Komponen Threatbook - Security Center

Komponen Threatbook memanggil API Threatbook untuk mengambil laporan analisis file serta menilai ancaman dari alamat IP dan nama domain.

Prasyarat

Sebelum menggunakan Komponen Threatbook, buka System Settings > Feature Settings > Multi-cloud Configuration Management dan otorisasi aset IDC off-cloud Anda di modul Multi-cloud Assets. Jika sudah menyelesaikan otorisasi, Anda dapat melewati langkah ini. Prosedurnya adalah sebagai berikut:

Klik Add Authorization dan pilih IDC. Di panel akses aset, konfigurasikan parameter berikut:
Catatan
Secara default, ThreatBook diotorisasi untuk analisis ancaman dan tanggapan. Fitur lainnya tidak didukung.
Item konfigurasi
Deskripsi
Vendor
ThreatBook.
Produk
Threat Intelligence Cloud API.
ID Akun
ID akun ThreatBook.
API KEY
API KEY ThreatBook.
Konfigurasikan kebijakan: Untuk mencegah AccessKey yang tidak valid memengaruhi layanan Anda, aktifkan AK Service Status Check.

Fitur

Tindakan	Deskripsi
fileReport	Mendapatkan laporan analisis statis dan dinamis terperinci untuk sebuah file. Laporan tersebut mencakup ringkasan, perilaku jaringan, tanda tangan perilaku, informasi statis, perilaku file yang dijatuhkan, perilaku proses, dan hasil deteksi mesin pemindaian antivirus.
iocReport	Menganalisis alamat IP atau nama domain untuk skenario akses keluar, seperti jaringan kantor atau produksi. Ini menggunakan aturan untuk secara akurat menentukan apakah alamat IP atau nama domain bersifat jahat, tingkat risiko parahnya, dan tingkat kepercayaannya. Ini juga mengidentifikasi ancaman seperti server C2, malware, dan kolam penambang, serta memberikan tag acara keamanan atau pelaku ancaman terkait.
ipReport	Menganalisis alamat IP untuk skenario masuk. Ini menyediakan lokasi geografis dan informasi ASN dari alamat IP. Ini menggunakan aturan untuk secara akurat menentukan apakah alamat IP bersifat jahat, tingkat risiko parahnya, dan tingkat kepercayaannya. Ini juga mengidentifikasi jenis ancaman, seperti eksploitasi dan zombie, serta memberikan tag acara keamanan atau pelaku ancaman terkait.

Contoh konfigurasi komponen

Topik ini menyediakan contoh konfigurasi untuk setiap aksi dalam Komponen Threatbook. Contoh-contoh ini dapat diimpor sebagai playbook uji. Editor visual membantu Anda memahami dan menguji parameter konfigurasi untuk setiap aksi, sehingga lebih mudah untuk mempelajari logika komponen dan cara menggunakannya. Untuk informasi lebih lanjut, lihat Impor sebuah playbook.

Catatan

Simpan data sampel sebagai file JSON.

