Threatbook コンポーネントは Threatbook API を呼び出して、ファイル分析レポートを取得し、IP アドレスとドメイン名からの脅威を評価します。
前提条件
Threatbook コンポーネントを使用する前に、システム設定 > 機能の設定 > マルチクラウドの設定と管理 に移動し、マルチクラウドアセット モジュールでオフクラウド IDC 資産を承認します。すでに権限付与を完了している場合は、このステップをスキップできます。手順は次のとおりです。
[権限付与の追加] をクリックし、IDC を選択します。資産アクセスパネルで、次のようにパラメーターを構成します。
説明デフォルトでは、ThreatBook が脅威分析と応答用に承認されています。その他の機能はサポートされていません。
設定項目
説明
ベンダー
ThreatBook。
製品
Threat Intelligence Cloud API。
アカウント ID
ThreatBook のアカウント ID。
API KEY
ThreatBook の API KEY。
ポリシーを構成する: 無効な AccessKey がサービスに影響を与えないようにするには、AK サービスのステータスチェック をオンにします。
特徴
操作 | 説明 |
fileReport | ファイルの詳細な静的および動的分析レポートを取得します。レポートには、概要、ネットワーク動作、行動署名、静的情報、ドロップされたファイルの動作、プロセス動作、およびウイルス対策スキャンエンジンの検出結果が含まれます。 |
iocReport | オフィスや本番ネットワークなどのアウトバウンドアクセスシナリオの IP アドレスまたはドメイン名を分析します。ルールを使用して、IP アドレスまたはドメイン名が悪意のあるものかどうか、そのリスクの重大度レベル、および信頼度レベルを正確に判断します。また、C2 サーバー、マルウェア、マイナープールなどの脅威を特定し、関連するセキュリティイベントまたは脅威アクターのタグを提供します。 |
ipReport | インバウンドシナリオの IP アドレスを分析します。IP アドレスの地理的位置と ASN 情報を提供します。ルールを使用して、IP アドレスが悪意のあるものかどうか、そのリスクの重大度レベル、および信頼度レベルを正確に判断します。また、エクスプロイトやゾンビなどの脅威タイプを特定し、関連するセキュリティイベントまたは脅威アクターのタグを提供します。 |
コンポーネント構成例
このトピックでは、Threatbook コンポーネントの各操作の構成例を示します。これらの例をテストプレイブックとしてインポートできます。ビジュアルエディターは、各操作の構成パラメーターを理解し、テストするのに役立ちます。これにより、コンポーネントのロジックと使用方法を簡単に学習できます。詳細については、「プレイブックをインポートする」をご参照ください。
説明
サンプルデータを JSON ファイルとして保存します。
サンプルデータ
{
"cells": [{
"position": {
"x": -400,
"y": -155
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#63ba4d",
"strokeWidth": 2
},
"label": {
"text": "start",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
},
"path": {
"stroke": "#63ba4d"
}
},
"visible": true,
"shape": "circle",
"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
"zIndex": 1,
"data": {
"nodeType": "startEvent",
"appType": "basic",
"nodeName": "start",
"icon": "icon-circle",
"description": "プレイブックの開始ノード。プレイブックには開始ノードが 1 つだけ必要です。プレイブックの入力データを構成する必要があります。",
"cascaderValue": []
},
"markup": [{
"tagName": "circle",
"selector": "body"
}, {
"tagName": "text",
"selector": "label"
}],
"isNode": true
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"icon": "icon-upper-right-arrow",
"isRequired": true
},
"isNode": false,
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"target": {
"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
},
"router": {
"name": "normal"
},
"visible": true,
"vertices": [{
"x": -382,
"y": -247
}]
}, {
"position": {
"x": 140,
"y": -155
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#d93026",
"strokeWidth": 2
},
"path": {
"r": 12,
"refX": "50%",
"refY": "50%",
"fill": "#d93026",
"strokeOpacity": 0.95,
"stroke": "#d93026",
"strokeWidth": 4
},
"label": {
"text": "end",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
}
},
"visible": true,
"shape": "circle",
"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
"zIndex": 1,
"data": {
"nodeType": "endEvent",
"appType": "basic",
"nodeName": "end",
"icon": "icon-radio-off-full",
"description": "終了"
},
"markup": [{
"tagName": "circle",
"selector": "body"
}, {
"tagName": "circle",
"selector": "path"
}, {
"tagName": "text",
"selector": "label"
}],
"isNode": true
}, {
"position": {
"x": -190,
"y": -280
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "file_report"
}
},
"shape": "activity",
"id": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61",
"zIndex": 1,
"data": {
"isDebug": false,
"nodeType": "action",
"appType": "component",
"nodeName": "file_report",
"valueData": {
"userId": "",
"resource": "${event.file}",
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "ファイルの詳細な静的および動的分析レポートを取得します。レポートには、概要、ネットワーク動作、行動署名、静的情報、ドロップされたファイルの動作、プロセス動作、およびウイルス対策スキャンエンジンの検出結果が含まれます。",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "fileReport",
"cascaderValue": [{
