PhishingIndicator

class trustar.models.phishing_submission.PhishingIndicator(indicator_type=None, value=None, source_key=None, normalized_indicator_score=None, original_indicator_score=None)

Models a PhishingIndicator.

Variables:
  • indicator_type – The type of the extracted entity (e.g. URL, IP, …)
  • value – The value of an extracted entity (e.g. www.badsite.com, etc.)
  • source_key – A string that is associated with the closed source providing context (e.g. ‘virustotal’, ‘crowdstrike_indicator’)
  • normalized_indicator_score – The normalized score associated with a context entity
  • original_indicator_score – A score given to the indicator by its original source
classmethod from_dict(phishing_indicator)

Creates a phishing indicator object from a dictionary.

Parameters:phishing_indicator – The phishing indicator dictionary.
to_dict(remove_nones=False)

Creates a dictionary representation of a phishing indicator.

Parameters:remove_nones – Whether None values should be filtered out of the dictionary. Defaults to False.
Returns:A PhishingIndicator object.