Data Sampel

{
	"cells": [{
		"position": {
			"x": -400,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#63ba4d",
				"strokeWidth": 2
			},
			"label": {
				"text": "start",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			},
			"path": {
				"stroke": "#63ba4d"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
		"zIndex": 1,
		"data": {
			"nodeType": "startEvent",
			"appType": "basic",
			"nodeName": "start",
			"icon": "icon-circle",
			"description": "Node awal dari playbook. Sebuah playbook harus memiliki satu dan hanya satu node awal. Anda harus mengonfigurasi data masukan untuk playbook.",
			"cascaderValue": []
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic",
			"icon": "icon-upper-right-arrow",
			"isRequired": true
		},
		"isNode": false,
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"target": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"router": {
			"name": "normal"
		},
		"visible": true,
		"vertices": [{
			"x": -382,
			"y": -247
		}]
	}, {
		"position": {
			"x": 140,
			"y": -155
		},
		"size": {
			"width": 36,
			"height": 36
		},
		"attrs": {
			"body": {
				"fill": "white",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 2
			},
			"path": {
				"r": 12,
				"refX": "50%",
				"refY": "50%",
				"fill": "#d93026",
				"strokeOpacity": 0.95,
				"stroke": "#d93026",
				"strokeWidth": 4
			},
			"label": {
				"text": "end",
				"fontSize": 12,
				"refX": 0.5,
				"refY": "100%",
				"refY2": 4,
				"textAnchor": "middle",
				"textVerticalAnchor": "top"
			}
		},
		"visible": true,
		"shape": "circle",
		"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
		"zIndex": 1,
		"data": {
			"nodeType": "endEvent",
			"appType": "basic",
			"nodeName": "end",
			"icon": "icon-radio-off-full",
			"description": "end"
		},
		"markup": [{
			"tagName": "circle",
			"selector": "body"
		}, {
			"tagName": "circle",
			"selector": "path"
		}, {
			"tagName": "text",
			"selector": "label"
		}],
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -280
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "file_report"
			}
		},
		"shape": "activity",
		"id": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "file_report",
			"valueData": {
				"userId": "",
				"resource": "${event.file}",
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Mendapatkan laporan analisis statis dan dinamis terperinci untuk sebuah file. Laporan tersebut mencakup ringkasan, perilaku jaringan, tanda tangan perilaku, informasi statis, perilaku file yang dijatuhkan, perilaku proses, dan hasil deteksi mesin pemindaian antivirus.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "fileReport",
			"cascaderValue": [{
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"status": "success"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -170
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ioc_report"
			}
		},
		"shape": "activity",
		"id": "e0082b2e-d82c-464f-a22f-9b67eb47a363",
		"zIndex": 1,
		"data": {
			"isDebug": false,
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ioc_report",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ioc}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Menganalisis alamat IP atau nama domain untuk skenario akses keluar, seperti jaringan kantor atau produksi. Ini menggunakan aturan untuk secara akurat menentukan apakah alamat IP atau nama domain bersifat jahat, tingkat risiko parahnya, dan tingkat kepercayaannya. Ini juga mengidentifikasi ancaman seperti server C2, malware, dan kolam penambang, serta memberikan tag acara keamanan atau pelaku ancaman terkait.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "iocReport",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value":"${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}],
			"customInput": false,
			"id": 0,
			"name": "iocReport",
			"operateType": "general",
			"parameters": [{
				"dataType": "String",
				"defaultValue": "",
				"description": "",
				"enDescription": "",
				"name": "userId",
				"needCascader": false,
				"required": false,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "ID akun yang dikonfigurasi untuk Threatbook di Pusat Keamanan di bawah Pengaturan Fitur > Manajemen Konfigurasi Multicloud.",
				"enDescription": "",
				"name": "cloudUserId",
				"needCascader": false,
				"required": true,
				"tags": ""
			}, {
				"dataType": "String",
				"defaultValue": "",
				"description": "Alamat IP atau nama domain. Anda dapat meminta hingga 100 sumber daya dalam satu batch. Pisahkan dengan koma. Anda dapat meminta alamat IP dengan port untuk mendapatkan hasil berkepercayaan tinggi. Contoh alamat IP dengan port dalam permintaan: 8.8.8.8:143,0.0.0.0:80 ",
				"enDescription": "",
				"name": "resource",
				"needCascader": false,
				"required": true,
				"tags": ""
			}],
			"riskLevel": 2,
			"actionDisplayName": "iocReport"
		},
		"isNode": true
	}, {
		"position": {
			"x": -190,
			"y": -55
		},
		"size": {
			"width": 137,
			"height": 66
		},
		"view": "react-shape-view",
		"attrs": {
			"label": {
				"text": "ip_reputation"
			}
		},
		"shape": "activity",
		"id": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85",
		"zIndex": 1,
		"data": {
			"nodeType": "action",
			"appType": "component",
			"nodeName": "ip_reputation",
			"valueData": {
				"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
				"resource": "${event.ip}"
