SightingTypeIndicator Schema

Describes a single sighting of an indicator.


Fields

Field Name Type Description
@timestampoptional dateTime

This field provides the date and time of the Indicator sighting.

In order to avoid ambiguity, it is strongly suggest that all timestamps include a specification of the timezone if it is known.

@timestamp_precisionoptional DateTimePrecisionEnum

Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out.

Source0..1 InformationSourceType

This field provides a name or description of the sighting source.

Reference0..1 anyURI

This field provides a formal reference to the sighting source.

Confidence0..1 ConfidenceType

This field provides a confidence assertion in the accuracy of this sighting.

Description0..n StructuredTextType

The Description field is optional and enables an unstructured, text description of this Sighting.

Related_Observables0..1 RelatedObservablesType

The Related_Observable field identifies or characterizes one or more cyber observables related to this sighting.