Status Message
|
Briefly describes the current status of the source.
|
Last Updated
|
Specifies the date and time Threat Intelligence
Director last updated the source.
|
Next Update
|
For TAXII and URL sources, this value specifies when Threat Intelligence
Director will update the source next.
|
Indicators
|
Specifies indicator counts:
-
Consumed—The number of indicators Threat Intelligence
Director processed during the most recent source update. This number represents all indicators contained in the update, regardless of whether they were ingested or discarded.
-
Discarded—The number of malformed indicators that the system did not add to Threat Intelligence
Director during the most recent update.
Note |
For TAXII sources, Threat Intelligence
Director provides separate Last Update and Total indicator counts, because TAXII updates add incremental data, rather than replacing existing data. For indicators from other source types, Threat Intelligence
Director provides only the Last Update count, because updates from those sources replace the existing data set entirely.
|
If all of an indicator's observables are Invalid, Threat Intelligence
Director discards the indicator.
|
Observables
|
Specifies observable counts:
-
Consumed—The number of observables Threat Intelligence
Director processed during the most recent source update. This number represents all observables contained in the update, regardless of whether they were ingested or discarded.
-
Unsupported—The number of unsupported observables that the system did not add to Threat Intelligence
Director during the most recent update.
For more information about supported observable types, see information about content types in Source Requirements.
-
Invalid—The number of invalid observables that the system did not add to Threat Intelligence
Director during the most recent update.
An observable is invalid if it is improperly constructed. For example, 10.10.10.10.123 is not a valid IPv4 address.
Note |
For TAXII sources, Threat Intelligence
Director provides separate Last Update and Total observable counts, because TAXII updates add incremental data, rather than replacing existing data. For observables from other source types, Threat Intelligence
Director provides only the Last Update count, because updates from those sources replace the existing data set entirely.
|
|