Threatbook組件通過調用微步線上的介面擷取檔案分析報告、IP及網域名稱威脅判定。
前提條件
使用Threatbook組件,請前往系統設定 > 功能設定 > 多云配置管理中多云资产模組完成IDC雲外資產授權,若已配置請忽略。配置步驟如下:
單擊新增授權,選擇IDC。在資產接入面板,配置項參考如下:
說明微步線上預設授權給威脅分析與響應,暫不支援其他功能。
配置項
說明
廠商
微步線上。
產品
情報Cloud API。
賬戶ID
微步線上賬戶ID。
API KEY
微步線上API KEY。
配置策略:為防止AK失效,影響業務使用,建議開啟AK服務狀態檢查。
功能描述
動作 | 描述 |
fileReport | 擷取檔案詳細的靜態分析&動態分析報告。包括檔案的概要資訊、網路行為、行為簽名、靜態資訊、釋允許存取為、進程行為、反病毒掃描引擎檢測結果。 |
iocReport | 針對辦公網/生產網等對外訪問情境的IP/網域名稱進行分析。 通過判定規則精準判別IP/網域名稱是否惡意、風險嚴重層級、可信度層級,準確識別遠控(C2)、惡意軟體(Malware)、礦池威脅,提供相關安全事件或團夥標籤等。 |
ipReport | 針對入站情境的IP進行分析, 能夠提供IP的地理位置、ASN資訊。通過判定規則精準判別IP是否惡意、風險嚴重層級、可信度層級,識別威脅類型,如:漏洞利用(exploit)、傀儡機(Zombie)等及相關安全事件或團夥標籤。 |
組件配置樣本
本文提供了Threatbook組件各動作的參數配置樣本,您可將其作為測試劇本匯入。通過可視化流程編輯器,能更直觀地瞭解和測試各動作的配置參數,輕鬆掌握組件的功能邏輯與使用方式。操作步驟可參考劇本匯入。
說明
請先將樣本資料儲存為JSON檔案。
樣本資料
{
"cells": [{
"position": {
"x": -400,
"y": -155
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#63ba4d",
"strokeWidth": 2
},
"label": {
"text": "start",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
},
"path": {
"stroke": "#63ba4d"
}
},
"visible": true,
"shape": "circle",
"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
"zIndex": 1,
"data": {
"nodeType": "startEvent",
"appType": "basic",
"nodeName": "start",
"icon": "icon-circle",
"description": "劇本開始節點,一個劇本必須有且僅有一個開始節點,需為劇本配置輸入資料。",
"cascaderValue": []
},
"markup": [{
"tagName": "circle",
"selector": "body"
}, {
"tagName": "text",
"selector": "label"
}],
"isNode": true
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"icon": "icon-upper-right-arrow",
"isRequired": true
},
"isNode": false,
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"target": {
"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
},
"router": {
"name": "normal"
},
"visible": true,
"vertices": [{
"x": -382,
"y": -247
}]
}, {
"position": {
"x": 140,
"y": -155
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#d93026",
"strokeWidth": 2
},
"path": {
"r": 12,
"refX": "50%",
"refY": "50%",
"fill": "#d93026",
"strokeOpacity": 0.95,
"stroke": "#d93026",
"strokeWidth": 4
},
"label": {
"text": "end",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
}
},
"visible": true,
"shape": "circle",
"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
"zIndex": 1,
"data": {
"nodeType": "endEvent",
"appType": "basic",
"nodeName": "end",
"icon": "icon-radio-off-full",
"description": "end"
},
"markup": [{
"tagName": "circle",
"selector": "body"
}, {
"tagName": "circle",
"selector": "path"
}, {
"tagName": "text",
"selector": "label"
}],
"isNode": true
}, {
"position": {
"x": -190,
"y": -280
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "file_report"
}
},
"shape": "activity",
"id": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61",
"zIndex": 1,
"data": {
"isDebug": false,
"nodeType": "action",
"appType": "component",
"nodeName": "file_report",
"valueData": {
"userId": "",
"resource": "${event.file}",
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "擷取檔案詳細的靜態分析&動態分析報告,包括檔案的概要資訊、網路行為、行為簽名、靜態資訊、釋允許存取為、進程行為、反病毒掃描引擎檢測結果。",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "fileReport",
"cascaderValue": [{
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}],
"status": "success"
},
"isNode": true
}, {
"position": {
"x": -190,
"y": -170
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "ioc_report"
}
},
"shape": "activity",
"id": "e0082b2e-d82c-464f-a22f-9b67eb47a363",
"zIndex": 1,
"data": {
"isDebug": false,
"nodeType": "action",
"appType": "component",
"nodeName": "ioc_report",
"valueData": {
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
"resource": "${event.ioc}"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "針對辦公網/生產網等對外訪問情境的IP/網域名稱進行分析, 通過判定規則精準判別IP/網域名稱是否惡意、風險嚴重層級、可信度層級;準確識別遠控(C2)、惡意軟體(Malware)、礦池威脅,提供相關安全事件或團夥標籤等。",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "iocReport",
"status": "failed",
"cascaderValue": [{
"label": "Threatbook_1",
"value": "${Threatbook_1}",
"children": [{
"label": "Threatbook_1.datalist.*.network.tls_ex",
"name": "Threatbook_1.datalist.*.network.tls_ex",
"value": "${Threatbook_1.datalist.*.network.tls_ex}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_size",
"name": "Threatbook_1.datalist.*.summary.file_size",
"value": "${Threatbook_1.datalist.*.summary.file_size}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
}, {
"label": "Threatbook_1.datalist.*.summary.md5",
"name": "Threatbook_1.datalist.*.summary.md5",
"value": "${Threatbook_1.datalist.*.summary.md5}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
}, {
"label": "Threatbook_1.total_exe",
"name": "Threatbook_1.total_exe",
"value": "${Threatbook_1.total_exe}"
}, {
"label": "Threatbook_1.datalist.*.summary.sample_sha256",
