Enum: AgentTypeIdEnum
The normalized representation of an agent or sensor. E.g., EDR, vulnerability
management, APM, backup & recovery, etc.
URI: ocsf:AgentTypeIdEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| ENDPOINT_DETECTION_AND_RESPONSE | None | Any EDR sensor or agent |
| DATA_LOSS_PREVENTION | None | Any DLP sensor or agent |
| BACKUP_RECOVERY | None | Any agent or sensor that provides backups, archival, or recovery capabilities |
| PERFORMANCE_MONITORING_OBSERVABILITY | None | Any agent or sensor that provides Application Performance Monitoring (APM), |
| VULNERABILITY_MANAGEMENT | None | Any agent or sensor that provides vulnerability management or scanning |
| LOG_FORWARDING | None | Any agent or sensor that forwards logs to a 3rd party storage system such as ... |
| MOBILE_DEVICE_MANAGEMENT | None | Any agent or sensor responsible for providing Mobile Device Management (MDM) ... |
| CONFIGURATION_MANAGEMENT | None | Any agent or sensor that provides configuration management of a device, such ... |
| REMOTE_ACCESS | None | Any agent or sensor that provides remote access capabilities to a device |
| UNKNOWN | None | The type is unknown |
| OTHER | None | The type is not mapped |
Slots
| Name | Description |
|---|---|
| type_id | The normalized representation of an agent or sensor |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: AgentTypeIdEnum
description: 'The normalized representation of an agent or sensor. E.g., EDR, vulnerability
management, APM, backup & recovery, etc.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
ENDPOINT_DETECTION_AND_RESPONSE:
text: ENDPOINT_DETECTION_AND_RESPONSE
description: 'Any EDR sensor or agent. Or any tool that provides similar threat
detection,
anti-malware, anti-ransomware, or similar capabilities. E.g., Crowdstrike
Falcon, Microsoft Defender for Endpoint, Wazuh.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Endpoint Detection and Response
DATA_LOSS_PREVENTION:
text: DATA_LOSS_PREVENTION
description: 'Any DLP sensor or agent. Or any tool that provides similar data
classification,
data loss detection, and/or data loss prevention capabilities. E.g., Forcepoint
DLP, Microsoft Purview, Symantec DLP.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Data Loss Prevention
BACKUP_RECOVERY:
text: BACKUP_RECOVERY
description: 'Any agent or sensor that provides backups, archival, or recovery
capabilities.
E.g., Azure Backup, AWS Backint Agent.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Backup & Recovery
PERFORMANCE_MONITORING_OBSERVABILITY:
text: PERFORMANCE_MONITORING_OBSERVABILITY
description: 'Any agent or sensor that provides Application Performance Monitoring
(APM),
active tracing, profiling, or other observability use cases and optionally
forwards the logs. E.g., New Relic Agent, Datadog Agent, Azure Monitor Agent.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Performance Monitoring & Observability
VULNERABILITY_MANAGEMENT:
text: VULNERABILITY_MANAGEMENT
description: 'Any agent or sensor that provides vulnerability management or scanning
capabilities. E.g., Qualys VMDR, Microsoft Defender for Endpoint, Crowdstrike
Spotlight, Amazon Inspector Agent.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Vulnerability Management
LOG_FORWARDING:
text: LOG_FORWARDING
description: 'Any agent or sensor that forwards logs to a 3rd party storage system
such as a
data lake or SIEM. E.g., Splunk Universal Forwarder, Tenzir, FluentBit, Amazon
CloudWatch Agent, Amazon Kinesis Agent.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Log Forwarding
MOBILE_DEVICE_MANAGEMENT:
text: MOBILE_DEVICE_MANAGEMENT
description: 'Any agent or sensor responsible for providing Mobile Device Management
(MDM) or
Mobile Enterprise Management (MEM) capabilities. E.g., JumpCloud Agent, Esper
Agent, Jamf Pro binary.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Mobile Device Management
CONFIGURATION_MANAGEMENT:
text: CONFIGURATION_MANAGEMENT
description: 'Any agent or sensor that provides configuration management of a
device, such as
scanning for software, license management, or applying configurations. E.g.,
AWS Systems Manager Agent, Flexera, ServiceNow MID Server.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '8'
caption:
tag: caption
value: Configuration Management
REMOTE_ACCESS:
text: REMOTE_ACCESS
description: 'Any agent or sensor that provides remote access capabilities to
a device. E.g.,
BeyondTrust, Amazon Systems Manager Agent, Verkada Agent.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '9'
caption:
tag: caption
value: Remote Access
UNKNOWN:
text: UNKNOWN
description: The type is unknown.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
OTHER:
text: OTHER
description: 'The type is not mapped. See the <code>type</code> attribute, which
contains a
data source specific value.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other