Data Types
The predefined data types. The data type specifies what kind of data a value can have.
| Name | Caption | Base Type | Constraints | Description |
|---|---|---|---|---|
| boolean_t | Boolean | false, true | Boolean value. One of true or false. |
|
| bytestring_t | Byte String | String | Base64 encoded immutable byte sequence. | |
| datetime_t | Datetime | String | ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(Z|[\+-]\d{2}:\d{2})?$ | The Internet Date/Time format as defined in RFC-3339. For example 1985-04-12T23:20:50.52Z. |
| email_t | Email Address O | String | ^[a-zA-Z0-9!#$%&'*+-/=?^_`{|}~.]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$ | Email address. For example: [email protected]. |
| file_hash_t | Hash O | String | Max length: 64 | Hash. A unique value that corresponds to the content of the file, image, ja3_hash or hassh found in the schema. For example MD5: 3172ac7e2b55cbb81f04a6e65855a628. |
| file_name_t | File Name O | String | File name. For example: text-file.txt. |
|
| float_t | Float | Real floating-point value. For example: 3.14. |
||
| hostname_t | Hostname O | String | ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ | Unique name assigned to a device connected to a computer network. A domain name in general is an Internet address that can be resolved through the Domain Name System (DNS). For example: r2-d2.example.com. |
| integer_t | Integer | Signed integer value. | ||
| ip_t | IP Address O | String | Max length: 40 ((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$)) |
Internet Protocol address (IP address), in either IPv4 or IPv6 format. For example, 192.168.200.24 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334. |
| json_t | JSON | Embedded JSON value. A value can be a string, or a number, or true or false or null, or an object or an array. These structures can be nested. See www.json.org. | ||
| long_t | Long | 8-byte long, signed integer value. | ||
| mac_t | MAC Address O | String | Max length: 32 ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ |
Media Access Control (MAC) address. For example: 18:36:F3:98:4F:9A. |
| port_t | Port O | Integer | 0-65,535 | The TCP/UDP port number. For example: 80 or 22. |
| process_name_t | Process Name O | String | Process name. For example: Notepad. |
|
| resource_uid_t | Resource UID O | String | Max length: 64 | Resource unique identifier. For example, S3 Bucket name or EC2 Instance ID. |
| string_t | String | Max length: 65,535 | UTF-8 encoded byte sequence. | |
| subnet_t | Subnet O | String | Max length: 42 | The subnet represented in a CIDR notation, using the format network_address/prefix_length. The network_address can be in either IPv4 or IPv6 format. The prefix length indicates the number of bits used for the network portion, and the remaining bits are available for host addresses within that subnet. For example:
|
| timestamp_t | Timestamp | Long | The timestamp format is the number of milliseconds since the Epoch 01/01/1970 00:00:00 UTC. For example 1618524549901. |
|
| url_t | URL String O | String | Uniform Resource Locator (URL) string. For example: http://www.example.com/download/trouble.exe. |
|
| username_t | User Name O | String | User name. For example: john_doe. |
|
| uuid_t | UUID | String | [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} | 128-bit universal unique identifier. For example: 123e4567-e89b-12d3-a456-42661417400. |