{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.security.intelligenceProfileIndicator",
  "title": "microsoft.graph.security.intelligenceProfileIndicator",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.security.indicator"
    },
    {
      "title": "intelligenceProfileIndicator",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "firstSeenDateTime": {
          "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
          "type": "string",
          "description": "Designate when an artifact was first used actively in an attack, when a particular sample was compiled, or if neither of those could be ascertained when the file was first seen in public repositories (for example, VirusTotal, ANY.RUN, Hybrid Analysis) or reported publicly.",
          "format": "date-time"
        },
        "lastSeenDateTime": {
          "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
          "type": "string",
          "description": "Designate when an artifact was most recently used actively in an attack, when a particular sample was compiled, or if neither of those could be ascertained when the file was first seen in public repositories (for example, VirusTotal, ANY.RUN, Hybrid Analysis) or reported publicly.",
          "format": "date-time",
          "nullable": true
        },
        "@odata.type": {
          "type": "string",
          "default": "#microsoft.graph.security.intelligenceProfileIndicator"
        }
      }
    }
  ],
  "x-ms-discriminator-value": "#microsoft.graph.security.intelligenceProfileIndicator"
}