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}],
"status": "success"
},
"isNode": true
}, {
"position": {
"x": -190,
"y": -170
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "ioc_report"
}
},
"shape": "activity",
"id": "e0082b2e-d82c-464f-a22f-9b67eb47a363",
"zIndex": 1,
"data": {
"isDebug": false,
"nodeType": "action",
"appType": "component",
"nodeName": "ioc_report",
"valueData": {
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
"resource": "${event.ioc}"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "オフィスや本番ネットワークなどのアウトバウンドアクセスシナリオの IP アドレスまたはドメイン名を分析します。ルールを使用して、IP アドレスまたはドメイン名が悪意のあるものかどうか、そのリスクの重大度レベル、および信頼度レベルを正確に判断します。また、C2 サーバー、マルウェア、マイナープールなどの脅威を特定し、関連するセキュリティイベントまたは脅威アクターのタグを提供します。",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "iocReport",
"status": "failed",
"cascaderValue": [{
"label": "Threatbook_1",
"value": "${Threatbook_1}",
"children": [{
"label": "Threatbook_1.datalist.*.network.tls_ex",
"name": "Threatbook_1.datalist.*.network.tls_ex",
"value": "${Threatbook_1.datalist.*.network.tls_ex}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_size",
"name": "Threatbook_1.datalist.*.summary.file_size",
"value": "${Threatbook_1.datalist.*.summary.file_size}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
}, {
"label": "Threatbook_1.datalist.*.summary.md5",
"name": "Threatbook_1.datalist.*.summary.md5",
"value": "${Threatbook_1.datalist.*.summary.md5}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
}, {
"label": "Threatbook_1.total_exe",
"name": "Threatbook_1.total_exe",
"value": "${Threatbook_1.total_exe}"
}, {
"label": "Threatbook_1.datalist.*.summary.sample_sha256",
"name": "Threatbook_1.datalist.*.summary.sample_sha256",
"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_family",
"name": "Threatbook_1.datalist.*.summary.malware_family",
"value": "${Threatbook_1.datalist.*.summary.malware_family}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.md5",
"name": "Threatbook_1.datalist.*.static.basic.md5",
"value": "${Threatbook_1.datalist.*.static.basic.md5}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.s",
"name": "Threatbook_1.datalist.*.summary.tag.s",
"value": "${Threatbook_1.datalist.*.summary.tag.s}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.x",
"name": "Threatbook_1.datalist.*.summary.tag.x",
"value": "${Threatbook_1.datalist.*.summary.tag.x}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_name",
"name": "Threatbook_1.datalist.*.summary.file_name",
"value": "${Threatbook_1.datalist.*.summary.file_name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.markcount",
"name": "Threatbook_1.datalist.*.signature.*.markcount",
"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_score",
"name": "Threatbook_1.datalist.*.summary.threat_score",
"value": "${Threatbook_1.datalist.*.summary.threat_score}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_type",
"name": "Threatbook_1.datalist.*.static.basic.file_type",
"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
}, {
"label": "Threatbook_1.datalist.*.summary.sha1",
"name": "Threatbook_1.datalist.*.summary.sha1",
"value": "${Threatbook_1.datalist.*.summary.sha1}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
}, {
"label": "Threatbook_1.total_exe_successful",
"name": "Threatbook_1.total_exe_successful",
"value": "${Threatbook_1.total_exe_successful}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_level",
"name": "Threatbook_1.datalist.*.summary.threat_level",
"value": "${Threatbook_1.datalist.*.summary.threat_level}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.en",
"name": "Threatbook_1.datalist.*.pstree.process_name.en",
"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_type",
