The source and source_uri fields tie threat intelligence to the source of information. The source field should be a required field in the schema.