Common Types v3.10.13

This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.

Author:
Cortex XSOAR
Support:
xsoar
URL:
https://www.paloaltonetworks.com/cortex
agentixxsiam
Utilities

Incident fields (440)

Indicator fields (235)

  • AS Owner
  • ASN
  • Account Type
  • Acquisition Hire
  • Action
  • Actor
  • Admin Country
  • Admin Email
  • Admin Name
  • Admin Phone
  • Aliases
  • Applications
  • Architecture
  • Assigned role
  • Assigned user
  • Associated File Names
  • Associations
  • Author
  • BIOS Version
  • Behavior
  • Blocked
  • CPE
  • CVE Description
  • CVE Modified
  • CVSS
  • CVSS Score
  • CVSS Table
  • CVSS Vector
  • CVSS Version
  • CVSS3
  • Campaign
  • Capabilities
  • Category
  • Certificate Names
  • Certificate Signature
  • Certificate Validation Checks
  • Certificates
  • City
  • Commands
  • Community Notes
  • Confidence
  • Cost Center
  • Cost Center Code
  • Country Code
  • Country Code Number
  • Country Name
  • Creation Date
  • DHCP Server
  • DNS
  • DNS Records
  • Definition
  • Department
  • Description
  • Detection Engines
  • Detections
  • Device Model
  • Display Name
  • Domain IDN Name
  • Domain Name
  • Domain Referring IPs
  • Domain Referring Subnets
  • Domain Status
  • Domains
  • Download URL
  • Email
  • Email Address
  • Entry ID
  • Expiration Date
  • Extension
  • Feed Related Indicators
  • File Extension
  • File Type
  • First Seen By Source
  • Force Sync
  • Geo Country
  • Geo Location
  • Given Name
  • Global Prevalence
  • Goals
  • Groups
  • Hostname
  • IP Address
  • Identity class
  • Implementation Languages
  • Indicator Identification
  • Industry sectors
  • Infrastructure Types
  • Internal
  • Is Malware Family
  • Is Processed
  • Issuer
  • Issuer DN
  • Job Code
  • Job Family
  • Job Function
  • Key Value
  • Kill Chain Phases
  • Languages
  • Last Seen By Source
  • Leadership
  • Location
  • Location Region
  • MAC Address
  • MD5
  • Malware Family
  • Malware types
  • Manager Email Address
  • Manager Name
  • Memory
  • Mitre ID
  • Mitre Tactics
  • Mobile Phone
  • Name
  • Name Field
  • Name Servers
  • Number of subkeys
  • OS Version
  • Objective
  • Office365Category
  • Office365ExpressRoute
  • Office365Required
  • Operating System
  • Operating System Refs
  • Operating System Version
  • Org Level 1
  • Org Level 2
  • Org Level 3
  • Org Unit
  • Organization
  • Organization First Seen
  • Organization Last Seen
  • Organization Prevalence
  • Organization Type
  • Organizational Unit (OU)
  • PEM
  • Path
  • Paths
  • Personal Email
  • Port
  • Positive Detections
  • Primary Motivation
  • Processor
  • Processors
  • Product
  • Public Key
  • Publications
  • Published
  • Quarantined
  • Query Language
  • Rank
  • Region
  • Registrant Country
  • Registrant Email
  • Registrant Name
  • Registrant Phone
  • Registrar Abuse Address
  • Registrar Abuse Country
  • Registrar Abuse Email
  • Registrar Abuse Name
  • Registrar Abuse Network
  • Registrar Abuse Phone
  • Registrar Name
  • Report Object References
  • Report type
  • Reported By
  • Reports
  • Resource Level
  • Roles
  • SHA1
  • SHA256
  • SHA512
  • SPKI SHA256
  • SSDeep
  • STIX Aliases
  • STIX Description
  • STIX Goals
  • STIX ID
  • STIX Is Malware Family
  • STIX Kill Chain Phases
  • STIX Malware Types
  • STIX Primary Motivation.
  • STIX Resource Level
  • STIX Roles
  • STIX Secondary Motivations
  • STIX Sophistication
  • STIX Threat Actor Types
  • STIX Tool Types
  • STIX Tool Version
  • SWID
  • Samples
  • Secondary Motivations
  • Serial Number
  • Service
  • Short Description
  • Signature Algorithm
  • Signature Authentihash
  • Signature Copyright
  • Signature Description
  • Signature File Version
  • Signature Internal Name
  • Signature Original Name
  • Signed
  • Size
  • Sophistication
  • Source Original Severity
  • Source Priority
  • State
  • Street Address
  • Subdomains
  • Subject
  • Subject Alternative Names
  • Subject DN
  • Surname
  • Tags
  • Targets
  • Threat Actor Types
  • Threat Types
  • Title
  • Tool Types
  • Tool Version
  • Traffic Light Protocol
  • Updated Date
  • User ID
  • Username
  • Validity Not After
  • Validity Not Before
  • Vendor
  • Version
  • Vulnerabilities
  • Vulnerable Products
  • Whois Records
  • Work Phone
  • X.509 v3 Extensions
  • Zip Code
  • imphash

Indicator types (40)

  • reputation-Attack_Pattern
  • reputation-Attack_PatternV2
  • reputation-Campaign
  • reputation-Course_of_Action
  • reputation-Identity
  • reputation-Infrastructure
  • reputation-Intrusion_Set
  • reputation-Location
  • reputation-Malware
  • reputation-Mutex
  • reputation-Onion_Address
  • reputation-Report
  • reputation-STIX_Attack_Pattern
  • reputation-STIX_Malware
  • reputation-STIX_Report
  • reputation-STIX_Threat_Actor
  • reputation-STIX_Tool
  • reputation-Software
  • reputation-Threat_Actor
  • reputation-Tool
  • reputation-X509_Certificate
  • reputation-account
  • reputation-asn
  • reputation-cidr
  • reputation-cve
  • reputation-domain
  • reputation-domainGlob
  • reputation-email
  • reputation-file
  • reputation-hashRepMD5
  • reputation-hashRepSHA1
  • reputation-hashRepSHA256
  • reputation-host
  • reputation-ip
  • reputation-ipv6
  • reputation-ipv6_cidr
  • reputation-registryKey
  • reputation-ssdeepRep
  • reputation-tactic
  • reputation-url

Layout rules (2)

  • Indicator Feed Layout Rule
  • Vulnerability Layout Rule