"name": "Threatbook_1.datalist.*.summary.malware_type",
"value": "${Threatbook_1.datalist.*.summary.malware_type}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha256",
"name": "Threatbook_1.datalist.*.static.basic.sha256",
"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
}, {
"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
}, {
"label": "Threatbook_1.total_data_successful",
"name": "Threatbook_1.total_data_successful",
"value": "${Threatbook_1.total_data_successful}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.sig_class",
"name": "Threatbook_1.datalist.*.signature.*.sig_class",
"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.attck_id",
"name": "Threatbook_1.datalist.*.signature.*.attck_id",
"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
}, {
"label": "Threatbook_1.total_data",
"name": "Threatbook_1.total_data",
"value": "${Threatbook_1.total_data}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type",
"name": "Threatbook_1.datalist.*.summary.sandbox_type",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
}, {
"label": "Threatbook_1.total_data_with_dup",
"name": "Threatbook_1.total_data_with_dup",
"value": "${Threatbook_1.total_data_with_dup}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
}, {
"label": "Threatbook_1.datalist.*.summary.multi_engines",
"name": "Threatbook_1.datalist.*.summary.multi_engines",
"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_type",
"name": "Threatbook_1.datalist.*.summary.file_type",
"value": "${Threatbook_1.datalist.*.summary.file_type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.K7",
"name": "Threatbook_1.datalist.*.multiengines.result.K7",
"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.name",
"name": "Threatbook_1.datalist.*.signature.*.name",
"value": "${Threatbook_1.datalist.*.signature.*.name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.scan_time",
"name": "Threatbook_1.datalist.*.multiengines.scan_time",
"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
}, {
"label": "Threatbook_1.datalist.*.summary.is_whitelist",
"name": "Threatbook_1.datalist.*.summary.is_whitelist",
"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
}, {
"label": "Threatbook_1.status",
"name": "Threatbook_1.status",
"value": "${Threatbook_1.status}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
}, {
"label": "Threatbook_1.datalist.*.network.dns_servers",
"name": "Threatbook_1.datalist.*.network.dns_servers",
"value": "${Threatbook_1.datalist.*.network.dns_servers}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.description",
"name": "Threatbook_1.datalist.*.signature.*.description",
"value": "${Threatbook_1.datalist.*.signature.*.description}"
}, {
"label": "Threatbook_1.datalist.*.strings.pcap",
"name": "Threatbook_1.datalist.*.strings.pcap",
"value": "${Threatbook_1.datalist.*.strings.pcap}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_size",
"name": "Threatbook_1.datalist.*.static.basic.file_size",
"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
}, {
"label": "Threatbook_1.datalist.*.network.secret_info",
"name": "Threatbook_1.datalist.*.network.secret_info",
"value": "${Threatbook_1.datalist.*.network.secret_info}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha1",
"name": "Threatbook_1.datalist.*.static.basic.sha1",
"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.track",
"name": "Threatbook_1.datalist.*.pstree.children.*.track",
"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
}, {
"label": "Threatbook_1.datalist.*.summary.submit_time",
"name": "Threatbook_1.datalist.*.summary.submit_time",