			},
			"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
			"description": "Menganalisis alamat IP untuk skenario masuk. Ini memberikan lokasi geografis dan informasi ASN dari alamat IP. Ini menggunakan aturan untuk secara akurat menentukan apakah alamat IP bersifat jahat, tingkat risiko parahnya, dan tingkat kepercayaannya. Ini juga mengidentifikasi jenis ancaman, seperti eksploitasi dan zombie, serta memberikan tag acara keamanan atau pelaku ancaman terkait.",
			"advance": {
				"inputParamMode": false,
				"onError": "stop_cur_flow",
				"rspStatusType": 3,
				"rspStatusThreshold": 0
			},
			"componentName": "Threatbook",
			"actionName": "ipReputation",
			"status": "failed",
			"cascaderValue": [{
				"label": "Threatbook_2",
				"value": "${Threatbook_2}",
				"children": [{
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity}"
				}, {
					"label": "Threatbook_2.total_exe",
					"name": "Threatbook_2.total_exe",
					"value": "${Threatbook_2.total_exe}"
				}, {
					"label": "Threatbook_2.total_data_successful",
					"name": "Threatbook_2.total_data_successful",
					"value": "${Threatbook_2.total_data_successful}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type}"
				}, {
					"label": "Threatbook_2.total_exe",
					"name": "Threatbook_2.total_exe",
					"value": "${Threatbook_2.total_exe}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats}"
				}, {
					"label": "Threatbook_2.total_data",
					"name": "Threatbook_2.total_data",
					"value": "${Threatbook_2.total_data}"
				}, {
					"label": "Threatbook_2.total_data_with_dup",
					"name": "Threatbook_2.total_data_with_dup",
					"value": "${Threatbook_2.total_data_with_dup}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2.com.rank.umbrella_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level}"
				}, {
					"label": "Threatbook_2.status",
					"name": "Threatbook_2.status",
					"value": "${Threatbook_2.status}"
				}, {
					"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
					"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank}"
				}]
			}, {
				"label": "Threatbook_1",
				"value": "${Threatbook_1}",
				"children": [{
					"label": "Threatbook_1.datalist.*.network.tls_ex",
					"name": "Threatbook_1.datalist.*.network.tls_ex",
					"value": "${Threatbook_1.datalist.*.network.tls_ex}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_size",
					"name": "Threatbook_1.datalist.*.summary.file_size",
					"value": "${Threatbook_1.datalist.*.summary.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.md5",
					"name": "Threatbook_1.datalist.*.summary.md5",
					"value": "${Threatbook_1.datalist.*.summary.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
					"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
				}, {
					"label": "Threatbook_1.total_exe",
					"name": "Threatbook_1.total_exe",
					"value": "${Threatbook_1.total_exe}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sample_sha256",
					"name": "Threatbook_1.datalist.*.summary.sample_sha256",
					"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_family",
					"name": "Threatbook_1.datalist.*.summary.malware_family",
					"value": "${Threatbook_1.datalist.*.summary.malware_family}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.md5",
					"name": "Threatbook_1.datalist.*.static.basic.md5",
					"value": "${Threatbook_1.datalist.*.static.basic.md5}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.s",
					"name": "Threatbook_1.datalist.*.summary.tag.s",
					"value": "${Threatbook_1.datalist.*.summary.tag.s}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
					"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.tag.x",
					"name": "Threatbook_1.datalist.*.summary.tag.x",
					"value": "${Threatbook_1.datalist.*.summary.tag.x}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_name",
					"name": "Threatbook_1.datalist.*.summary.file_name",
					"value": "${Threatbook_1.datalist.*.summary.file_name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.markcount",
					"name": "Threatbook_1.datalist.*.signature.*.markcount",
					"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_score",
					"name": "Threatbook_1.datalist.*.summary.threat_score",
					"value": "${Threatbook_1.datalist.*.summary.threat_score}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
					"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_type",
					"name": "Threatbook_1.datalist.*.static.basic.file_type",
					"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sha1",
					"name": "Threatbook_1.datalist.*.summary.sha1",
					"value": "${Threatbook_1.datalist.*.summary.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
				}, {
					"label": "Threatbook_1.total_exe_successful",
					"name": "Threatbook_1.total_exe_successful",
					"value": "${Threatbook_1.total_exe_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.threat_level",
					"name": "Threatbook_1.datalist.*.summary.threat_level",
					"value": "${Threatbook_1.datalist.*.summary.threat_level}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.en",
					"name": "Threatbook_1.datalist.*.pstree.process_name.en",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.malware_type",
					"name": "Threatbook_1.datalist.*.summary.malware_type",
					"value": "${Threatbook_1.datalist.*.summary.malware_type}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha256",
