{"$schema":"https://domains.younndai.com/schemas/domain.json","domain":"yon.security","version":"1.0","status":"active","state":"active","tier":"official","verified":true,"score":1,"notice":null,"description":"Cybersecurity operations, incident response, threat intelligence, and vulnerability management with STIX/MITRE ATT&CK alignment","defaultMode":"struct","defaultProfile":"audit","defaultFormat":"canon","records":[{"tag":"IOC","fields":[{"name":"rid","type":"string","example":"ioc:2026-0042","required":true,"description":"Record ID"},{"enum":["ip","domain","hash-md5","hash-sha256","url","email","file","registry-key"],"name":"type","type":"string","example":"ip","required":false,"description":"Indicator Type (8 allowed values)"},{"name":"value","type":"string","example":"203.0.113.42","required":false,"description":"Indicator Value"},{"name":"pattern","type":"string","example":"[ipv4-addr:value = '203.0.113.42']","required":false,"description":"Detection Pattern"},{"enum":["stix","sigma","yara","snort","suricata"],"name":"pattern_type","type":"string","example":"stix","required":false,"description":"Pattern Type: stix, sigma, yara, snort, suricata"},{"name":"valid_from","type":"ts","example":"2026-03-01T00:00:00Z","required":false,"description":"Valid From as ISO 8601 timestamp"},{"name":"valid_until","type":"ts","example":"2026-06-01T00:00:00Z","required":false,"description":"Valid Until as ISO 8601 timestamp"},{"name":"confidence","type":"float","range":[0,100],"example":"85.0","required":false,"description":"Confidence (0–100)"},{"name":"first_seen","type":"ts","example":"2026-03-01T14:30:00Z","required":false,"description":"First Seen as ISO 8601 timestamp"},{"enum":["white","green","amber","amber-strict","red"],"name":"tlp","type":"string","example":"amber","required":false,"description":"TLP Level: white, green, amber, amber-strict, red"},{"name":"port","type":"int","range":[1,65535],"example":"443","required":false,"description":"Port (1–65535)"},{"enum":["inbound","outbound","internal","lateral"],"name":"direction","type":"string","example":"outbound","required":false,"description":"Direction: inbound, outbound, internal, lateral"}],"description":"Indicator of compromise — STIX 2.1 Indicator aligned, observable artifact with detection pattern and temporal validity"},{"tag":"ASSET","fields":[{"name":"host","type":"string","example":"web-prod-01.corp.local","required":false,"description":"Hostname"},{"enum":["server","workstation","network","storage","cloud","iot","mobile"],"name":"role","type":"string","example":"server","required":false,"description":"Asset Role (7 allowed values)"},{"name":"os","type":"string","example":"Ubuntu 24.04 LTS","required":false,"description":"Operating System"},{"name":"patch_level","type":"ts","example":"2026-03-01","required":false,"description":"Patch Level as ISO 8601 timestamp"},{"enum":["critical","high","medium","low"],"name":"criticality","type":"string","example":"high","required":false,"description":"Criticality: critical, high, medium, low"}],"description":"Asset inventory — network-connected resource with criticality rating and patch posture"},{"tag":"TLINE","fields":[{"name":"ts","type":"ts","example":"2026-03-10T14:32:15Z","required":false,"description":"Event Timestamp as ISO 8601 timestamp"},{"name":"action","type":"string","example":"process_creation","required":false,"description":"Action"},{"name":"actor","type":"string","example":"NT AUTHORITY\\SYSTEM","required":false,"description":"Actor"},{"name":"evidence","type":"string","example":"powershell.exe -enc base64...","required":false,"description":"Evidence"}],"description":"Incident timeline — chronological event during incident response with evidence chain"},{"tag":"CONTAINMENT","fields":[{"enum":["isolate","block-ip","disable-account","quarantine","sinkhole","network-segment"],"name":"action","type":"string","example":"isolate","required":false,"description":"Containment Action (6 allowed values)"},{"name":"target","type":"string","example":"web-prod-01","required":false,"description":"Target"},{"enum":["pending","active","completed","failed","rolled-back"],"name":"status","type":"string","example":"active","required":false,"description":"Status: