Threat

A threat is a possibly malicious email reported by one of our users

Implements

Fields

_id (ID!)

ID

channel (ThreatChannel!)

Source of report for the threat

classification (ThreatClassification)

An estimate on how likely this threat is to be malicious

createdAt (Date!)

When was this created?

email (ThreatEmail!)

The possibly malicious email

enrichments (ThreatEnrichments)

Enriched data

escalationEmail (EscalationEmail)

Escalation notice that gets sent to org security team

feedbackSentAt (Date)

When was the reporter feedback sent?

isVipReport (Boolean!)

Is reported by a vip user

organization (Organization!)

Organization that threat was reported to

organizationId (ID!)

Id of the Organization that threat was reported to

prediction (Prediction)

Ml prediction of the threat

ratedAt (Date)

When was the threat severity rated?

reporterUser (User!)

User who reported the threat

severity (ThreatSeverity)

How severe is the threat?

socClassification (SocClassification)

A classification given by SOC-team

state (ThreatState!)

Is the threat uploaded?

threatRedirectId (ID)

UUID to help us redirect user to threat feedback page

updatedAt (Date)

When was this last updated?

userModifiers (UserModifiers)

Additional modifier data provided by the user

userRequestedFeedback (Boolean)

Does user want feedback about the threat?