"name": "Threatbook_1.datalist.*.summary.sample_sha256",
"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_family",
"name": "Threatbook_1.datalist.*.summary.malware_family",
"value": "${Threatbook_1.datalist.*.summary.malware_family}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.md5",
"name": "Threatbook_1.datalist.*.static.basic.md5",
"value": "${Threatbook_1.datalist.*.static.basic.md5}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.s",
"name": "Threatbook_1.datalist.*.summary.tag.s",
"value": "${Threatbook_1.datalist.*.summary.tag.s}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.x",
"name": "Threatbook_1.datalist.*.summary.tag.x",
"value": "${Threatbook_1.datalist.*.summary.tag.x}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_name",
"name": "Threatbook_1.datalist.*.summary.file_name",
"value": "${Threatbook_1.datalist.*.summary.file_name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.markcount",
"name": "Threatbook_1.datalist.*.signature.*.markcount",
"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_score",
"name": "Threatbook_1.datalist.*.summary.threat_score",
"value": "${Threatbook_1.datalist.*.summary.threat_score}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_type",
"name": "Threatbook_1.datalist.*.static.basic.file_type",
"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
}, {
"label": "Threatbook_1.datalist.*.summary.sha1",
"name": "Threatbook_1.datalist.*.summary.sha1",
"value": "${Threatbook_1.datalist.*.summary.sha1}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
}, {
"label": "Threatbook_1.total_exe_successful",
"name": "Threatbook_1.total_exe_successful",
"value": "${Threatbook_1.total_exe_successful}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_level",
"name": "Threatbook_1.datalist.*.summary.threat_level",
"value": "${Threatbook_1.datalist.*.summary.threat_level}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.en",
"name": "Threatbook_1.datalist.*.pstree.process_name.en",
"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_type",
"name": "Threatbook_1.datalist.*.summary.malware_type",
"value": "${Threatbook_1.datalist.*.summary.malware_type}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha256",
"name": "Threatbook_1.datalist.*.static.basic.sha256",
"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
}, {
"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
}, {
"label": "Threatbook_1.total_data_successful",
"name": "Threatbook_1.total_data_successful",
"value": "${Threatbook_1.total_data_successful}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.sig_class",
"name": "Threatbook_1.datalist.*.signature.*.sig_class",
"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.attck_id",
"name": "Threatbook_1.datalist.*.signature.*.attck_id",
"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
}, {
"label": "Threatbook_1.total_data",
"name": "Threatbook_1.total_data",
"value": "${Threatbook_1.total_data}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type",
"name": "Threatbook_1.datalist.*.summary.sandbox_type",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
}, {
"label": "Threatbook_1.total_data_with_dup",
"name": "Threatbook_1.total_data_with_dup",
"value": "${Threatbook_1.total_data_with_dup}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
}, {
"label": "Threatbook_1.datalist.*.summary.multi_engines",
"name": "Threatbook_1.datalist.*.summary.multi_engines",
"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_type",
"name": "Threatbook_1.datalist.*.summary.file_type",
"value": "${Threatbook_1.datalist.*.summary.file_type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.K7",
"name": "Threatbook_1.datalist.*.multiengines.result.K7",
"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.name",
"name": "Threatbook_1.datalist.*.signature.*.name",
"value": "${Threatbook_1.datalist.*.signature.*.name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.scan_time",
"name": "Threatbook_1.datalist.*.multiengines.scan_time",
"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
}, {
"label": "Threatbook_1.datalist.*.summary.is_whitelist",
"name": "Threatbook_1.datalist.*.summary.is_whitelist",
"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
}, {
"label": "Threatbook_1.status",
"name": "Threatbook_1.status",
"value": "${Threatbook_1.status}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
}, {
"label": "Threatbook_1.datalist.*.network.dns_servers",
"name": "Threatbook_1.datalist.*.network.dns_servers",
"value": "${Threatbook_1.datalist.*.network.dns_servers}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.description",