					"name": "Threatbook_1.datalist.*.static.basic.sha256",
					"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
					"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
				}, {
					"label": "Threatbook_1.total_data_successful",
					"name": "Threatbook_1.total_data_successful",
					"value": "${Threatbook_1.total_data_successful}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.sig_class",
					"name": "Threatbook_1.datalist.*.signature.*.sig_class",
					"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.attck_id",
					"name": "Threatbook_1.datalist.*.signature.*.attck_id",
					"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
				}, {
					"label": "Threatbook_1.total_data",
					"name": "Threatbook_1.total_data",
					"value": "${Threatbook_1.total_data}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.sandbox_type",
					"name": "Threatbook_1.datalist.*.summary.sandbox_type",
					"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
				}, {
					"label": "Threatbook_1.total_data_with_dup",
					"name": "Threatbook_1.total_data_with_dup",
					"value": "${Threatbook_1.total_data_with_dup}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.multi_engines",
					"name": "Threatbook_1.datalist.*.summary.multi_engines",
					"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.file_type",
					"name": "Threatbook_1.datalist.*.summary.file_type",
					"value": "${Threatbook_1.datalist.*.summary.file_type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
					"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.K7",
					"name": "Threatbook_1.datalist.*.multiengines.result.K7",
					"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
					"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.name",
					"name": "Threatbook_1.datalist.*.signature.*.name",
					"value": "${Threatbook_1.datalist.*.signature.*.name}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.scan_time",
					"name": "Threatbook_1.datalist.*.multiengines.scan_time",
					"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.is_whitelist",
					"name": "Threatbook_1.datalist.*.summary.is_whitelist",
					"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
					"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
				}, {
					"label": "Threatbook_1.status",
					"name": "Threatbook_1.status",
					"value": "${Threatbook_1.status}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
					"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
					"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
				}, {
					"label": "Threatbook_1.datalist.*.network.dns_servers",
					"name": "Threatbook_1.datalist.*.network.dns_servers",
					"value": "${Threatbook_1.datalist.*.network.dns_servers}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.description",
					"name": "Threatbook_1.datalist.*.signature.*.description",
					"value": "${Threatbook_1.datalist.*.signature.*.description}"
				}, {
					"label": "Threatbook_1.datalist.*.strings.pcap",
					"name": "Threatbook_1.datalist.*.strings.pcap",
					"value": "${Threatbook_1.datalist.*.strings.pcap}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
					"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
					"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
					"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
					"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
					"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_size",
					"name": "Threatbook_1.datalist.*.static.basic.file_size",
					"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
				}, {
					"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
					"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
					"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
				}, {
					"label": "Threatbook_1.datalist.*.network.secret_info",
					"name": "Threatbook_1.datalist.*.network.secret_info",
					"value": "${Threatbook_1.datalist.*.network.secret_info}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.sha1",
					"name": "Threatbook_1.datalist.*.static.basic.sha1",
					"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.track",
					"name": "Threatbook_1.datalist.*.pstree.children.*.track",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
				}, {
					"label": "Threatbook_1.datalist.*.summary.submit_time",
					"name": "Threatbook_1.datalist.*.summary.submit_time",
					"value": "${Threatbook_1.datalist.*.summary.submit_time}"
				}, {
					"label": "Threatbook_1.datalist.*.signature.*.severity",
					"name": "Threatbook_1.datalist.*.signature.*.severity",
					"value": "${Threatbook_1.datalist.*.signature.*.severity}"
				}, {
					"label": "Threatbook_1.datalist.*.permalink",
					"name": "Threatbook_1.datalist.*.permalink",
					"value": "${Threatbook_1.datalist.*.permalink}"
				}, {
					"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
					"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
				}, {
					"label": "Threatbook_1.datalist.*.static.basic.file_name",
					"name": "Threatbook_1.datalist.*.static.basic.file_name",
					"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
				}]
			}, {
				"label": "configuration",
				"value": "${configuration}",
				"children": [{
					"label": "configuration.datalist.*.triggerType",
					"name": "configuration.datalist.*.triggerType",
					"value": "${configuration.datalist.*.triggerType}"
