Skip to content

Enum: OsintTypeIdEnum

The OSINT indicator type ID.

URI: ocsf:OsintTypeIdEnum

Permissible Values

Value Meaning Description
UNKNOWN None The indicator type is ambiguous or there is not a related indicator for the
IP_ADDRESS None An IPv4 or IPv6 address
DOMAIN None A full-qualified domain name (FQDN), subdomain, or partial domain
HOSTNAME None A hostname or computer name
HASH None Any type of hash e
URL None A Uniform Resource Locator (URL) or Uniform Resource Indicator (URI)
USER_AGENT None A User Agent typically seen in HTTP request headers
DIGITAL_CERTIFICATE None The serial number, fingerprint, or full content of an X
EMAIL None The contents of an email or any related information to an email object
EMAIL_ADDRESS None An email address
VULNERABILITY None A CVE ID, CWE ID, or other identifier for a weakness, exploit, bug, or
FILE None A file or metadata about a file
REGISTRY_KEY None A Windows Registry Key
REGISTRY_VALUE None A Windows Registry Value
COMMAND_LINE None A partial or full Command Line used to invoke scripts or other remote command...
OTHER None The indicator type is not directly listed

Slots

Name Description
type_id The OSINT indicator type ID

Identifier and Mapping Information

Schema Source

LinkML Source

name: OsintTypeIdEnum
description: The OSINT indicator type ID.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  UNKNOWN:
    text: UNKNOWN
    description: 'The indicator type is ambiguous or there is not a related indicator
      for the

      OSINT object.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  IP_ADDRESS:
    text: IP_ADDRESS
    description: An IPv4 or IPv6 address.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: IP Address
  DOMAIN:
    text: DOMAIN
    description: A full-qualified domain name (FQDN), subdomain, or partial domain.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: Domain
  HOSTNAME:
    text: HOSTNAME
    description: A hostname or computer name.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: Hostname
  HASH:
    text: HASH
    description: 'Any type of hash e.g., MD5, SHA1, SHA2, BLAKE, BLAKE2, SSDEEP, VHASH,
      etc.

      generated from a file, malware sample, request header, or otherwise used to

      identify a pertinent artifact.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Hash
  URL:
    text: URL
    description: A Uniform Resource Locator (URL) or Uniform Resource Indicator (URI).
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: URL
  USER_AGENT:
    text: USER_AGENT
    description: A User Agent typically seen in HTTP request headers.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '6'
      caption:
        tag: caption
        value: User Agent
  DIGITAL_CERTIFICATE:
    text: DIGITAL_CERTIFICATE
    description: 'The serial number, fingerprint, or full content of an X.509 digital

      certificate.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '7'
      caption:
        tag: caption
        value: Digital Certificate
  EMAIL:
    text: EMAIL
    description: The contents of an email or any related information to an email object.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '8'
      caption:
        tag: caption
        value: Email
  EMAIL_ADDRESS:
    text: EMAIL_ADDRESS
    description: An email address.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '9'
      caption:
        tag: caption
        value: Email Address
  VULNERABILITY:
    text: VULNERABILITY
    description: 'A CVE ID, CWE ID, or other identifier for a weakness, exploit, bug,
      or

      misconfiguration.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '10'
      caption:
        tag: caption
        value: Vulnerability
  FILE:
    text: FILE
    description: A file or metadata about a file.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '11'
      caption:
        tag: caption
        value: File
  REGISTRY_KEY:
    text: REGISTRY_KEY
    description: A Windows Registry Key.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '12'
      caption:
        tag: caption
        value: Registry Key
  REGISTRY_VALUE:
    text: REGISTRY_VALUE
    description: A Windows Registry Value.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '13'
      caption:
        tag: caption
        value: Registry Value
  COMMAND_LINE:
    text: COMMAND_LINE
    description: A partial or full Command Line used to invoke scripts or other remote
      commands.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '14'
      caption:
        tag: caption
        value: Command Line
  OTHER:
    text: OTHER
    description: The indicator type is not directly listed.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other