"name": "Threatbook_1.datalist.*.signature.*.description",
"value": "${Threatbook_1.datalist.*.signature.*.description}"
}, {
"label": "Threatbook_1.datalist.*.strings.pcap",
"name": "Threatbook_1.datalist.*.strings.pcap",
"value": "${Threatbook_1.datalist.*.strings.pcap}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_size",
"name": "Threatbook_1.datalist.*.static.basic.file_size",
"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
}, {
"label": "Threatbook_1.datalist.*.network.secret_info",
"name": "Threatbook_1.datalist.*.network.secret_info",
"value": "${Threatbook_1.datalist.*.network.secret_info}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha1",
"name": "Threatbook_1.datalist.*.static.basic.sha1",
"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.track",
"name": "Threatbook_1.datalist.*.pstree.children.*.track",
"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
}, {
"label": "Threatbook_1.datalist.*.summary.submit_time",
"name": "Threatbook_1.datalist.*.summary.submit_time",
"value": "${Threatbook_1.datalist.*.summary.submit_time}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.severity",
"name": "Threatbook_1.datalist.*.signature.*.severity",
"value": "${Threatbook_1.datalist.*.signature.*.severity}"
}, {
"label": "Threatbook_1.datalist.*.permalink",
"name": "Threatbook_1.datalist.*.permalink",
"value": "${Threatbook_1.datalist.*.permalink}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_name",
"name": "Threatbook_1.datalist.*.static.basic.file_name",
"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
}]
}, {
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}],
"customInput": false,
"id": 0,
"name": "iocReport",
"operateType": "general",
"parameters": [{
"dataType": "String",
"defaultValue": "",
"description": "",
"enDescription": "",
"name": "userId",
"needCascader": false,
"required": false,
"tags": ""
}, {
"dataType": "String",
"defaultValue": "",
"description": "Security Center-功能設定-多雲組態管理-微步線上配置的帳號ID",
"enDescription": "",
"name": "cloudUserId",
"needCascader": false,
"required": true,
"tags": ""
}, {
"dataType": "String",
"defaultValue": "",
"description": "IP地址或網域名稱,支援批量查詢,最多100個,以逗號分隔。 IP可帶連接埠查詢,擷取高可信判定結果。 請求中IP帶連接埠格式樣本:8.8.8.8:143,0.0.0.0:80 ",
"enDescription": "",
"name": "resource",
"needCascader": false,
"required": true,
"tags": ""
}],
"riskLevel": 2,
"actionDisplayName": "iocReport"
},
"isNode": true
}, {
"position": {
"x": -190,
"y": -55
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "ip_reputation"
}
},
"shape": "activity",
"id": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85",
"zIndex": 1,
"data": {
"nodeType": "action",
"appType": "component",
"nodeName": "ip_reputation",
"valueData": {
"cloudUserId": "7f7cd2ebedc544f7bf9be74dab7fcca4",
"resource": "${event.ip}"
},
"icon": "https://sophon-gen-cloud-zhangjiakou-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1755245577536_Threatbook_logo.svg?Expires=1755832376&OSSAccessKeyId=STS.NXwN8h********EJeH&Signature=p4KGzHhTrIZdiJxpACRpM7ROLE0%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vCBYLchKtswKq%2BRVT21nkPbd5%2Bqo%2FOqjz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb42MeBDXg08%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2B4xU3%2BP9tP0rM946UoJvc3YDI5hWbc8mJsTnhSSTAEIv%2By8ptqoFOtH7DkLTHWR7hCtv23053AashMytAXxqAAXNQ89LjX6M4bFYRAxsXrln0LN%2BTDs1Hk1dCGQ2edPqhVybm1axt7NpKWS7Xcrd6BKtuwqREs%2FZkIO8E%2BZRbfaX6uHOx9sHx1M1Y7HDHt%2BDvloHULH0rQNLniKayaTCJlIiyUPe8TaK3lv4mipQQf16PqYqAsx2Zu7Bqx9Np2CYIIAA%3D",
"description": "IP analysis for inbound scenarios can provide the geographical location and ASN information of the IP, and accurately determine whether the IP is malicious, the risk severity level, and the credibility level through determination rules. Identify threat types, such as exploits, Zombie, and related security events or gang tags.",
"advance": {
"inputParamMode": false,
"onError": "stop_cur_flow",
"rspStatusType": 3,
"rspStatusThreshold": 0
},
"componentName": "Threatbook",
"actionName": "ipReputation",
"status": "failed",
"cascaderValue": [{
"label": "Threatbook_2",
"value": "${Threatbook_2}",
"children": [{
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.severity}"
}, {
"label": "Threatbook_2.total_exe",
"name": "Threatbook_2.total_exe",
"value": "${Threatbook_2.total_exe}"
}, {
"label": "Threatbook_2.total_data_successful",
"name": "Threatbook_2.total_data_successful",
"value": "${Threatbook_2.total_data_successful}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.judgments}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags_type}"
}, {
