This repository has been archived by the owner on May 23, 2019. It is now read-only.
Tags
CIF uses tags to describe observables, an single observable can have one tag or many tags. These tags are defined on ingest to CIF. Tags are not predefined by the CIF, a new tag can be created at any time by inserting a new observable with a newly created tag.
Default tags shipped with CIF:
- botnet
- exploit
- feodo
- gozi
- hijacked
- malware
- phishing
- rdata
- scanner
- search
- suspicious
- whitelist
- zeus
You can see an example on how to search by tags with this command:
$ cif --tags malware -f csv
amber,everyone,2015-03-20T05:04:16Z,withfx.com,,,60.764,malware,,malc0de.com,
...
For definitions for many of the tags shipped by default see this page.
