TQL Operators and Parameters
  • 24 Oct 2023
  • 11 Minutes to read
  • Dark
    Light

TQL Operators and Parameters

  • Dark
    Light

Article Summary

Operators

Table 1 provides a list of all ThreatConnect Query Language (TQL) operators in all of their acceptable forms.

 

Operators
=, ==, EQ, EQUALS
!=, NE
>, GT
<, LT
<=, LEQ
>=, GEQ
[NOT] IN
[NOT] LIKE
[NOT] CONTAINS
[NOT] STARTSWITH
[NOT] ENDSWITH

General Parameters

Table 2 provides all of the general TQL parameters, including their corresponding ThreatConnect object type and data type.

Note
It is recommended to use ISO-8601-compliant formatting for TQL parameters with Date or Datetime data types.

 

Object TypeParameterData TypeComments
GroupsassociatedGroupSourceString
Accepted values:
  • UNKNOWN
  • MANUAL
  • API
  • TQL
  • DNS
  • EMAIL
See the “Query for Objects by Association Method” section of Constructing Query Expressions for more information.
GroupsassociatedIndicatorIntegerDeprecated by nested query; equivalent to hasIndicator(id=n)
GroupsassociatedIndicatorSource
StringAccepted values:
  • UNKNOWN
  • MANUAL
  • API
  • TQL
  • DNS
  • EMAIL
See the “Query for Objects by Association Method” section of Constructing Query Expressions for more information.
GroupsattributeNNDependentSee the “Query for Attributes” section of Constructing Query Expressions for more information.
GroupscreatedByUserAny username in the user’s Organization (e.g., createdBy = "[email protected]")
GroupsdateAddedDate
GroupsdocumentDateAddedDate
GroupsdocumentFilenameString
GroupsdocumentFilesizeLong
GroupsdocumentStatusString
GroupsdocumentTypeString
GroupsdownvoteCountInteger
GroupsemailDateDate
GroupsemailFromString
GroupsemailScoreInteger
GroupsemailScoreIncludesBodyBoolean
GroupsemailSubjectString
GroupseventDateDate
GroupsgeneratedReportBooleanReturns Report Groups that were created using the Publish Report feature in the Report Editor
GroupshasArtifact()Nested Query
GroupshasAttribute()Nested Query
GroupshasCase()Nested Query
GroupshasGroup()Nested Query
GroupshasIndicator()Nested Query
GroupshasIntelRequirement()Nested Query
GroupshasSecurityLabel()Nested Query
GroupshasTag()Nested Query
GroupshasVictim()Nested Query
GroupshasVictimAsset()Nested Query
GroupsidIntegerThe ID number of a Group. This number can be found in the URL of the Group’s Details screen, between groups/ and /overview.
GroupslastModifiedDateTime
GroupsownerInteger
GroupsownerNameString
GroupssecurityLabelString
GroupssignatureDateAddedDate
GroupssignatureFilenameString
GroupssignatureTypeString
GroupsstatusString
GroupssummaryString
GroupstagStringDeprecated by nested query; equivalent to hasTag(summary="")
GroupstagOwnerIntegerDeprecated by nested query; equivalent to hasTag(owner=n)
GroupstagOwnerNameStringDeprecated by nested query; equivalent to hasTag(ownerName="")
GroupstaskAssigneeUserme is the only valid value
GroupstaskAssigneePseudoUser
GroupstaskDateAddedDate
GroupstaskDueDateDate
GroupstaskEscalatedBoolean
GroupstaskEscalationDateDate
GroupstaskLastModifiedDate
GroupstaskOverdueBoolean
GroupstaskRemindedBoolean
GroupstaskReminderDateDate
GroupstaskStatusString
GroupstypeInteger
GroupstypeNameString
GroupsupvoteCountInteger
GroupsvictimAssetStringDeprecated by nested query; equivalent to hasVictimAsset(name="")
IndicatorsactiveLockedBoolean
IndicatorsaddressASNInteger
IndicatorsaddressCIDRCIDR Expression
IndicatorsaddressCityString
IndicatorsaddressCountryCodeString
IndicatorsaddressCountryNameString
IndicatorsaddressIpValBigInteger
IndicatorsaddressIsIpv6Boolean
IndicatorsaddressRegisteringOrgString
IndicatorsaddressStateString
IndicatorsaddressTimezoneString
IndicatorsassociatedGroupIntegerDeprecated by nested query; equivalent to hasGroup(id=n)
Indicators
associatedGroupSource
String
Accepted values:
  • UNKNOWN
  • MANUAL
  • API
  • TQL
  • DNS
  • EMAIL
See the “Query for Objects by Association Method” section of Constructing Query Expressions for more information.
Indicators
associatedIndicatorSource
String
Accepted values:
  • UNKNOWN
  • MANUAL
  • API
  • TQL
  • DNS
  • EMAIL
See the “Query for Objects by Association Method” section of Constructing Query Expressions for more information.
IndicatorsattributeNNDependentSee the “Query for Attributes” section of Constructing Query Expressions for more information.
IndicatorsconfidenceInteger
IndicatorsdateAddedDateTimeAccepted formats: yyyy-MM-dd HH:mm yyyy-MM-dd MM-dd-yyyy
IndicatorsdescriptionString
IndicatorsdtLastUpdatedDateTimeThe last date and time the Indicator was looked at with DomainTools®
Indicators
dtMalwareScoreIntegerThe malware score for the Indicator in DomainTools
Indicators
dtOverallScoreIntegerThe overall score for the Indicator in DomainTools
Indicators
dtPhishingScoreIntegerThe phishing score for the Indicator in DomainTools
Indicators
dtSpamScoreIntegerThe spam score for the Indicator in DomainTools
Indicators
dtStatusBooleanThe domain status for the Indicator in DomainTools
Indicators
externalDateAddedDateTimeThe date and time that the Indicator was first created externally
Indicators
externalLastModifiedDateTimeThe date and time that the Indicator was last modified externally
Indicators
externalDateExpiresDateTimeThe date and time the Indicator expires externally
IndicatorsfalsePositiveCountString
IndicatorsfileNameString
IndicatorsfilePath
String