"label": "Threatbook_2.total_exe_successful",
"name": "Threatbook_2.total_exe_successful",
"value": "${Threatbook_2.total_exe_successful}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.tags_classes.*.tags}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.permalink}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.categories.second_cats}"
}, {
"label": "Threatbook_2.total_data",
"name": "Threatbook_2.total_data",
"value": "${Threatbook_2.total_data}"
}, {
"label": "Threatbook_2.total_data_with_dup",
"name": "Threatbook_2.total_data_with_dup",
"value": "${Threatbook_2.total_data_with_dup}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.umbrella_rank.global_rank}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.is_malicious}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.confidence_level}"
}, {
"label": "Threatbook_2.status",
"name": "Threatbook_2.status",
"value": "${Threatbook_2.status}"
}, {
"label": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
"name": "Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank",
"value": "${Threatbook_2.datalist.*.domains.counterstrike2-cheats.com.rank.alexa_rank.global_rank}"
}]
}, {
"label": "Threatbook_1",
"value": "${Threatbook_1}",
"children": [{
"label": "Threatbook_1.datalist.*.network.tls_ex",
"name": "Threatbook_1.datalist.*.network.tls_ex",
"value": "${Threatbook_1.datalist.*.network.tls_ex}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_size",
"name": "Threatbook_1.datalist.*.summary.file_size",
"value": "${Threatbook_1.datalist.*.summary.file_size}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"name": "Threatbook_1.datalist.*.summary.sandbox_type_list",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type_list}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"name": "Threatbook_1.datalist.*.pstree.children.*.process_name",
"value": "${Threatbook_1.datalist.*.pstree.children.*.process_name}"
}, {
"label": "Threatbook_1.datalist.*.summary.md5",
"name": "Threatbook_1.datalist.*.summary.md5",
"value": "${Threatbook_1.datalist.*.summary.md5}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"name": "Threatbook_1.datalist.*.multiengines.result.vbwebshell",
"value": "${Threatbook_1.datalist.*.multiengines.result.vbwebshell}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"name": "Threatbook_1.datalist.*.multiengines.result.Microsoft",
"value": "${Threatbook_1.datalist.*.multiengines.result.Microsoft}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.category",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.category}"
}, {
"label": "Threatbook_1.total_exe",
"name": "Threatbook_1.total_exe",
"value": "${Threatbook_1.total_exe}"
}, {
"label": "Threatbook_1.datalist.*.summary.sample_sha256",
"name": "Threatbook_1.datalist.*.summary.sample_sha256",
"value": "${Threatbook_1.datalist.*.summary.sample_sha256}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_family",
"name": "Threatbook_1.datalist.*.summary.malware_family",
"value": "${Threatbook_1.datalist.*.summary.malware_family}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.md5",
"name": "Threatbook_1.datalist.*.static.basic.md5",
"value": "${Threatbook_1.datalist.*.static.basic.md5}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.s",
"name": "Threatbook_1.datalist.*.summary.tag.s",
"value": "${Threatbook_1.datalist.*.summary.tag.s}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"name": "Threatbook_1.datalist.*.multiengines.result.OneStatic",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneStatic}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"name": "Threatbook_1.datalist.*.multiengines.result.DrWeb",
"value": "${Threatbook_1.datalist.*.multiengines.result.DrWeb}"
}, {
"label": "Threatbook_1.datalist.*.summary.tag.x",
"name": "Threatbook_1.datalist.*.summary.tag.x",
"value": "${Threatbook_1.datalist.*.summary.tag.x}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_name",
"name": "Threatbook_1.datalist.*.summary.file_name",
"value": "${Threatbook_1.datalist.*.summary.file_name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.api",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.api}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.status",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.status}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.markcount",
"name": "Threatbook_1.datalist.*.signature.*.markcount",
"value": "${Threatbook_1.datalist.*.signature.*.markcount}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_score",
"name": "Threatbook_1.datalist.*.summary.threat_score",
"value": "${Threatbook_1.datalist.*.summary.threat_score}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.NANO",