"value": "${Threatbook_1.datalist.*.summary.submit_time}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.severity",
"name": "Threatbook_1.datalist.*.signature.*.severity",
"value": "${Threatbook_1.datalist.*.signature.*.severity}"
}, {
"label": "Threatbook_1.datalist.*.permalink",
"name": "Threatbook_1.datalist.*.permalink",
"value": "${Threatbook_1.datalist.*.permalink}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_name",
"name": "Threatbook_1.datalist.*.static.basic.file_name",
"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
}]
}, {
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}],
"customInput": false,
"id": 0,
"name": "iocReport",
"operateType": "general",
"parameters": [{
"dataType": "String",
"defaultValue": "",
"description": "",
"enDescription": "",
"name": "userId",
"needCascader": false,
"required": false,
"tags": ""
}, {
"dataType": "String",
"defaultValue": "",
"description": "Security Center の [機能設定] > [マルチクラウド構成管理] で Threatbook 用に構成されたアカウント ID。",
"enDescription": "",
"name": "cloudUserId",
"needCascader": false,
"required": true,
"tags": ""
}, {
"dataType": "String",
"defaultValue": "",
"description": "IP アドレスまたはドメイン名。バッチで最大 100 個のリソースをクエリできます。カンマで区切ります。ポート付きの IP アドレスをクエリして、信頼性の高い結果を得ることができます。リクエスト内のポート付き IP アドレスの例: 8.8.8.8:143,0.0.0.0:80 ",
"enDescription": "",
"name": "resource",
"needCascader": false,
"required": true,
"tags": ""
}],
"riskLevel": 2,
"actionDisplayName": "iocReport"
},
"isNode": true
}, {
"position": {
"x": -190,
"y": -55
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "ip_reputation"
}
},
"shape": "activity",
"id": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85",
"zIndex": 1,
"data": {
"nodeType": "action",
"appType": "component",
"nodeName": "ip_reputation",
"valueData": {
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
"resource": "${event.ip}"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "インバウンドシナリオの IP アドレスを分析します。IP アドレスの地理的位置と ASN 情報を提供します。ルールを使用して、IP アドレスが悪意のあるものかどうか、そのリスクの重大度レベル、および信頼度レベルを正確に判断します。また、エクスプロイトやゾンビなどの脅威タイプを特定し、関連するセキュリティイベントまたは脅威アクターのタグを提供します。",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "ipReputation",
"status": "failed",
"cascaderValue": [{
"label": "Threatbook_2",
"value": "${Threatbook_2}",
"children": [{
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity}"
}, {
"label": "Threatbook_2.total_exe",
"name": "Threatbook_2.total_exe",
"value": "${Threatbook_2.total_exe}"
}, {
"label": "Threatbook_2.total_data_successful",
"name": "Threatbook_2.total_data_successful",
"value": "${Threatbook_2.total_data_successful}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type}"
}, {
"label": "Threatbook_2.total_exe_successful",
"name": "Threatbook_2.total_exe_successful",
"value": "${Threatbook_2.total_exe_successful}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats}"
}, {
"label": "Threatbook_2.total_data",
"name": "Threatbook_2.total_data",
"value": "${Threatbook_2.total_data}"
}, {
"label": "Threatbook_2.total_data_with_dup",
"name": "Threatbook_2.total_data_with_dup",
"value": "${Threatbook_2.total_data_with_dup}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level}"
}, {
"label": "Threatbook_2.status",
"name": "Threatbook_2.status",
"value": "${Threatbook_2.status}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank}"
}]
}, {
"label": "Threatbook_1",
"value": "${Threatbook_1}",
"children": [{
"label": "Threatbook_1.datalist.*.network.tls_ex",
"name": "Threatbook_1.datalist.*.network.tls_ex",
"value": "${Threatbook_1.datalist.*.network.tls_ex}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_size",
"name": "Threatbook_1.datalist.*.summary.file_size",
"value": "${Threatbook_1.datalist.*.summary.file_size}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
