioral signatures. This is a JSON array. Each item contains the following fields: severity: The severity level. This is an integer. A larger value indicates a higher severity. references: References. This is a JSON array. sig_class: The signature classification. name: The signature name. description: The behavior description. markcount: The mark count. marks: The raw data of the signature. This is a JSON array. families: The sample families. This is a JSON array. attck_id: The ATT&CK ID. attck_info: The ATT&CK details. This is a JSON array.
static	Static information. This is a JSON object. For a complete example of a static information report response, see Complete Example of a File Static Information Report Response.
pstree	Process behavior.
network	Network behavior. fingerprint: Fingerprint information. This is a JSON array. tls: TLS protocol. This is a JSON array. udp: UDP protocol. This is a JSON array. dns_servers: DNS service. This is a JSON array. http: HTTP protocol. This is a JSON array. irc: IRC protocol. This is a JSON array. smtp: SMTP protocol. This is a JSON array. tcp: TCP protocol. This is a JSON array. smtp_ex: Extended SMTP protocol data. This is a JSON array. mitm: Man-in-the-middle. This is a JSON array. hosts: Network hosts. This is a JSON array. dns: Domain Name System. This is a JSON array. http_ex: Extended HTTP protocol data. This is a JSON array. domains: Domain names. This is a JSON array. dead_hosts: Dead hosts. This is a JSON array. icmp: ICMP protocol. This is a JSON array. https_ex: Extended HTTPS protocol data. This is a JSON array.
dropped	Dropped file behavior. This is a JSON array. Each item contains the following fields: sha1: The SHA1 hash of the file. This is a string. sha256: The SHA256 hash of the file. This is a string. md5: The MD5 hash of the file. This is a string. urls: Extracted URLs. This is a JSON array. size: The file size. This is an integer. filepath: The file path. This is a string. name: The file name. This is a string. crc32: The CRC32 of the file. This is a string. ssdeep: The SSDeep hash of the file. This is a string. type: The file type. This is a string. yara: YARA. This is a JSON array.
strings	String-related information. This is a JSON object. Each item contains the following fields: sha256: The strings extracted from the file. The value varies based on the SHA256 hash and corresponds to the static characters of the file itself. This is an array. pcap: The strings extracted from the traffic. This is an array.
permalink	The URL of the web sandbox report page.

iocReport

Analyzes IP addresses or domain names for outbound access scenarios, such as office or production networks. It uses rules to accurately determine if an IP address or domain name is malicious, its risk severity level, and its confidence level. It also identifies threats such as C2 servers, malware, and miner pools, and provides related security event or threat actor tags.

Note

For more information, see the Threatbook document Compromise Detection.

Input parameters

Parameter	Description	Example
userId	The ID of the associated Alibaba Cloud account. Important You can set this to the ID of a member account managed by the current Alibaba Cloud account. For more information about how to add a member account, see Multi-account security management. If you leave this parameter empty, the ID of the current Alibaba Cloud account is used.	XXX
cloudUserId	The Threatbook account ID. For more information, see Prerequisites.	7f7c*************7fcca4
resource	An IP address or domain name. You can query up to 100 resources in a batch. Separate them with commas. Note You can query an IP address with a port.	test.com or 0.0.0.0:80.

Output parameters

Type	Parameter	Description
ip	is_malicious	Indicates whether it is malicious. true: Malicious. false: Not malicious.
	confidence_level	The confidence level. high: High medium: Medium low: Low
	severity	The overall severity of the threat. Severity: Critical high: High medium: Medium low: Low info: No threat
	judgments	The threat type. Based on the malicious properties of the IOC, this includes different types: Malicious Command and Control (C2): Remote Control Sinkhole C2: C2 server sinkholed by a security organization MiningPool: Miner Pool CoinMiner: Private miner pool Malware: Malware Not malicious Whitelist: Whitelist Info: Basic information. Note For child classes related to Info, see All Threat Types.
	tags_classes	Information about related threat actors or security events. This is a JSON array. Each item contains the following fields: tags_type: The tag category, such as "industry", "gangs", or "virus_family". tags: The specific threat actor or security event tag, such as APT or OceanLotus.
	permalink	Link to intelligence details. The URL of the complete threat intelligence analysis page for the IP address or domain name.
domain	categories	Domain name categorization. This is a JSON object. Each item contains the following fields: first_cats: The level 1 category. This is an array. second_cats: The level 2 category. This is a string. Other fields are the same as those for "ip".

ipReport

Analyzes IP addresses and domain names involved in outbound connections from office and production networks. It uses rules to determine whether an IP address or domain name is malicious and assesses the associated risk, severity, and credibility. It detects threats such as Command and Control (C2), malware, and Miner Pools, and provides related information, such as security events and threat actor group tags.