"name": "Threatbook_1.datalist.*.multiengines.result.NANO",
"value": "${Threatbook_1.datalist.*.multiengines.result.NANO}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Panda",
"name": "Threatbook_1.datalist.*.multiengines.result.Panda",
"value": "${Threatbook_1.datalist.*.multiengines.result.Panda}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_type",
"name": "Threatbook_1.datalist.*.static.basic.file_type",
"value": "${Threatbook_1.datalist.*.static.basic.file_type}"
}, {
"label": "Threatbook_1.datalist.*.summary.sha1",
"name": "Threatbook_1.datalist.*.summary.sha1",
"value": "${Threatbook_1.datalist.*.summary.sha1}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"name": "Threatbook_1.datalist.*.multiengines.result.Kaspersky",
"value": "${Threatbook_1.datalist.*.multiengines.result.Kaspersky}"
}, {
"label": "Threatbook_1.total_exe_successful",
"name": "Threatbook_1.total_exe_successful",
"value": "${Threatbook_1.total_exe_successful}"
}, {
"label": "Threatbook_1.datalist.*.summary.threat_level",
"name": "Threatbook_1.datalist.*.summary.threat_level",
"value": "${Threatbook_1.datalist.*.summary.threat_level}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.en",
"name": "Threatbook_1.datalist.*.pstree.process_name.en",
"value": "${Threatbook_1.datalist.*.pstree.process_name.en}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"name": "Threatbook_1.datalist.*.multiengines.result.Trustlook",
"value": "${Threatbook_1.datalist.*.multiengines.result.Trustlook}"
}, {
"label": "Threatbook_1.datalist.*.summary.malware_type",
"name": "Threatbook_1.datalist.*.summary.malware_type",
"value": "${Threatbook_1.datalist.*.summary.malware_type}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha256",
"name": "Threatbook_1.datalist.*.static.basic.sha256",
"value": "${Threatbook_1.datalist.*.static.basic.sha256}"
}, {
"label": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"name": "Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"value": "${Threatbook_1.datalist.*.strings.275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.cid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.cid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avast",
"name": "Threatbook_1.datalist.*.multiengines.result.Avast",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avast}"
}, {
"label": "Threatbook_1.total_data_successful",
"name": "Threatbook_1.total_data_successful",
"value": "${Threatbook_1.total_data_successful}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.sig_class",
"name": "Threatbook_1.datalist.*.signature.*.sig_class",
"value": "${Threatbook_1.datalist.*.signature.*.sig_class}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"name": "Threatbook_1.datalist.*.multiengines.result.Baidu-China",
"value": "${Threatbook_1.datalist.*.multiengines.result.Baidu-China}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"name": "Threatbook_1.datalist.*.pstree.children.*.command_line",
"value": "${Threatbook_1.datalist.*.pstree.children.*.command_line}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Rising",
"name": "Threatbook_1.datalist.*.multiengines.result.Rising",
"value": "${Threatbook_1.datalist.*.multiengines.result.Rising}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.attck_id",
"name": "Threatbook_1.datalist.*.signature.*.attck_id",
"value": "${Threatbook_1.datalist.*.signature.*.attck_id}"
}, {
"label": "Threatbook_1.total_data",
"name": "Threatbook_1.total_data",
"value": "${Threatbook_1.total_data}"
}, {
"label": "Threatbook_1.datalist.*.summary.sandbox_type",
"name": "Threatbook_1.datalist.*.summary.sandbox_type",
"value": "${Threatbook_1.datalist.*.summary.sandbox_type}"
}, {
"label": "Threatbook_1.total_data_with_dup",
"name": "Threatbook_1.total_data_with_dup",
"value": "${Threatbook_1.total_data_with_dup}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"name": "Threatbook_1.datalist.*.multiengines.result.ShellPub",
"value": "${Threatbook_1.datalist.*.multiengines.result.ShellPub}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroAPT",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroAPT}"
}, {
"label": "Threatbook_1.datalist.*.summary.multi_engines",
"name": "Threatbook_1.datalist.*.summary.multi_engines",
"value": "${Threatbook_1.datalist.*.summary.multi_engines}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"name": "Threatbook_1.datalist.*.multiengines.result.ClamAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.ClamAV}"
}, {
"label": "Threatbook_1.datalist.*.summary.file_type",
"name": "Threatbook_1.datalist.*.summary.file_type",
