Describes a single sighting of an indicator.
| Field Name | Type | Description |
|---|---|---|
| @timestampoptional | dateTime |
This field provides the date and time of the Indicator sighting. In order to avoid ambiguity, it is strongly suggest that all timestamps include a specification of the timezone if it is known. |
| @timestamp_precisionoptional | DateTimePrecisionEnum |
Represents the precision of the associated timestamp value. If omitted, the default is "second", meaning the timestamp is precise to the full field value. Digits in the timestamp that are required by the xs:dateTime datatype but are beyond the specified precision should be zeroed out. |
| Source0..1 | InformationSourceType |
This field provides a name or description of the sighting source. |
| Reference0..1 | anyURI |
This field provides a formal reference to the sighting source. |
| Confidence0..1 | ConfidenceType |
This field provides a confidence assertion in the accuracy of this sighting. |
| Description0..n | StructuredTextType |
The Description field is optional and enables an unstructured, text description of this Sighting. |
| Related_Observables0..1 | RelatedObservablesType |
The Related_Observable field identifies or characterizes one or more cyber observables related to this sighting. |