Note

For more information, see the Threatbook document IP Reputation.

Input parameters

Parameter	Description	Example
userId	The ID of the associated Alibaba Cloud account. Important You can set this to the ID of a member account managed by the current Alibaba Cloud account. For more information about how to add a member account, see Multi-account security management. If you leave this parameter empty, the ID of the current Alibaba Cloud account is used.	XXX
cloudUserId	The Threatbook account ID. For more information, see Prerequisites.	7f7c*************7fcca4
resource	An IP address. You can query up to 100 IP addresses in a batch. Separate them with commas.	0.0.0.0

Output parameters

Parameter	Description
basic	basic returns a JSON object. The fields are described as follows: carrier: The carrier or service provider. location: The location information for the IP address. This is a JSON object. The fields are described as follows: country: The country. country_code: The country code. province: The province. city: The city lng: The longitude. lat: The latitude.
is_malicious	Indicates whether the IP address is malicious. true: Malicious. false: Not malicious.
confidence_level	The confidence level. This is the confidence level of the maliciousness, determined by the intelligence source and a confidence model. low: Low medium: Medium high: High
severity	The severity level. This indicates the severity of the threat. critical: Critical high: High medium: Medium low: Low info: No threat
judgments	The comprehensive threat type determined from threat intelligence analysis. This is a JSON array. Malicious types: Spam: Spam Zombie: A compromised computer under remote control. Scanner: Scan Exploit: Vulnerability exploit botnet Brute Force: Brute-force attack Note For child classes related to Brute Force, see Full set of threat types. Non-malicious types: Whitelist: whitelist Info: Basic information.
tags_classes	Information about related threat actors or security events. This is a JSON array. Each item contains the following fields: tags_type: The tag category, such as "industry", "gangs", or "virus_family". tags: The specific threat actor or security event tag, such as Mirai.
asn	ASN information. This is a JSON object that contains: number: The ASN. info: The AS name. rank: The risk value. A value from 0 to 4. A larger value indicates a higher risk.
update_time	The last update time of the intelligence.
scene	Application scenario. Examples include leased line and data center. For a complete list, see Application Scenario Classification.
feature	Asset features. This is a JSON array that contains: category: The category. For more information about categories, see IP Reputation · Advanced Field Classification. tag_name: The specific asset feature tag. tag_desc: The description of the tag.
entity	Attributed entity. This is a JSON array that contains: category: The level 1 category. For more information about categories, see IP Reputation · Advanced Field Classification. type: The level 2 category. tag_name: The specific attributed entity tag. tag_desc: The description of the tag.
hist_behavior	Attack behavior. This is a JSON array that contains: category: The category. For more information about categories, see IP Reputation · Advanced Field Classification. tag_name: The specific attack behavior tag. tag_desc: The description of the tag. vuln_id: The specific vulnerability ID when the category is "Vulnerability Exploit".
evaluation	Impact assessment. This is a JSON object that contains: active: Popularity. high: High medium: Medium low: Low honeypot_hit: Indicates whether the threat was captured by a honeypot. true: The threat was captured by a honeypot. false: The threat was not captured by a honeypot.
fraud	Fraudulent behavior. This is a JSON array that contains: tag_name: The specific fraudulent behavior tag. tag_desc: The description of the tag.
permalink	A link to the intelligence query result page for the IP address.

Reference

For more information about Threatbook response status codes and message descriptions, see Response status codes and message descriptions.

Parameter	Description
Vendor	ThreatBook.
Product	Threat Intelligence Cloud API.
Account ID	The ThreatBook account ID.
API KEY	The ThreatBook API KEY.