IndicatorsfirstSeenDateTimeThe date and time that the Indicator was first seen
IndicatorsfileSizeBigInteger
IndicatorshasArtifact()Nested Query
IndicatorshasAttribute()Nested Query
IndicatorshasCase()Nested Query
IndicatorshasGroup()Nested Query
IndicatorshasIndicator()
Nested Query
IndicatorshasIntelRequirement()Nested Query
IndicatorshasSecurityLabel()Nested Query
IndicatorshasTag()Nested Query
IndicatorshasVictim()Nested Query
IndicatorshasVictimAsset()Nested Query
IndicatorshostDnsActiveBoolean
IndicatorshostWhoisActiveBoolean
IndicatorsidIntegerThe ID number of an Indicator. This number can be found in the URL of the Indicator’s Details screen, between indicators/ and /overview.
IndicatorsindicatorActiveBoolean
IndicatorslastFalsePositiveDate
IndicatorslastModifiedDateTime
IndicatorslastObservedDateTime
IndicatorslastSeenDateTimeThe date and time that the Indicator was last seen
IndicatorsobservationCountInteger
IndicatorsownerInteger
IndicatorsownerNameString
IndicatorsratingInteger
IndicatorssecurityLabelString
IndicatorssourceString
IndicatorssummaryString
IndicatorstagStringDeprecated by nested query; equivalent to hasTag(summary="")
IndicatorstagOwnerIntegerDeprecated by nested query; equivalent to hasTag(owner=n)
IndicatorstagOwnerNameStringDeprecated by nested query; equivalent to hasTag(ownerName="")
IndicatorsthreatAssessScoreInteger
IndicatorstypeInteger
IndicatorstypeNameString
Indicatorsvalue1StringUsed to search for Indicators that include multiple fields (e.g., File Indicators, Registry Key Indicators)
Indicatorsvalue2StringUsed to search for Indicators that include multiple fields (e.g., File Indicators, Registry Key Indicators)
Indicatorsvalue3StringUsed to search for Indicators that include multiple fields (e.g., File Indicators, Registry Key Indicators)
IndicatorsvtLastUpdatedDateTimeThe last date and time the Indicator was looked at with VirusTotal™
IndicatorsvtMaliciousCountIntegerThe number of malicious reports for an Indicator from VirusTotal (i.e., the VirusTotal score)
Intelligence RequirementscategoryStringThe category of an Intelligence Requirement (IR)
Intelligence Requirements
dateAddedDateTimeThe date and time an IR was added to ThreatConnect
Intelligence Requirements
hasArtifact()Nested QueryA nested query for association to Artifacts
Intelligence Requirements
hasCase()Nested Query
A nested query for association to Cases
Intelligence Requirements
hasGroup()Nested Query