}, {
"label": "Threatbook_1.datalist.*.summary.md5",
"name": "Threatbook_1.datalist.*.summary.md5",
"value": "${Threatbook_1.datalist.*.summary.md5}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
}, {
"label": "Threatbook_1.total_exe",
"name": "Threatbook_1.total_exe",
"value": "${Threatbook_1.total_exe}"
}, {
"label": "Threatbook_1.datalist.*.summary.sample_sha256",
"name": "Threatbook_1.datalist.*.summary.sample_sha256",
"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_family",
"name": "Threatbook_1.datalist.*.summary.malware_family",
"value": "${Threatbook_1.datalist.*.summary.malware_family}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.md5",
"name": "Threatbook_1.datalist.*.static.basic.md5",
"value": "${Threatbook_1.datalist.*.static.basic.md5}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.s",
"name": "Threatbook_1.datalist.*.summary.tag.s",
"value": "${Threatbook_1.datalist.*.summary.tag.s}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.x",
"name": "Threatbook_1.datalist.*.summary.tag.x",
"value": "${Threatbook_1.datalist.*.summary.tag.x}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_name",
"name": "Threatbook_1.datalist.*.summary.file_name",
"value": "${Threatbook_1.datalist.*.summary.file_name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.markcount",
"name": "Threatbook_1.datalist.*.signature.*.markcount",
"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_score",
"name": "Threatbook_1.datalist.*.summary.threat_score",
"value": "${Threatbook_1.datalist.*.summary.threat_score}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_type",
"name": "Threatbook_1.datalist.*.static.basic.file_type",
"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
}, {
"label": "Threatbook_1.datalist.*.summary.sha1",
"name": "Threatbook_1.datalist.*.summary.sha1",
"value": "${Threatbook_1.datalist.*.summary.sha1}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
}, {
"label": "Threatbook_1.total_exe_successful",
"name": "Threatbook_1.total_exe_successful",
"value": "${Threatbook_1.total_exe_successful}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_level",
"name": "Threatbook_1.datalist.*.summary.threat_level",
"value": "${Threatbook_1.datalist.*.summary.threat_level}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.en",
"name": "Threatbook_1.datalist.*.pstree.process_name.en",
"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_type",
"name": "Threatbook_1.datalist.*.summary.malware_type",
"value": "${Threatbook_1.datalist.*.summary.malware_type}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha256",
"name": "Threatbook_1.datalist.*.static.basic.sha256",
"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
}, {
"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
}, {
"label": "Threatbook_1.total_data_successful",
"name": "Threatbook_1.total_data_successful",
"value": "${Threatbook_1.total_data_successful}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.sig_class",
"name": "Threatbook_1.datalist.*.signature.*.sig_class",
"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.attck_id",
"name": "Threatbook_1.datalist.*.signature.*.attck_id",
"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
}, {
"label": "Threatbook_1.total_data",
"name": "Threatbook_1.total_data",
"value": "${Threatbook_1.total_data}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type",
"name": "Threatbook_1.datalist.*.summary.sandbox_type",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
}, {
"label": "Threatbook_1.total_data_with_dup",
"name": "Threatbook_1.total_data_with_dup",
"value": "${Threatbook_1.total_data_with_dup}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