				}, {
					"label": "configuration.datalist.*._req_uuid",
					"name": "configuration.datalist.*._req_uuid",
					"value": "${configuration.datalist.*._req_uuid}"
				}, {
					"label": "configuration.datalist.*.scope.*.aliUid",
					"name": "configuration.datalist.*.scope.*.aliUid",
					"value": "${configuration.datalist.*.scope.*.aliUid}"
				}, {
					"label": "configuration.datalist.*.process.start_time",
					"name": "configuration.datalist.*.process.start_time",
					"value": "${configuration.datalist.*.process.start_time}"
				}, {
					"label": "configuration.status",
					"name": "configuration.status",
					"value": "${configuration.status}"
				}, {
					"label": "configuration.datalist.*.process.proc_id",
					"name": "configuration.datalist.*.process.proc_id",
					"value": "${configuration.datalist.*.process.proc_id}"
				}, {
					"label": "configuration.datalist.*._tenant_id",
					"name": "configuration.datalist.*._tenant_id",
					"value": "${configuration.datalist.*._tenant_id}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.host_uuid",
					"name": "configuration.datalist.*.process.host_uuid.host_uuid",
					"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
				}, {
					"label": "configuration.total_data",
					"name": "configuration.total_data",
					"value": "${configuration.total_data}"
				}, {
					"label": "configuration.datalist.*._trigger_user",
					"name": "configuration.datalist.*._trigger_user",
					"value": "${configuration.datalist.*._trigger_user}"
				}, {
					"label": "configuration.datalist.*.process.host_uuid.os_type",
					"name": "configuration.datalist.*.process.host_uuid.os_type",
					"value": "${configuration.datalist.*.process.host_uuid.os_type}"
				}, {
					"label": "configuration.datalist.*.process.cmd_line",
					"name": "configuration.datalist.*.process.cmd_line",
					"value": "${configuration.datalist.*.process.cmd_line}"
				}, {
					"label": "configuration.datalist.*.triggerUser",
					"name": "configuration.datalist.*.triggerUser",
					"value": "${configuration.datalist.*.triggerUser}"
				}, {
					"label": "configuration.datalist.*._domain_id",
					"name": "configuration.datalist.*._domain_id",
					"value": "${configuration.datalist.*._domain_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.file_path",
					"name": "configuration.datalist.*.process.file_path.file_path",
					"value": "${configuration.datalist.*.process.file_path.file_path}"
				}, {
					"label": "configuration.total_data_with_dup",
					"name": "configuration.total_data_with_dup",
					"value": "${configuration.total_data_with_dup}"
				}, {
					"label": "configuration.total_exe_successful",
					"name": "configuration.total_exe_successful",
					"value": "${configuration.total_exe_successful}"
				}, {
					"label": "configuration.datalist.*.scope.*.cloudCode",
					"name": "configuration.datalist.*.scope.*.cloudCode",
					"value": "${configuration.datalist.*.scope.*.cloudCode}"
				}, {
					"label": "configuration.total_data_successful",
					"name": "configuration.total_data_successful",
					"value": "${configuration.total_data_successful}"
				}, {
					"label": "configuration.total_exe",
					"name": "configuration.total_exe",
					"value": "${configuration.total_exe}"
				}, {
					"label": "configuration.datalist.*.scope.*.userId",
					"name": "configuration.datalist.*.scope.*.userId",
					"value": "${configuration.datalist.*.scope.*.userId}"
				}, {
					"label": "configuration.datalist.*._region_id",
					"name": "configuration.datalist.*._region_id",
					"value": "${configuration.datalist.*._region_id}"
				}, {
					"label": "configuration.datalist.*.process.file_path.hash_value",
					"name": "configuration.datalist.*.process.file_path.hash_value",
					"value": "${configuration.datalist.*.process.file_path.hash_value}"
				}]
			}]
		},
		"isNode": true
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ae6ca05c-ebd1-41f1-a94d-489fdc308861",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "8f084c6d-9afd-4ecb-8c9d-3c7824f9de2f",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
		},
		"visible": true,
		"target": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"vertices": [{
			"x": -382,
			"y": -22
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#63ba4d",
				"targetMarker": {
					"stroke": "#63ba4d"
				}
			}
		},
		"zIndex": 1,
		"id": "e55e80d8-fab6-42ac-91ab-da7697ec80dd",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "normal"
		},
		"source": {
			"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		},
		"vertices": [{
			"x": 158,
			"y": -247
		}]
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "ba2021dc-533b-4ba3-a1a7-69f05f3c7515",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}, {
		"shape": "custom-edge",
		"attrs": {
			"line": {
				"stroke": "#d93026",
				"targetMarker": {
					"stroke": "#d93026"
				}
			}
		},
		"zIndex": 1,
		"id": "c3c22836-585a-4f5e-a3ec-92ecedfad6ba",
		"data": {
			"nodeType": "sequenceFlow",
			"appType": "basic"
		},
		"router": {
			"name": "manhattan",
			"args": {
				"padding": 5,
				"excludeHiddenNodes": true,
				"excludeNodes": ["clone_node_id"]
			}
		},
		"source": {
			"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
		},
		"visible": true,
		"target": {
			"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
		}
	}]
}