A nested query for association to Groups
Intelligence Requirements
hasIndicator()Nested QueryA nested query for association to Indicators
Intelligence Requirements
hasTag()Nested QueryA nested query for association to Tags
Intelligence Requirements
hasVictim()Nested QueryA nested query for association to Victims
Intelligence Requirements
hasVictimAsset()Nested QueryA nested query for association to Victim Assets
Intelligence Requirements
idIntegerThe ID number of an IR. This number can be found in the URL of the IR’s Details screen, between intel-requirements/ and /overview.
Intelligence Requirements
lastModifiedDateTimeThe “last modified” date for an IR
Intelligence Requirements
ownerIntegerThe ID of an IR’s owner
Intelligence Requirements
ownerNameStringThe name of an IR's owner
Intelligence Requirements
requirementStringThe summary of an IR
Intelligence Requirements
subtypeStringThe subtype of an IR
Intelligence Requirements
tagStringThe name of a Tag applied to an IR
Intelligence Requirements
uniqueIdStringThe unique ID of an IR. This is the number that was entered in the ID field when the IR was created. It is found at the upper left of the header of the IR’s Details screen, both next to the Browse link and above the IR’s summary.
Intelligence Requirement ResultsarchivedDateDateTimeThe date and time an IR query result was archived
Intelligence Requirement Results
hasIntelRequirement()Nested Query
Intelligence Requirement Results
idIntegerThe ID number of an IR query result
Intelligence Requirement Results
intelIdIntegerThe ID number of a ThreatConnect object matching an IR query result
Intelligence Requirement Results
intelReqId
IntegerThe ID number of an IR query result’s IR
Intelligence Requirement Results
intelTypeStringThe object type of an IR query result (e.g., Address, Host, Adversary, Campaign)
Intelligence Requirement Results
isArchivedBooleanA flag indicating whether an IR query result has been archived
Intelligence Requirement Results
isAssociatedBooleanA flag indicating whether an IR query result has been associated to an IR
Intelligence Requirement Results
isFalsePositive
BooleanA flag indicating whether an IR query result has been flagged as a false positive
Intelligence Requirement Results
isLocalBooleanA flag indicating whether an IR query result exists in the owners to which you have access on your ThreatConnect instance
Intelligence Requirement Results
lastMatchedDateDateTimeThe date and time that an IR query result last matched the IR’s keyword query
Intelligence Requirement Results
ownerIntegerThe ID number of an IR query result’s owner
Intelligence Requirement Results
ownerNameStringThe name of an IR query result’s owner
Intelligence Requirement Results
scoreDecimalA weighted score indicating the relevancy of an IR query result
Note
As of ThreatConnect version 7.3.1, the score for an IR query result is not available in the ThreatConnect UI. It can be accessed only via TQL queries and the v3 API. This parameter can be used to target IR query results that have the most relevancy out of all available IR query results.
Intelligence Requirement Results
summaryStringThe summary of an IR query result