}, {
"label": "Threatbook_1.datalist.*.summary.multi_engines",
"name": "Threatbook_1.datalist.*.summary.multi_engines",
"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_type",
"name": "Threatbook_1.datalist.*.summary.file_type",
"value": "${Threatbook_1.datalist.*.summary.file_type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.K7",
"name": "Threatbook_1.datalist.*.multiengines.result.K7",
"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.name",
"name": "Threatbook_1.datalist.*.signature.*.name",
"value": "${Threatbook_1.datalist.*.signature.*.name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.scan_time",
"name": "Threatbook_1.datalist.*.multiengines.scan_time",
"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
}, {
"label": "Threatbook_1.datalist.*.summary.is_whitelist",
"name": "Threatbook_1.datalist.*.summary.is_whitelist",
"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
}, {
"label": "Threatbook_1.status",
"name": "Threatbook_1.status",
"value": "${Threatbook_1.status}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
}, {
"label": "Threatbook_1.datalist.*.network.dns_servers",
"name": "Threatbook_1.datalist.*.network.dns_servers",
"value": "${Threatbook_1.datalist.*.network.dns_servers}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.description",
"name": "Threatbook_1.datalist.*.signature.*.description",
"value": "${Threatbook_1.datalist.*.signature.*.description}"
}, {
"label": "Threatbook_1.datalist.*.strings.pcap",
"name": "Threatbook_1.datalist.*.strings.pcap",
"value": "${Threatbook_1.datalist.*.strings.pcap}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_size",
"name": "Threatbook_1.datalist.*.static.basic.file_size",
"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
}, {
"label": "Threatbook_1.datalist.*.network.secret_info",
"name": "Threatbook_1.datalist.*.network.secret_info",
"value": "${Threatbook_1.datalist.*.network.secret_info}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha1",
"name": "Threatbook_1.datalist.*.static.basic.sha1",
"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.track",
"name": "Threatbook_1.datalist.*.pstree.children.*.track",
"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
}, {
"label": "Threatbook_1.datalist.*.summary.submit_time",
"name": "Threatbook_1.datalist.*.summary.submit_time",
"value": "${Threatbook_1.datalist.*.summary.submit_time}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.severity",
"name": "Threatbook_1.datalist.*.signature.*.severity",
"value": "${Threatbook_1.datalist.*.signature.*.severity}"
}, {
"label": "Threatbook_1.datalist.*.permalink",
"name": "Threatbook_1.datalist.*.permalink",
"value": "${Threatbook_1.datalist.*.permalink}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_name",
"name": "Threatbook_1.datalist.*.static.basic.file_name",
"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
}]
}, {
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}]
},
"isNode": true
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "ae6ca05c-ebd1-41f1-a94d-489fdc308861",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"visible": true,
"target": {
"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
}
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "8f084c6d-9afd-4ecb-8c9d-3c7824f9de2f",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "normal"
},
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"visible": true,
"target": {
"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
},
"vertices": [{
"x": -382,
"y": -22
}]
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "e55e80d8-fab6-42ac-91ab-da7697ec80dd",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "normal"