"value": "${Threatbook_1.datalist.*.summary.file_type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.ESET",
"name": "Threatbook_1.datalist.*.multiengines.result.ESET",
"value": "${Threatbook_1.datalist.*.multiengines.result.ESET}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.K7",
"name": "Threatbook_1.datalist.*.multiengines.result.K7",
"value": "${Threatbook_1.datalist.*.multiengines.result.K7}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.detect_rate",
"name": "Threatbook_1.datalist.*.multiengines.detect_rate",
"value": "${Threatbook_1.datalist.*.multiengines.detect_rate}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.name",
"name": "Threatbook_1.datalist.*.signature.*.name",
"value": "${Threatbook_1.datalist.*.signature.*.name}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.tid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.tid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.scan_time",
"name": "Threatbook_1.datalist.*.multiengines.scan_time",
"value": "${Threatbook_1.datalist.*.multiengines.scan_time}"
}, {
"label": "Threatbook_1.datalist.*.summary.is_whitelist",
"name": "Threatbook_1.datalist.*.summary.is_whitelist",
"value": "${Threatbook_1.datalist.*.summary.is_whitelist}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"name": "Threatbook_1.datalist.*.multiengines.result.Qihu360",
"value": "${Threatbook_1.datalist.*.multiengines.result.Qihu360}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"name": "Threatbook_1.datalist.*.multiengines.result.Sophos",
"value": "${Threatbook_1.datalist.*.multiengines.result.Sophos}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"name": "Threatbook_1.datalist.*.multiengines.result.Antiy",
"value": "${Threatbook_1.datalist.*.multiengines.result.Antiy}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"name": "Threatbook_1.datalist.*.multiengines.result.GDATA",
"value": "${Threatbook_1.datalist.*.multiengines.result.GDATA}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.time",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.time}"
}, {
"label": "Threatbook_1.status",
"name": "Threatbook_1.status",
"value": "${Threatbook_1.status}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"name": "Threatbook_1.datalist.*.multiengines.result.JiangMin",
"value": "${Threatbook_1.datalist.*.multiengines.result.JiangMin}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.call.return_value",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.call.return_value}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.AVG",
"name": "Threatbook_1.datalist.*.multiengines.result.AVG",
"value": "${Threatbook_1.datalist.*.multiengines.result.AVG}"
}, {
"label": "Threatbook_1.datalist.*.network.dns_servers",
"name": "Threatbook_1.datalist.*.network.dns_servers",
"value": "${Threatbook_1.datalist.*.network.dns_servers}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.description",
"name": "Threatbook_1.datalist.*.signature.*.description",
"value": "${Threatbook_1.datalist.*.signature.*.description}"
}, {
"label": "Threatbook_1.datalist.*.strings.pcap",
"name": "Threatbook_1.datalist.*.strings.pcap",
"value": "${Threatbook_1.datalist.*.strings.pcap}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.pid",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"name": "Threatbook_1.datalist.*.multiengines.result.IKARUS",
"value": "${Threatbook_1.datalist.*.multiengines.result.IKARUS}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"name": "Threatbook_1.datalist.*.pstree.children.*.first_seen",
"value": "${Threatbook_1.datalist.*.pstree.children.*.first_seen}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"name": "Threatbook_1.datalist.*.signature.*.marks.*.type",
"value": "${Threatbook_1.datalist.*.signature.*.marks.*.type}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.Avira",
"name": "Threatbook_1.datalist.*.multiengines.result.Avira",
"value": "${Threatbook_1.datalist.*.multiengines.result.Avira}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"name": "Threatbook_1.datalist.*.pstree.children.*.ppid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.ppid}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"name": "Threatbook_1.datalist.*.multiengines.result.MicroNonPE",
"value": "${Threatbook_1.datalist.*.multiengines.result.MicroNonPE}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.ssdeep",
"name": "Threatbook_1.datalist.*.static.basic.ssdeep",
"value": "${Threatbook_1.datalist.*.static.basic.ssdeep}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_size",
"name": "Threatbook_1.datalist.*.static.basic.file_size",