pending, active, completed, failed, rolled-back"},{"name":"automated","type":"bool","example":"true","required":false,"description":"Automated indicator"}],"description":"Containment action — isolation or blocking measures during active incident"},{"tag":"ERADICATION","fields":[{"enum":["malware-removal","credential-reset","patch-apply","reimage","persistence-cleanup","account-disable"],"name":"action","type":"string","example":"malware-removal","required":false,"description":"Eradication Action (6 allowed values)"},{"name":"target","type":"string","example":"web-prod-01","required":false,"description":"Target"},{"enum":["pending","in-progress","completed","verified"],"name":"status","type":"string","example":"completed","required":false,"description":"Status: pending, in-progress, completed, verified"},{"name":"verification","type":"string","example":"EDR clean scan + network baseline restored","required":false,"description":"Verification"}],"description":"Eradication action — removal of threat artifacts and verification of clean state"},{"tag":"SIEM_ALERT","fields":[{"enum":["info","low","medium","high","critical"],"name":"severity","type":"string","example":"high","required":false,"description":"Severity: info, low, medium, high, critical"},{"name":"rule","type":"string","example":"Suspicious PowerShell Execution","required":false,"description":"Detection Rule"},{"name":"source_ip","type":"string","example":"10.0.1.42","required":false,"description":"Source IP"},{"name":"dest_ip","type":"string","example":"203.0.113.42","required":false,"description":"Destination IP"},{"enum":["TCP","UDP","ICMP","HTTP","HTTPS","DNS","SSH","SMB","RDP","other"],"name":"protocol","type":"string","example":"TCP","required":false,"description":"Protocol (10 allowed values)"}],"description":"SIEM alert — correlated security event from detection rules"},{"tag":"VULNERABILITY","fields":[{"name":"cve","type":"string","example":"CVE-2026-1234","pattern":"^CVE-\\d{4}-\\d{4,}$","required":false,"description":"CVE ID in structured format"},{"name":"cvss","type":"float","unit":"0-10","range":[0,10],"example":"9.1","required":false,"description":"CVSS Score in 0-10 (0–10)"},{"enum":["none","low","medium","high","critical"],"name":"severity","type":"string","example":"critical","required":false,"description":"Severity: none, low, medium, high, critical"},{"name":"affected","type":"string","example":"Apache HTTP Server 2.4.x","required":false,"description":"Affected System"},{"name":"patch_available","type":"bool","example":"true","required":false,"description":"Patch Available indicator"},{"name":"exploited","type":"bool","example":"false","required":false,"description":"Exploited in Wild indicator"}],"description":"Vulnerability record — CVE-referenced finding with CVSS scoring and exploit status"},{"tag":"THREAT","fields":[{"name":"name","type":"string","example":"APT28 (Fancy Bear)","required":false,"description":"Threat Actor Name"},{"enum":["apt","cybercrime","hacktivism","insider","nation-state"],"name":"category","type":"string","example":"apt","required":false,"description":"Category: apt, cybercrime, hacktivism, insider, nation-state"},{"name":"confidence","type":"float","range":[0,100],"example":"85.0","required":false,"description":"Confidence (0–100)"},{"enum":["white","green","amber","amber-strict","red"],"name":"tlp","type":"string","example":"amber","required":false,"description":"TLP Level: white, green, amber, amber-strict, red"},{"name":"source","type":"string","example":"CISA Advisory","required":false,"description":"Intelligence Source"},{"name":"ttps","type":"string","example":"T1566.001, T1059.001, T1003.001","required":false,"description":"TTPs (ATT&CK)"},{"name":"actor","type":"string","example":"GRU Unit 26165","required":false,"description":"Actor Attribution"}],"description":"Threat intelligence — STIX ThreatActor aligned, actor profiles and TTP mapping with MITRE ATT&CK and TLP marking"}],"schemaHash":null,"recordCount":8,"totalFieldCount":47}