TagsactiveBooleanRead-only field that can be false for certain ATT&CK® Tags that become deprecated over time and will be excluded from places such as the ATT&CK Visualizer. The value of this parameter is true in all other cases.
TagsassociatedCaseIntegerDeprecated by nested query; equivalent to hasCase(id=n)
TagsassociatedGroupIntegerDeprecated by nested query; equivalent to hasGroup(id=n)
TagsassociatedIndicatorIntegerDeprecated by nested query; equivalent to hasIndicator(id=n)
TagsassociatedVictimIntegerDeprecated by nested query; equivalent to hasVictim(id=n)
TagscaseIdInteger
TagsdescriptionString
TagshasCase()Nested Query
TagshasGroup()Nested Query
TagshasIndicator()Nested Query
TagshasVictim()Nested Query
TagsidIntegerThe ID number of a Tag. This number can be found in the URL of the Tag’s Details screen, after tag.xhtml?tag=.
TagslastUsedDate
TagsnameString
TagsnormalizedBooleanRead-only field that indicates if a Tag is defined as a main Tag within a Tag normalization rule.
TagsownerInteger
TagsownerNameString
TagssummaryString
TagstechniqueIdStringThe standard ID for specific MITRE ATT&CK® techniques and sub-techniques (e.g., T1234, T1234.001). The value of this parameter is null for all non-ATT&CK Tags.
TracksactiveBoolean
TracksassociatedIndicatorIntegerNot deprecated, because Tracks are not part of the nested-query feature
TrackscontainsString
TracksdateAddedDate
TracksdescriptionString
TrackslastUpdatedDate
TracksnotContainsString
TracksownerInteger
TracksownerNameString
TracksresultString
TracksresultCountInteger
TracksresultDateDate
TrackssummaryString
Victim AssetsassetString
Victim AssetsassociatedGroupIntegerDeprecated by nested query; equivalent to hasGroup(id=n)
Victim AssetshasGroup()Nested Query
Victim AssetshasIndicator()Nested Query
Victim AssetshasVictim()Nested Query
Victim AssetshasVictimAsset()Nested Query
Victim AssetsidInteger
Victim AssetsownerInteger
Victim AssetsownerNameString
Victim AssetssummaryString
Victim AssetstypeInteger
Victim AssetstypeNameString
Victim AssetsvictimIdInteger
Victim AssetsvictimNameString
VictimsassetNameStringDeprecated by nested query; equivalent to hasVictimAsset(summary="")
VictimsassetTypeIntegerDeprecated by nested query; equivalent to hasVictimAsset(type=n)
VictimsassetTypeNameStringDeprecated by nested query; equivalent to hasVictimAsset(typeName="")
VictimsattributeNNDependentSee the “Query for Attributes” section of Constructing Query Expressions for more information.
VictimsdescriptionString
VictimshasAttribute()Nested Query
VictimshasGroup()Nested Query
VictimshasIndicator()Nested Query
VictimshasSecurityLabel()Nested Query
VictimshasTag()Nested Query
VictimshasVictim()Nested Query
VictimshasVictimAsset()Nested Query
VictimsidIntegerThe ID number of a Victim. This number can be found in the URL of the Victim’s Details screen, after victim.xhtml?victim=.
VictimsnameString
VictimsnationalityString
VictimsorganizationString
VictimsownerInteger
VictimsownerNameString
VictimssecurityLabelString
VictimssubOrgString
VictimssummaryStringEquivalent to name
VictimstagStringDeprecated by nested query; equivalent to hasTag(summary="")
VictimstagOwnerIntegerDeprecated by nested query; equivalent to hasTag(owner=n)
VictimstagOwnerNameStringDeprecated by nested query; equivalent to hasTag(ownerName="")
VictimsworkLocationString