"value": "${Threatbook_1.datalist.*.static.basic.file_size}"
}, {
"label": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"name": "Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH",
"value": "${Threatbook_1.datalist.*.multiengines.result.OneAV-PWSH}"
}, {
"label": "Threatbook_1.datalist.*.pstree.process_name.cn",
"name": "Threatbook_1.datalist.*.pstree.process_name.cn",
"value": "${Threatbook_1.datalist.*.pstree.process_name.cn}"
}, {
"label": "Threatbook_1.datalist.*.network.secret_info",
"name": "Threatbook_1.datalist.*.network.secret_info",
"value": "${Threatbook_1.datalist.*.network.secret_info}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.sha1",
"name": "Threatbook_1.datalist.*.static.basic.sha1",
"value": "${Threatbook_1.datalist.*.static.basic.sha1}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.track",
"name": "Threatbook_1.datalist.*.pstree.children.*.track",
"value": "${Threatbook_1.datalist.*.pstree.children.*.track}"
}, {
"label": "Threatbook_1.datalist.*.summary.submit_time",
"name": "Threatbook_1.datalist.*.summary.submit_time",
"value": "${Threatbook_1.datalist.*.summary.submit_time}"
}, {
"label": "Threatbook_1.datalist.*.signature.*.severity",
"name": "Threatbook_1.datalist.*.signature.*.severity",
"value": "${Threatbook_1.datalist.*.signature.*.severity}"
}, {
"label": "Threatbook_1.datalist.*.permalink",
"name": "Threatbook_1.datalist.*.permalink",
"value": "${Threatbook_1.datalist.*.permalink}"
}, {
"label": "Threatbook_1.datalist.*.pstree.children.*.pid",
"name": "Threatbook_1.datalist.*.pstree.children.*.pid",
"value": "${Threatbook_1.datalist.*.pstree.children.*.pid}"
}, {
"label": "Threatbook_1.datalist.*.static.basic.file_name",
"name": "Threatbook_1.datalist.*.static.basic.file_name",
"value": "${Threatbook_1.datalist.*.static.basic.file_name}"
}]
}, {
"label": "configuration",
"value": "${configuration}",
"children": [{
"label": "configuration.datalist.*.triggerType",
"name": "configuration.datalist.*.triggerType",
"value": "${configuration.datalist.*.triggerType}"
}, {
"label": "configuration.datalist.*._req_uuid",
"name": "configuration.datalist.*._req_uuid",
"value": "${configuration.datalist.*._req_uuid}"
}, {
"label": "configuration.datalist.*.scope.*.aliUid",
"name": "configuration.datalist.*.scope.*.aliUid",
"value": "${configuration.datalist.*.scope.*.aliUid}"
}, {
"label": "configuration.datalist.*.process.start_time",
"name": "configuration.datalist.*.process.start_time",
"value": "${configuration.datalist.*.process.start_time}"
}, {
"label": "configuration.status",
"name": "configuration.status",
"value": "${configuration.status}"
}, {
"label": "configuration.datalist.*.process.proc_id",
"name": "configuration.datalist.*.process.proc_id",
"value": "${configuration.datalist.*.process.proc_id}"
}, {
"label": "configuration.datalist.*._tenant_id",
"name": "configuration.datalist.*._tenant_id",
"value": "${configuration.datalist.*._tenant_id}"
}, {
"label": "configuration.datalist.*.process.host_uuid.host_uuid",
"name": "configuration.datalist.*.process.host_uuid.host_uuid",
"value": "${configuration.datalist.*.process.host_uuid.host_uuid}"
}, {
"label": "configuration.total_data",
"name": "configuration.total_data",
"value": "${configuration.total_data}"
}, {
"label": "configuration.datalist.*._trigger_user",
"name": "configuration.datalist.*._trigger_user",
"value": "${configuration.datalist.*._trigger_user}"
}, {
"label": "configuration.datalist.*.process.host_uuid.os_type",
"name": "configuration.datalist.*.process.host_uuid.os_type",
"value": "${configuration.datalist.*.process.host_uuid.os_type}"
}, {
"label": "configuration.datalist.*.process.cmd_line",
"name": "configuration.datalist.*.process.cmd_line",
"value": "${configuration.datalist.*.process.cmd_line}"
}, {
"label": "configuration.datalist.*.triggerUser",
"name": "configuration.datalist.*.triggerUser",
"value": "${configuration.datalist.*.triggerUser}"
}, {
"label": "configuration.datalist.*._domain_id",
"name": "configuration.datalist.*._domain_id",
"value": "${configuration.datalist.*._domain_id}"
}, {
"label": "configuration.datalist.*.process.file_path.file_path",
"name": "configuration.datalist.*.process.file_path.file_path",
"value": "${configuration.datalist.*.process.file_path.file_path}"
}, {
"label": "configuration.total_data_with_dup",
"name": "configuration.total_data_with_dup",
"value": "${configuration.total_data_with_dup}"
}, {
"label": "configuration.total_exe_successful",
"name": "configuration.total_exe_successful",
"value": "${configuration.total_exe_successful}"
}, {
"label": "configuration.datalist.*.scope.*.cloudCode",
