name: AnalyticTypeIdEnum
description: The analytic type ID.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: Unknown
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
RULE:
text: RULE
description: 'A Rule in security analytics refers to predefined criteria or conditions
set to
monitor, alert, or enforce policies, playing a crucial role in access control,
threat detection, and regulatory compliance across security systems.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Rule
BEHAVIORAL:
text: BEHAVIORAL
description: 'Behavioral analytics focus on monitoring and analyzing user or system
actions
to identify deviations from established patterns, aiding in the detection of
insider threats, fraud, and advanced persistent threats (APTs).'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Behavioral
STATISTICAL:
text: STATISTICAL
description: 'Statistical analytics pertains to analyzing data patterns and anomalies
using
statistical models to predict, detect, and respond to potential threats,
enhancing overall security posture through informed decision-making.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Statistical
LEARNING_ML_DL:
text: LEARNING_ML_DL
description: 'Learning (ML/DL) encompasses techniques that can "learn" from known
data to
create analytics that generalize to new data. There may be a statistical
component to these techniques, but it is not a requirement.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Learning (ML/DL)
FINGERPRINTING:
text: FINGERPRINTING
description: 'Fingerprinting is the technique of collecting detailed system data,
including
software versions and configurations, to enhance threat detection, data loss
prevention (DLP), and endpoint detection and response (EDR) capabilities.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Fingerprinting
TAGGING:
text: TAGGING
description: 'Tagging refers to the practice of assigning labels or identifiers
to data,
users, assets, or activities to monitor, control access, and facilitate
incident response across various security domains such as DLP and EDR.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Tagging
KEYWORD_MATCH:
text: KEYWORD_MATCH
description: 'Keyword Match involves scanning content for specific terms to identify
sensitive information, potential threats, or policy violations, aiding in DLP
and compliance monitoring.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Keyword Match
REGULAR_EXPRESSIONS:
text: REGULAR_EXPRESSIONS
description: 'Regular Expressions are used to define complex search patterns for
identifying,
validating, and extracting specific data sets or threats within digital
content, enhancing DLP, EDR, and threat detection mechanisms.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '8'
caption:
tag: caption
value: Regular Expressions
EXACT_DATA_MATCH:
text: EXACT_DATA_MATCH
description: 'Exact Data Match is a precise comparison technique used to detect
the
unauthorized use or exposure of specific, sensitive information, crucial for
enforcing DLP policies and protecting against data breaches.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '9'
caption:
tag: caption
value: Exact Data Match
PARTIAL_DATA_MATCH:
text: PARTIAL_DATA_MATCH
description: 'Partial Data Match involves identifying instances where segments
of sensitive
information or patterns match, facilitating nuanced DLP and threat detection
without requiring complete data conformity.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '10'
caption:
tag: caption
value: Partial Data Match
INDEXED_DATA_MATCH:
text: INDEXED_DATA_MATCH
description: 'Indexed Data Match refers to comparing content against a pre-compiled
index of
sensitive information to efficiently detect and prevent unauthorized access
or
breaches, streamlining DLP and compliance efforts.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '11'
caption:
tag: caption
value: Indexed Data Match
OTHER:
text: OTHER
description: Other
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other