Workflow Parameters

Table 3 provides all of the Workflow-related TQL parameters, including their corresponding ThreatConnect Workflow type, data type, and a description.

Important
Workflow-related TQL parameters are available only in dashboard Query cards and the ThreatConnect v3 API. They are not available in the Browse screen.
Note
It is recommended to use ISO-8601-compliant formatting for TQL parameters with Date or Datetime data types.

 

Workflow TypeParameterData TypeDescription
ArtifactanalyticsScoreIntegerThe ThreatAssess assessment level of the Artifact
ArtifactcaseIdIntegerThe ID number of a Case associated with an Artifact
ArtifactdateAddedDateTimeThe date and time at which an Artifact was added to ThreatConnect
ArtifacthasCase()Nested QueryA nested query for association to other Cases
ArtifacthasGroup()Nested QueryA nested query for association to other Groups
ArtifacthasIndicator()Nested QueryA nested query for association to other Indicators
ArtifacthasNote()Nested QueryA nested query for association to other Notes
ArtifacthasTask()Nested QueryA nested query for association to other Tasks
ArtifactidIntegerThe ID number of an Artifact
ArtifactindicatorActiveBooleanA flag indicating whether the Artifact is active
ArtifactnoteIdIntegerThe ID number of a Note associated with an Artifact
ArtifactsourceStringThe source of an Artifact
ArtifactsummaryStringThe summary of an Artifact
ArtifacttaskIdIntegerThe ID number of a Task associated with an Artifact
ArtifacttypeStringThe type name of an Artifact
ArtifacttypeNameStringThe type name of an Artifact
ArtifactTypeactiveBooleanThe active status of an Artifact type
ArtifactTypedataTypeEnumThe data type of an Artifact type
ArtifactTypedescriptionStringThe description of an Artifact type
ArtifactTypeidIntegerThe ID number of an Artifact type
ArtifactTypeintelTypeStringThe intel type of an Artifact type
ArtifactTypemanagedBooleanThe managed status of an Artifact type
ArtifactTypenameStringThe name of an Artifact type
AttributeTypeassociatedTypeStringThe data type(s) for which an Attribute Type can be used
AttributeTypedescriptionStringThe description of an Attribute Type
AttributeTypeidIntegerThe ID number of an Attribute Type
AttributeTypemaxsizeIntegerThe maximum size, in characters, of an Attribute Type’s value.
AttributeTypenameStringThe name of an Attribute Type
AttributeTypeownerIntegerThe ID number for the owner of an Attribute Type
AttributeTypeownerNameStringThe name of the owner of an Attribute Type
AttributeTypesystemBooleanA flag designating whether to show System-level Attributes (TRUE) or owner-specific Attributes only (FALSE)
CaseassignedToUserOrGroupEnumThe type of Case assignee (either User or Group)
CaseassigneeNameStringThe name of the user or user group assigned to the Case
CaseattributeStringAn Attribute corresponding to a Case
CasecaseCloseTimeDateTimeThe date and time a Case was closed
CasecaseCloseUserUserThe username of the user who closed a Case
CasecaseDetectionTimeDateTimeThe date and time a security incident or threat (i.e., the event that caused a Case to be opened) was detected (e.g., by the security team)
CasecaseDetectionUserUserThe username of the user who logged a Case’s detection time
CasecaseOccurrenceTimeDateTimeThe date and time a security incident or threat (i.e., the event that caused a Case to be opened) occurred
CasecaseOccurrenceUserUserThe username of the user who logged a Case’s occurrence time
CasecaseOpenTimeDateTimeThe date and time a Case was opened
CasecaseOpenUserUserThe username of the user who opened a Case
CasecreatedByUserThe username of the user who created a Case
CasecreatedByIdIntegerThe user ID number of the user who created a Case
CasedateAddedDateTimeThe date on which a Case was added to ThreatConnect
CasedescriptionStringThe description of a Case
CasehasArtifactNested QueryA nested query for association to Artifacts
CasehasCase()Nested QueryA nested query for association to other Cases
CasehasGroup()Nested QueryA nested query for association to other Groups
CasehasIndicator()Nested QueryA nested query for association to other Indicators
CasehasNote()Nested QueryA nested query for association to Notes
CasehasTag()Nested QueryA nested query for association to labels
CasehasTask()Nested QueryA nested query for association to Tasks
CasehasWorkflowTemplate()Nested QueryA nested query for association to Workflow Templates
CaseidIntegerThe ID number of a Case
CaseidAsStringStringThe ID number of a Case as a String
CasenameStringThe name of a Case
Note
If querying for Cases with a name that contains a backslash character (\), use a double backslash (\\) in the query to escape the single backslash. For more information, see the “Workflow-Related Queries” section of Constructing Query Expressions.
CaseownerIntegerThe ID number for the owner of a Case
CaseownerNameStringThe name of the owner of a Case
CaseresolutionStringThe resolution of a Case
CaseseverityEnumThe severity of a Case
CasestatusEnumThe status of a Case
CasetagStringThe name of a Tag applied to a Case
CasetargetIdIntegerThe user or user group ID number for a Case assignee
CasetargetTypeEnumThe target type for a Case (either User or Group)
CasetypeNameStringThe name of a Case