fileReport

Mengambil laporan analisis statis dan dinamis terperinci untuk sebuah file. Laporan tersebut mencakup ringkasan, perilaku jaringan, tanda tangan perilaku, informasi statis, perilaku file yang dijatuhkan, perilaku proses, serta hasil deteksi mesin pemindaian antivirus.

Catatan

Untuk informasi lebih lanjut, lihat dokumen Threatbook Laporan Reputasi File.

Parameter Masukan

Parameter	Deskripsi	Contoh
userId	ID akun Alibaba Cloud terkait. Penting Anda dapat mengatur ini ke ID akun anggota yang dikelola oleh akun Alibaba Cloud saat ini. Untuk informasi lebih lanjut tentang cara menambahkan akun anggota, lihat Manajemen keamanan multi-akun. Jika Anda membiarkan parameter ini kosong, ID akun Alibaba Cloud saat ini akan digunakan.	XXX
cloudUserId	ID akun Threatbook. Untuk informasi lebih lanjut, lihat Prasyarat.	7f7c*************7fcca4
resource	Hash dari file yang ingin Anda dapatkan laporan analisisnya. SHA256, SHA1, dan MD5 didukung.	44d88612*************1278abb02f

Parameter Keluaran

Parameter	Deskripsi
multiengines	Hasil deteksi dari mesin pemindaian antivirus. Ini adalah objek JSON. Bidang-bidangnya dijelaskan sebagai berikut: result: Hasil deteksi dari setiap mesin pemindaian. Nilai-nilainya dijelaskan sebagai berikut: Jika tidak ada ancaman yang terdeteksi, nilainya adalah aman. Jika ancaman terdeteksi, nilainya adalah tag virus yang terdeteksi. scan_time: Waktu ketika sampel dipindai oleh beberapa mesin, misalnya, 2019-10-22 16:17:48.
summary	Informasi ringkasan. Ini adalah objek JSON. Bidang-bidangnya dijelaskan sebagai berikut: threat_level: Tingkat ancaman, yang merupakan hasil komprehensif yang ditentukan dari analisis statis, pemindaian antivirus multi-mesin, dan analisis dinamis di beberapa lingkungan sandbox. malicious: Jahat suspicious: Mencurigakan Status: Aman unknown: Tidak diketahui malware_type: Klasifikasi ancaman. Untuk daftar lengkap klasifikasi ancaman, lihat Semua Daftar Klasifikasi Ancaman Sampel. malware_family: Keluarga virus, seperti Xorddos. is_whitelist: Menunjukkan apakah file berada dalam daftar putih. true: File berada dalam daftar putih. false: File tidak berada dalam daftar putih. submit_time: Waktu file dikirim, misalnya, 2019-01-22 17:36:21. file_name: Nama file. file_type: Jenis file. sample_sha256: Hash SHA256 dari file. md5: Hash MD5 dari file. sha1: Hash SHA1 dari file. scenes: Deteksi skenario. Cybercrime: Sampel kejahatan siber. CS_Detect: Sampel trojan Cobalt Strike. RT_Tools: Alat tim merah. Exploit: Eksploitasi kerentanan. HW202X: Dukungan acara besar sampel. Nilainya bervariasi berdasarkan tahun. tag: Tag. Ini adalah objek JSON. Bidang-bidangnya dijelaskan sebagai berikut: s: Tag statis. Ini adalah array JSON. Contohnya adalah "timestamp abnormal". Untuk beberapa tag umum, lihat Beberapa Tag Sampel Umum. x: Tag deteksi mesin antivirus. threat_score: Skor ancaman. sandbox_type: Lingkungan sandbox yang ditentukan untuk analisis ini. Untuk daftar lengkap lingkungan runtime, lihat Daftar Lengkap Lingkungan Runtime Sandbox. sandbox_type_list: Daftar semua lingkungan sandbox tempat sampel berhasil dianalisis. multi_engines: Tingkat deteksi mesin pemindaian antivirus.
signature	Tanda tangan perilaku. Ini adalah array JSON. Setiap item berisi bidang-bidang berikut: severity: Tingkat keparahan. Ini adalah bilangan bulat. Nilai yang lebih besar menunjukkan tingkat keparahan yang lebih tinggi. references: Referensi. Ini adalah array JSON. sig_class: Klasifikasi tanda tangan. name: Nama tanda tangan. description: Deskripsi perilaku. markcount: Jumlah mark. marks: Data mentah dari tanda tangan. Ini adalah array JSON. families: Keluarga sampel. Ini adalah array JSON. attck_id: ID ATT&CK. attck_info: Detail ATT&CK. Ini adalah array JSON.
static	Informasi statis. Ini adalah objek JSON. Untuk contoh lengkap respons laporan informasi statis file, lihat Contoh Lengkap Respons Laporan Informasi Statis File.
pstree	Perilaku proses.
network	Perilaku jaringan. fingerprint: Informasi sidik jari. Ini adalah array JSON. tls: Protokol TLS. Ini adalah array JSON. udp: Protokol UDP. Ini adalah array JSON. dns_servers: Layanan DNS. Ini adalah array JSON. http: Protokol HTTP. Ini adalah array JSON. irc: Protokol IRC. Ini adalah array JSON. smtp: Protokol SMTP. Ini adalah array JSON. tcp: Protokol TCP. Ini adalah array JSON. smtp_ex: Data protokol SMTP yang diperluas. Ini adalah array JSON. mitm: Man-in-the-middle. Ini adalah array JSON. hosts: Host jaringan. Ini adalah array JSON. dns: Domain Name System. Ini adalah array JSON. http_ex: Data protokol HTTP yang diperluas. Ini adalah array JSON. domains: Nama domain. Ini adalah array JSON. dead_hosts: Host mati. Ini adalah array JSON. icmp: Protokol ICMP. Ini adalah array JSON. https_ex: Data protokol HTTPS yang diperluas. Ini adalah array JSON.
dropped	Perilaku file yang dijatuhkan. Ini adalah array JSON. Setiap item berisi bidang-bidang berikut: sha1: Hash SHA1 dari file. Ini adalah string. sha256: Hash SHA256 dari file. Ini adalah string. md5: Hash MD5 dari file. Ini adalah string. urls: URL yang diekstraksi. Ini adalah array JSON. size: Ukuran file. Ini adalah bilangan bulat. filepath: Jalur file. Ini adalah string. name: Nama file. Ini adalah string. crc32: CRC32 dari file. Ini adalah string. ssdeep: Hash SSDeep dari file. Ini adalah string. type: Jenis file. Ini adalah string. yara: YARA. Ini adalah array JSON.
strings	Informasi terkait string. Ini adalah objek JSON. Setiap item berisi bidang-bidang berikut: sha256: String yang diekstraksi dari file. Nilainya bervariasi berdasarkan hash SHA256 dan sesuai dengan karakter statis dari file itu sendiri. Ini adalah array. pcap: String yang diekstraksi dari lalu lintas. Ini adalah array.
permalink	URL halaman laporan web sandbox.