"name": "configuration.datalist.*.scope.*.cloudCode",
"value": "${configuration.datalist.*.scope.*.cloudCode}"
}, {
"label": "configuration.total_data_successful",
"name": "configuration.total_data_successful",
"value": "${configuration.total_data_successful}"
}, {
"label": "configuration.total_exe",
"name": "configuration.total_exe",
"value": "${configuration.total_exe}"
}, {
"label": "configuration.datalist.*.scope.*.userId",
"name": "configuration.datalist.*.scope.*.userId",
"value": "${configuration.datalist.*.scope.*.userId}"
}, {
"label": "configuration.datalist.*._region_id",
"name": "configuration.datalist.*._region_id",
"value": "${configuration.datalist.*._region_id}"
}, {
"label": "configuration.datalist.*.process.file_path.hash_value",
"name": "configuration.datalist.*.process.file_path.hash_value",
"value": "${configuration.datalist.*.process.file_path.hash_value}"
}]
}]
},
"isNode": true
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "ae6ca05c-ebd1-41f1-a94d-489fdc308861",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"visible": true,
"target": {
"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
}
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "8f084c6d-9afd-4ecb-8c9d-3c7824f9de2f",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "normal"
},
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"visible": true,
"target": {
"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
},
"vertices": [{
"x": -382,
"y": -22
}]
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "e55e80d8-fab6-42ac-91ab-da7697ec80dd",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "normal"
},
"source": {
"cell": "19fca1bc-4cf1-491e-9ae4-ee5d3f0c2f61"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
},
"vertices": [{
"x": 158,
"y": -247
}]
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "ba2021dc-533b-4ba3-a1a7-69f05f3c7515",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "8afdafcc-32aa-4ab2-b8b2-abafc4314e85"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
}
}, {
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#d93026",
"targetMarker": {
"stroke": "#d93026"
}
}
},
"zIndex": 1,
"id": "c3c22836-585a-4f5e-a3ec-92ecedfad6ba",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic"
},
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": ["clone_node_id"]
}
},
"source": {
"cell": "e0082b2e-d82c-464f-a22f-9b67eb47a363"
},
"visible": true,
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
}
}]
}fileReport
擷取檔案詳細的靜態分析&動態分析報告,包括檔案的概要資訊、網路行為、行為簽名、靜態資訊、釋允許存取為、進程行為、反病毒掃描引擎檢測結果。
說明
微步線上參考文檔檔案信譽報告。
輸入參數說明
參數 | 描述 | 樣本 |
userId | 關聯的阿里雲帳號ID。 重要
| XXX |
clouldUserId | 微步線上帳號ID,詳情參見前提條件。 | 7f7c*************7fcca4 |
resource | 檔案的hash值,用於擷取分析報告。支援sha256/sha1/md5。 | 44d88612*************1278abb02f |
輸出參數說明
參數 | 說明 |
multiengines | 反病毒掃描引擎檢測結果。JSON對象,具體內容項描述如下:
|
summary | 概要資訊。JSON對象,具體內容項描述如下:
|
signature | 行為簽名。JSON數組,每個item包含內容項如下:
|
static | 靜態資訊,JSON對象。所有靜態資訊報告響應樣本參見檔案靜態資訊報告響應樣本全集。 |
pstree | 進程行為。 |
network | 網路行為。
|
dropped | 釋允許存取為。JSON數組,每個item包含內容如下:
|
strings | 字串相關。JSON對象,每個item包含內容如下:
|
permalink | web沙箱報告頁網址。 |
iocReport
針對辦公網/生產網等對外訪問情境的IP/網域名稱進行分析, 通過判定規則精準判別IP/網域名稱是否惡意、風險嚴重層級、可信度層級,準確識別遠控(C2)、惡意軟體(Malware)、礦池威脅,提供相關安全事件或團夥標籤等。
說明
微步線上參考文檔失陷檢測。
輸入參數說明
參數 | 描述 | 樣本 |
userId | 關聯的阿里雲帳號ID。 重要
| XXX |
clouldUserId | 微步線上帳號ID,詳情參見前提條件。 | 7f7c*************7fcca4 |
resource | IP地址或網域名稱,支援批量查詢。最多100個,以逗號分隔。 說明 IP可帶連接埠查詢。 | test.com或0.0.0.0:80。 |
輸出參數說明
類型 | 參數 | 說明 |
ip | is_malicious | 是否為惡意 。
|
confidence_level | 可信度評級。
| |
severity | 情報的綜合危害程度。
| |
judgments | 威脅類型,根據IOC的惡意屬性,包含不同類型:
| |
tags_classes | 相關攻擊團夥或安全事件資訊,JSON數組,每個item包含欄位說明如下:
| |
permalink | 情報詳情連結。指向該IP/網域名稱完整情報分析頁面的URL。 | |
domain(網域名稱) | categories |
|
ipReport
針對辦公網/生產網等對外訪問情境的IP/網域名稱進行分析, 通過判定規則精準判別IP/網域名稱是否惡意、風險嚴重層級、可信度層級,準確識別遠控(C2)、惡意軟體(Malware)、礦池威脅,提供相關安全事件或團夥標籤等。
說明
微步線上參考文檔IP 信譽。
輸入參數說明
參數 | 描述 | 樣本 |
userId | 關聯的阿里雲帳號ID。 重要
| XXX |
clouldUserId | 微步線上帳號ID,詳情參見前提條件。 | 7f7c*************7fcca4 |
resource | IP地址,支援批量查詢。最多100個,以逗號分隔。 | 0.0.0.0 |
輸出參數說明
參數 | 說明 |
basic | basic返回是一個JSON對象,欄位說明如下:
|
is_malicious | 是否為惡意IP。
|
confidence_level | 可信度,通過情報來源及可信度模型判別出來的惡意可信度程度。
|
severity | 嚴重層級, 表示該情報的危害程度。
|
judgments | 從威脅情報中分析,提取出來的綜合判定威脅類型,JSON數組。
|
tags_classes | 相關攻擊團夥或安全事件資訊,JSON數組,每個item包含欄位說明如下:
|
asn | asn資訊。一個JSON對象,包含:
|
update_time | 情報的最新動向時間。 |
scene | 應用情境。如:企業專線,資料中心等,全集請見應用情境分類。 |
feature | 資產特徵。一個JSON數組,包含:
|
entity | 歸屬實體。一個JSON數組,包含:
|
hist_behavior | 攻擊行為,一個JSON數組,包含:
|
evaluation | 影響評估。一個JSON對象,包含:
|
fraud | 欺詐作弊行為。一個JSON數組,包含:
|
permalink | IP對應的情報查詢結果頁連結。 |
參考文檔
若想瞭解微步線上響應狀態代碼和響應說明,請參見響應狀態代碼和Msg說明。