1.2 Threat Icons

Threat Icons

TheatPinch uses icons from oNline Web Fonts which licenses their icons under CC 3.0 - I'd like to give a big shout out to them here, not just because I'm required to but also for making such fantastic icons available for artistically challenge folk like myself.

ThreatPinch has a number of icons that can be used to illustrate quick references to activities being seen from particular IP addresses. Since the tooltip has limited screen space, using the icons will give you the most bang for your buck. Plus icons are pretty. Below are the list of icons available:

• Dynamic IPs
• Known Anonymization
• Attacks Reported
• Blacklisted
• Known Bot
• Known C&C
• DOS Reported
• Malware Reported
• Scanning Reported
• Spam Reported
• Phishing Reported
• Malicious Activity
• APT Activity

These icons were chosen based on descriptors commonly seen in threat feeds and tools. They don't appear to be based on any standards, and aren't uniform across vendors. I like to refer to these as "High Level Activity Indicators" that are descriptive enough to give you an idea of what this actor might be doing. If anyone knows of a standard for these high level activity descriptions send it my way, I've looked and haven't found anything. Even the STIX vocabulary doesn't appear to fit properly in this model. If I'm wrong, let me know, I'd rather get these icons based on some kind of standard.

Also, if you think we need a new icon to describe a new indicator submit a Git issue with a referenced icon and description of use and if relevant we will add the icons.