iocReport

Menganalisis alamat IP atau nama domain untuk skenario akses keluar, seperti jaringan kantor atau produksi. Ini menggunakan aturan untuk secara akurat menentukan apakah alamat IP atau nama domain bersifat jahat, tingkat risiko parahnya, dan tingkat kepercayaannya. Ini juga mengidentifikasi ancaman seperti server C2, malware, dan kolam penambang, serta memberikan tag acara keamanan atau pelaku ancaman terkait.

Catatan

Untuk informasi lebih lanjut, lihat dokumen Threatbook Deteksi Kompromi.

Parameter Masukan

Parameter	Deskripsi	Contoh
userId	ID akun Alibaba Cloud terkait. Penting Anda dapat mengatur ini ke ID akun anggota yang dikelola oleh akun Alibaba Cloud saat ini. Untuk informasi lebih lanjut tentang cara menambahkan akun anggota, lihat Manajemen keamanan multi-akun. Jika Anda membiarkan parameter ini kosong, ID akun Alibaba Cloud saat ini akan digunakan.	XXX
cloudUserId	ID akun Threatbook. Untuk informasi lebih lanjut, lihat Prasyarat.	7f7c*************7fcca4
resource	Alamat IP atau nama domain. Anda dapat meminta hingga 100 sumber daya dalam satu batch. Pisahkan mereka dengan koma. Catatan Anda dapat meminta alamat IP dengan port.	test.com atau 0.0.0.0:80.

Parameter Keluaran

Tipe	Parameter	Deskripsi
ip	is_malicious	Menunjukkan apakah itu jahat. true: Jahat. false: Tidak jahat.
	confidence_level	Tingkat kepercayaan. high: Tinggi medium: Menengah low: Rendah
	severity	Tingkat keparahan keseluruhan dari ancaman. Tingkat Keparahan: Kritis high: Tinggi medium: Menengah low: Rendah info: Tidak ada ancaman
	judgments	Jenis ancaman. Berdasarkan properti jahat IOC, ini mencakup berbagai jenis: Jahat Command and Control (C2): Kontrol Jarak Jauh Sinkhole C2: Server C2 yang disinkhole oleh organisasi keamanan MiningPool: Kolam Penambang CoinMiner: Kolam penambang pribadi Malware: Malware Tidak jahat Whitelist: Daftar putih Info: Informasi dasar. Catatan Untuk kelas anak terkait Info, lihat Semua Jenis Ancaman.
	tags_classes	Informasi tentang pelaku ancaman atau acara keamanan terkait. Ini adalah array JSON. Setiap item berisi bidang-bidang berikut: tags_type: Kategori tag, seperti "industri", "gang", atau "keluarga virus". tags: Tag pelaku ancaman atau acara keamanan spesifik, seperti APT atau OceanLotus.
	permalink	Tautan ke detail intelijen. URL halaman analisis intelijen ancaman lengkap untuk alamat IP atau nama domain.
domain	categories	Klasifikasi nama domain. Ini adalah objek JSON. Setiap item berisi bidang-bidang berikut: first_cats: Kategori tingkat 1. Ini adalah array. second_cats: Kategori tingkat 2. Ini adalah string. Bidang lainnya sama dengan yang untuk "ip".

ipReport

Menganalisis alamat IP dan nama domain yang terlibat dalam koneksi keluar dari jaringan kantor dan produksi. Ini menggunakan aturan untuk menentukan apakah alamat IP atau nama domain bersifat jahat dan menilai risiko, tingkat keparahan, serta kredibilitas yang terkait. Ini mendeteksi ancaman seperti Command and Control (C2), malware, dan Kolam Penambang, serta memberikan informasi terkait, seperti peristiwa keamanan dan tag kelompok aktor ancaman.

Catatan

Untuk informasi lebih lanjut, lihat dokumen Threatbook Reputasi IP.