},
"source": {
"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
},
"vertices": [{
"x": 158,
"y": -247
}]
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "ba2021dc-533b-4ba3-a1a7-69f05f3c7515",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
}
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "c3c22836-585a-4f5e-a3ec-92ecedfad6ba",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
}
}]
}fileReport
ファイルの詳細な静的および動的分析レポートを取得します。レポートには、概要、ネットワーク動作、行動署名、静的情報、ドロップされたファイルの動作、プロセス動作、およびウイルス対策スキャンエンジンの検出結果が含まれます。
説明
詳細については、Threatbook ドキュメント「ファイルレピュテーションレポート」をご参照ください。
入力パラメーター
パラメーター | 説明 | 例 |
userId | 関連付けられた Alibaba Cloud アカウントの ID。 重要
| XXX |
cloudUserId | Threatbook アカウント ID。詳細については、「前提条件」をご参照ください。 | 7f7c*************7fcca4 |
resource | 分析レポートを取得するファイルのハッシュ。SHA256、SHA1、および MD5 がサポートされています。 | 44d88612*************1278abb02f |
出力パラメーター
パラメーター | 説明 |
multiengines | ウイルス対策スキャンエンジンからの検出結果。これは JSON オブジェクトです。フィールドは次のように説明されます。
|
summary | 概要情報。これは JSON オブジェクトです。フィールドは次のように説明されます。
|
signature | 行動署名。これは JSON 配列です。各項目には次のフィールドが含まれます。
|
static | 静的情報。これは JSON オブジェクトです。静的情報レポート応答の完全な例については、「ファイル静的情報レポート応答の完全な例」をご参照ください。 |
pstree | プロセス動作。 |
network | ネットワーク動作。
|
dropped | ドロップされたファイルの動作。これは JSON 配列です。各項目には次のフィールドが含まれます。
|
strings | 文字列関連の情報。これは JSON オブジェクトです。各項目には次のフィールドが含まれます。
|
permalink | Web サンドボックスレポートページの URL。 |
iocReport
オフィスや本番ネットワークなどのアウトバウンドアクセスシナリオの IP アドレスまたはドメイン名を分析します。ルールを使用して、IP アドレスまたはドメイン名が悪意のあるものかどうか、そのリスクの重大度レベル、および信頼度レベルを正確に判断します。また、C2 サーバー、マルウェア、マイナープールなどの脅威を特定し、関連するセキュリティイベントまたは脅威アクターのタグを提供します。
説明
詳細については、Threatbook ドキュメント「侵害検出」をご参照ください。
入力パラメーター
パラメーター | 説明 | 例 |
userId | 関連付けられた Alibaba Cloud アカウントの ID。 重要
| XXX |
cloudUserId | Threatbook アカウント ID。詳細については、「前提条件」をご参照ください。 | 7f7c*************7fcca4 |
resource | IP アドレスまたはドメイン名。バッチで最大 100 個のリソースをクエリできます。カンマで区切ります。 説明 ポート付きの IP アドレスをクエリできます。 | test.com または 0.0.0.0:80。 |
出力パラメーター
タイプ | パラメーター | 説明 |
ip | is_malicious | 悪意のあるものかどうかを示します。
|
confidence_level | 信頼度レベル。
| |
severity | 脅威の全体的な重大度。
| |
judgments | 脅威タイプ。IOC の悪意のあるプロパティに基づいて、これにはさまざまなタイプが含まれます。
| |
tags_classes | 関連する脅威アクターまたはセキュリティイベントに関する情報。これは JSON 配列です。各項目には次のフィールドが含まれます。
| |
permalink | インテリジェンス詳細へのリンク。IP アドレスまたはドメイン名の完全な脅威インテリジェンス分析ページの URL。 | |
domain | categories |
|
ipReport
オフィスおよび本番ネットワークからのアウトバウンド接続に関与する IP アドレスとドメイン名を分析します。ルールを使用して、IP アドレスまたはドメイン名が悪意のあるものかどうかを判断し、関連するリスク、重大度、および信頼性を評価します。コマンドアンドコントロール (C2)、マルウェア、マイナープールなどの脅威を検出し、セキュリティイベントや脅威アクターグループのタグなどの関連情報を提供します。
説明
詳細については、Threatbook ドキュメント「IP レピュテーション」をご参照ください。
入力パラメーター
パラメーター | 説明 | 例 |
userId | 関連付けられた Alibaba Cloud アカウントの ID。 重要
| XXX |
cloudUserId | Threatbook アカウント ID。詳細については、「前提条件」をご参照ください。 | 7f7c*************7fcca4 |
resource | IP アドレス。バッチで最大 100 個の IP アドレスをクエリできます。カンマで区切ります。 | 0.0.0.0 |
出力パラメーター
パラメーター | 説明 |
basic | basic は JSON オブジェクトを返します。フィールドは次のように説明されます。
|
is_malicious | IP アドレスが悪意のあるものかどうかを示します。
|
confidence_level | 信頼度レベル。これは、インテリジェンスソースと信頼度モデルによって決定される悪意の信頼度レベルです。
|
severity | 重大度レベル。これは脅威の重大度を示します。
|
judgments | 脅威インテリジェンス分析から決定された包括的な脅威タイプ。これは JSON 配列です。
|
tags_classes | 関連する脅威アクターまたはセキュリティイベントに関する情報。これは JSON 配列です。各項目には次のフィールドが含まれます。
|
asn | ASN 情報。これには次のものが含まれる JSON オブジェクトです。
|
update_time | インテリジェンスの最終更新時刻。 |
scene | アプリケーションシナリオ。例には、専用回線やデータセンターが含まれます。完全なリストについては、「アプリケーションシナリオ分類」をご参照ください。 |
feature | 資産の特徴。これには次のものが含まれる JSON 配列です。
|
entity | 帰属エンティティ。これには次のものが含まれる JSON 配列です。
|
hist_behavior | 攻撃動作。これには次のものが含まれる JSON 配列です。
|
evaluation | 影響評価。これには次のものが含まれる JSON オブジェクトです。
|
fraud | 詐欺行為。これには次のものが含まれる JSON 配列です。
|
permalink | IP アドレスのインテリジェンスクエリ結果ページへのリンク。 |
リファレンス
Threatbook の応答ステータスコードとメッセージの説明の詳細については、「応答ステータスコードとメッセージの説明」をご参照ください。