CasexidStringThe XID of a Case
CaseAttributecaseIdIntegerThe ID number of a Case to which the Attribute is added
CaseAttributedateAddedDateTimeThe date on which the Attribute was added to the system
CaseAttributedateValDateTimeThe date value of an Attribute (only applies to certain Attribute Types)
CaseAttributedisplayedBooleanA flag indicating whether the Attribute is displayed in a Case
CaseAttributehasCase()Nested QueryA nested query for association to other Cases
CaseAttributeidIntegerThe ID number of an Attribute
CaseAttributeintValIntegerThe integer value of an Attribute (only applies to certain Attribute Types)
CaseAttributelastModifiedDateTimeThe date when an Attribute was last modified
CaseAttributemaxSizeIntegerThe maximum length of an Attribute’s text
CaseAttributeownerIntegerThe ID of the owner in which an Attribute exists
CaseAttributeownerNameStringThe name of the owner in which an Attribute exists
CaseAttributesourceStringAn Attribute’s source
CaseAttributetextStringThe text of an Attribute (only applies to certain Attribute Types)
CaseAttributetypeIntegerThe ID number of an Attribute’s Type
CaseAttributetypeNameStringThe name of an Attribute’s Type
CaseAttributeuserStringThe username of the user who created an Attribute
NoteartifactIdIntegerThe ID number of an Artifact with which a Note is associated
NoteauthorUserThe account login of a user who wrote a Note
NotecaseIdIntegerThe ID number of a Case with which a Note is associated
NotedateAddedDateTimeThe date on which a Note was written
NotehasArtifact()Nested QueryA nested query for association to Artifacts
NotehasCase()Nested QueryA nested query for association to Cases
NotehasTask()Nested QueryA nested query for association to Tasks
NoteidIntegerThe ID number of a Case
NotelastModifiedDateTimeThe date on which a Note was last modified
NotesummaryStringText of the first 100 characters of a Note
NotetaskIdIntegerThe ID number of a Task with which a Note is associated
NoteworkflowEventIdIntegerThe ID number of a Workflow Timeline event with which a Note is associated
TaskassignedToUserOrGroupEnumThe type of Task assignee (either User or Group)
TaskassigneeNameStringThe name of the user or user group assigned to the Task
TaskautomatedBooleanA flag indicating whether a Task is automated
TaskcaseIdIntegerThe ID number of a Case with which a Task is associated
TaskcaseIdAsStringStringThe ID number of a Case as a String
TaskcaseSeverityEnumThe severity of a Case associated with a Task
TaskcompletedByUserThe username of a user who completed a Task
TaskcompletedDateDateThe completion date of a Task
TaskdescriptionStringThe description of a Task
TaskdueDateDateThe due date of a Task
TaskhasArtifact()Nested QueryA nested query for association to other Artifacts
TaskhasCase()Nested QueryA nested query for association to other Cases
TaskhasNote()Nested QueryA nested query for association to other Notes
TaskidIntegerThe ID number of a Task
TasknameStringThe name of a Task
TaskownerIntegerThe ID of the owner in which a Task exists
TaskownerNameStringThe name of the owner in which a Task exists
TaskrequiredBooleanA flag indicating whether a Task is required or not
TaskstatusEnumThe status of a Task
TasktargetIdLongThe user or user group ID number for a Task assignee
TasktargetTypeEnumThe target type for a Task (either User or Group)
TaskworkflowPhaseIntegerThe Workflow Phase of a Task
TaskworkflowStepIntegerThe Workflow step of a Task
TaskxidStringThe XID of a Task
WorkflowEventcaseIdIntegerThe ID number of a Case with which a Timeline event is associated
WorkflowEventdateAddedDateTimeThe date on which a Timeline event was added
WorkflowEventdeletedBooleanThe deletion status of a Timeline event
WorkflowEventdeletedReasonStringThe reason a Timeline event was deleted
WorkflowEventeventDateDateTimeThe date on which a Timeline event occurred
WorkflowEventidIntegerThe ID number of a Timeline event
WorkflowEventlinkStringUpperThe item to which a Timeline event pertains, in format <type>:<id>
WorkflowEventsummaryStringText of a Timeline event
WorkflowEventsystemGeneratedBooleanFlag determining whether a Timeline event was created automatically by the system
WorkflowEventuserNameStringThe username associated with a Timeline event
WorkflowTemplateactiveBooleanThe active status of a Workflow Template
WorkflowTemplatedescriptionStringThe description of a Workflow Template
WorkflowTemplateidIntegerThe ID number of a Workflow Template
WorkflowTemplatenameStringThe name of a Workflow Template
WorkflowTemplateownerIntegerThe ID of the owner in which a Workflow Template exists
WorkflowTemplateownerNameStringThe name of the owner in which a Workflow Template exists
WorkflowTemplatetargetIdIntegerThe user or user group ID for the default assignee for a Workflow Template
WorkflowTemplatetargetTypeEnumThe target type for a Workflow Template (either User or Group)
WorkflowTemplateversionIntegerThe version of a Workflow Template

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
DomainTools® is a registered trademark of DomainTools, LLC.
VirusTotal™ is a trademark of Google, Inc.

MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.

20052-04 v.21.A


Was this article helpful?