Parameter Masukan

Parameter	Deskripsi	Contoh
userId	ID akun Alibaba Cloud terkait. Penting Anda dapat mengatur ini ke ID akun anggota yang dikelola oleh akun Alibaba Cloud saat ini. Untuk informasi lebih lanjut tentang cara menambahkan akun anggota, lihat Manajemen keamanan multi-akun. Jika Anda membiarkan parameter ini kosong, ID akun Alibaba Cloud saat ini akan digunakan.	XXX
cloudUserId	ID akun Threatbook. Untuk informasi lebih lanjut, lihat Prasyarat.	7f7c*************7fcca4
resource	Alamat IP. Anda dapat meminta hingga 100 alamat IP dalam satu batch. Pisahkan mereka dengan koma.	0.0.0.0

Parameter Keluaran

Parameter	Deskripsi
basic	basic mengembalikan objek JSON. Bidang-bidangnya dijelaskan sebagai berikut: carrier: Penyedia layanan atau operator. location: Informasi lokasi untuk alamat IP. Ini adalah objek JSON. Bidang-bidangnya dijelaskan sebagai berikut: country: Negara. country_code: Kode negara. province: Provinsi. city: Kota. lng: Garis bujur. lat: Garis lintang.
is_malicious	Menunjukkan apakah alamat IP bersifat jahat. true: Jahat. false: Tidak jahat.
confidence_level	Tingkat kepercayaan. Ini adalah tingkat kepercayaan dari sifat jahat, yang ditentukan oleh sumber intelijen dan model kepercayaan. low: Rendah medium: Menengah high: Tinggi
severity	Tingkat keparahan. Ini menunjukkan tingkat keparahan ancaman. critical: Kritis high: Tinggi medium: Menengah low: Rendah info: Tidak ada ancaman
judgments	Jenis ancaman komprehensif yang ditentukan dari analisis intelijen ancaman. Ini adalah array JSON. Jenis jahat: Spam: Spam Zombie: Komputer yang terganggu di bawah kendali jarak jauh. Scanner: Pemindaian Exploit: Eksploitasi kerentanan botnet Brute Force: Serangan brute-force Catatan Untuk kelas anak terkait Brute Force, lihat Seluruh set jenis ancaman. Jenis non-jahat: Whitelist: Daftar putih Info: Informasi dasar.
tags_classes	Informasi tentang pelaku ancaman atau acara keamanan terkait. Ini adalah array JSON. Setiap item berisi bidang-bidang berikut: tags_type: Kategori tag, seperti "industri", "gang", atau "keluarga virus". tags: Tag pelaku ancaman atau acara keamanan spesifik, seperti Mirai.
asn	Informasi ASN. Ini adalah objek JSON yang berisi: number: ASN. info: Nama AS. rank: Nilai risiko. Nilai dari 0 hingga 4. Nilai yang lebih besar menunjukkan risiko yang lebih tinggi.
update_time	Waktu pembaruan terakhir dari intelijen.
scene	Skenario aplikasi. Contohnya termasuk jalur sewa dan pusat data. Untuk daftar lengkap, lihat Klasifikasi Skenario Aplikasi.
feature	Fitur aset. Ini adalah array JSON yang berisi: category: Kategori. Untuk informasi lebih lanjut tentang kategori, lihat Klasifikasi Bidang Lanjutan Reputasi IP. tag_name: Tag fitur aset spesifik. tag_desc: Deskripsi tag.
entity	Entitas yang diatribusikan. Ini adalah array JSON yang berisi: category: Kategori tingkat 1. Untuk informasi lebih lanjut tentang kategori, lihat Klasifikasi Bidang Lanjutan Reputasi IP. type: Kategori tingkat 2. tag_name: Tag entitas atribusi spesifik. tag_desc: Deskripsi tag.
hist_behavior	Perilaku serangan. Ini adalah array JSON yang berisi: category: Kategori. Untuk informasi lebih lanjut tentang kategori, lihat Klasifikasi Bidang Lanjutan Reputasi IP. tag_name: Tag perilaku serangan spesifik. tag_desc: Deskripsi tag. vuln_id: ID kerentanan spesifik ketika kategori adalah "Eksploitasi Kerentanan".
evaluation	Penilaian dampak. Ini adalah objek JSON yang berisi: active: Popularitas. high: Tinggi medium: Menengah low: Rendah honeypot_hit: Menunjukkan apakah ancaman tersebut ditangkap oleh honeypot. true: Ancaman tersebut ditangkap oleh honeypot. false: Ancaman tersebut tidak ditangkap oleh honeypot.
fraud	Perilaku penipuan. Ini adalah array JSON yang berisi: tag_name: Tag perilaku penipuan spesifik. tag_desc: Deskripsi tag.
permalink	Tautan ke halaman hasil kueri intelijen untuk alamat IP.

Referensi

Untuk informasi lebih lanjut tentang kode status respons Threatbook dan deskripsi pesan, lihat Kode Status Respons dan Deskripsi Pesan.

Item konfigurasi	Deskripsi
Vendor	ThreatBook.
Produk	Threat Intelligence Cloud API.
ID Akun	ID akun ThreatBook.
API KEY	API KEY ThreatBook.