Class: Analytic
The Analytic object contains details about the analytic technique used to
analyze and derive insights from the data or information that led to the
creation of a finding or conclusion.
URI: ocsf:Analytic
classDiagram
class Analytic
click Analytic href "../Analytic/"
Entity <|-- Analytic
click Entity href "../Entity/"
Analytic : algorithm
Analytic : category
Analytic : desc
Analytic : name
Analytic : related_analytics
Analytic --> "*" Analytic : related_analytics
click Analytic href "../Analytic/"
Analytic : state
Analytic : state_id
Analytic --> "0..1" AnalyticStateIdEnum : state_id
click AnalyticStateIdEnum href "../AnalyticStateIdEnum/"
Analytic : type
Analytic : type_id
Analytic --> "1" AnalyticTypeIdEnum : type_id
click AnalyticTypeIdEnum href "../AnalyticTypeIdEnum/"
Analytic : uid
Analytic : version
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| algorithm | 0..1 String |
The algorithm used by the underlying analytic to generate the finding | direct |
| category | 0..1 String |
The analytic category | direct |
| desc | 0..1 String |
The description of the analytic that generated the finding | direct |
| name | 0..1 recommended String |
The name of the analytic that generated the finding | direct |
| related_analytics | * Analytic |
Other analytics related to this analytic | direct |
| state | 0..1 String |
The Analytic state | direct |
| state_id | 0..1 AnalyticStateIdEnum |
The Analytic state identifier | direct |
| type | 0..1 String |
The analytic type | direct |
| type_id | 1 AnalyticTypeIdEnum |
The analytic type ID | direct |
| uid | 0..1 recommended String |
The unique identifier of the analytic that generated the finding | direct |
| version | 0..1 String |
The analytic version | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Osint | related_analytics | range | Analytic |
| Analytic | related_analytics | range | Analytic |
| FindingInfo | analytic | range | Analytic |
| FindingInfo | related_analytics | range | Analytic |
| SecurityFinding | analytic | range | Analytic |
In Subsets
Aliases
- Analytic
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Analytic |
| native | ocsf:Analytic |
LinkML Source
Direct
name: Analytic
description: 'The Analytic object contains details about the analytic technique used
to
analyze and derive insights from the data or information that led to the
creation of a finding or conclusion.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Analytic
is_a: Entity
slots:
- algorithm
- category
- desc
- name
- related_analytics
- state
- state_id
- type
- type_id
- uid
- version
slot_usage:
algorithm:
name: algorithm
description: The algorithm used by the underlying analytic to generate the finding.
category:
name: category
description: The analytic category.
desc:
name: desc
description: The description of the analytic that generated the finding.
name:
name: name
description: The name of the analytic that generated the finding.
related_analytics:
name: related_analytics
description: Other analytics related to this analytic.
deprecated: 'Related Analytics has been decoupled from this object, instead use
<code>finding_info.related_analytics</code>.'
state:
name: state
description: The Analytic state.
state_id:
name: state_id
description: The Analytic state identifier.
range: AnalyticStateIdEnum
type:
name: type
description: The analytic type.
type_id:
name: type_id
description: The analytic type ID.
range: AnalyticTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the analytic that generated the finding.
version:
name: version
description: 'The analytic version. For example: <code>1.1</code>.'
Induced
name: Analytic
description: 'The Analytic object contains details about the analytic technique used
to
analyze and derive insights from the data or information that led to the
creation of a finding or conclusion.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Analytic
is_a: Entity
slot_usage:
algorithm:
name: algorithm
description: The algorithm used by the underlying analytic to generate the finding.
category:
name: category
description: The analytic category.
desc:
name: desc
description: The description of the analytic that generated the finding.
name:
name: name
description: The name of the analytic that generated the finding.
related_analytics:
name: related_analytics
description: Other analytics related to this analytic.
deprecated: 'Related Analytics has been decoupled from this object, instead use
<code>finding_info.related_analytics</code>.'
state:
name: state
description: The Analytic state.
state_id:
name: state_id
description: The Analytic state identifier.
range: AnalyticStateIdEnum
type:
name: type
description: The analytic type.
type_id:
name: type_id
description: The analytic type ID.
range: AnalyticTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the analytic that generated the finding.
version:
name: version
description: 'The analytic version. For example: <code>1.1</code>.'
attributes:
algorithm:
name: algorithm
description: The algorithm used by the underlying analytic to generate the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Algorithm
rank: 1000
alias: algorithm
owner: Analytic
domain_of:
- Analytic
- DigitalSignature
- EncryptionDetails
- Fingerprint
- Hassh
range: string
category:
name: category
description: The analytic category.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category
rank: 1000
alias: category
owner: Analytic
domain_of:
- Osint
- Vulnerability
- Analytic
- Assessment
- Compliance
- DataClassification
- Rule
- Trait
range: string
desc:
name: desc
description: The description of the analytic that generated the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Analytic
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
name:
name: name
description: The name of the analytic that generated the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Analytic
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
related_analytics:
name: related_analytics
description: Other analytics related to this analytic.
deprecated: 'Related Analytics has been decoupled from this object, instead use
<code>finding_info.related_analytics</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Related Analytics
rank: 1000
alias: related_analytics
owner: Analytic
domain_of:
- Osint
- Analytic
- FindingInfo
range: Analytic
multivalued: true
state:
name: state
description: The Analytic state.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- State
rank: 1000
alias: state
owner: Analytic
domain_of:
- QueryEvidence
- Scim
- SecurityState
- Analytic
- DigitalSignature
- Idp
- DeviceConfigStateChange
- NetworkConnectionQuery
- SecurityFinding
range: string
state_id:
name: state_id
annotations:
sibling:
tag: sibling
value: state
description: The Analytic state identifier.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- State ID
rank: 1000
alias: state_id
owner: Analytic
domain_of:
- Scim
- SecurityState
- Analytic
- DigitalSignature
- Idp
- DeviceConfigStateChange
- NetworkConnectionQuery
- SecurityFinding
range: AnalyticStateIdEnum
type:
name: type
description: The analytic type.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Analytic
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The analytic type ID.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: Analytic
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: AnalyticTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the analytic that generated the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Analytic
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
version:
name: version
description: 'The analytic version. For example: <code>1.1</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Analytic
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string