Skip to content

Class: Anomaly

Describes an anomaly or deviation detected in a system. Anomalies are

unexpected activity patterns that could indicate potential issues needing

attention.

URI: ocsf:Anomaly

 classDiagram
    class Anomaly
    click Anomaly href "../Anomaly/"
      Object <|-- Anomaly
        click Object href "../Object/"

      Anomaly : observation_parameter

      Anomaly : observation_type

      Anomaly : observations





        Anomaly --> "1..*" Observation : observations
        click Observation href "../Observation/"



      Anomaly : observed_pattern

Inheritance

Slots

Name Cardinality and Range Description Inheritance
observation_parameter 1
String		 The specific parameter, metric or property where the anomaly was observed direct
observation_type 0..1 recommended
String		 The type of analysis methodology used to detect the anomaly direct
observations 1..*
Observation		 Details about the observed anomaly or observations that were flagged as direct
observed_pattern 0..1 recommended
String		 The specific pattern identified within the observation type direct

Usages

used by used in type used
AnomalyAnalysis anomalies range Anomaly

In Subsets

Aliases

  • Anomaly

Identifier and Mapping Information

Schema Source

Mappings

Mapping Type Mapped Value
self ocsf:Anomaly
native ocsf:Anomaly

LinkML Source

Direct

name: Anomaly
description: 'Describes an anomaly or deviation detected in a system. Anomalies are

  unexpected activity patterns that could indicate potential issues needing

  attention.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Anomaly
is_a: Object
slots:
- observation_parameter
- observation_type
- observations
- observed_pattern
slot_usage:
  observation_parameter:
    name: observation_parameter
    description: 'The specific parameter, metric or property where the anomaly was
      observed.

      Examples include: CPU usage percentage, API response time in milliseconds, HTTP

      error rate, memory utilization, network latency, transaction volume, etc. This

      helps identify the exact aspect of the system exhibiting anomalous behavior.'
    required: true
  observation_type:
    name: observation_type
    description: 'The type of analysis methodology used to detect the anomaly. This
      indicates how

      the anomaly was identified through different analytical approaches. Common

      types include: Frequency Analysis, Time Pattern Analysis, Volume Analysis,

      Sequence Analysis, Distribution Analysis, etc.'
    recommended: true
  observations:
    name: observations
    description: 'Details about the observed anomaly or observations that were flagged
      as

      anomalous compared to expected baseline behavior.'
    required: true
  observed_pattern:
    name: observed_pattern
    description: 'The specific pattern identified within the observation type. For
      Frequency

      Analysis, this could be ''FREQUENT'', ''INFREQUENT'', ''RARE'', or ''UNSEEN''.
      For Time

      Pattern Analysis, this could be ''BUSINESS_HOURS'', ''OFF_HOURS'', or

      ''UNUSUAL_TIME''. For Volume Analysis, this could be ''NORMAL_VOLUME'',

      ''HIGH_VOLUME'', or ''SURGE''. The pattern values are specific to each observation

      type and indicate how the observed behavior relates to the baseline.'
    recommended: true

Induced

name: Anomaly
description: 'Describes an anomaly or deviation detected in a system. Anomalies are

  unexpected activity patterns that could indicate potential issues needing

  attention.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Anomaly
is_a: Object
slot_usage:
  observation_parameter:
    name: observation_parameter
    description: 'The specific parameter, metric or property where the anomaly was
      observed.

      Examples include: CPU usage percentage, API response time in milliseconds, HTTP

      error rate, memory utilization, network latency, transaction volume, etc. This

      helps identify the exact aspect of the system exhibiting anomalous behavior.'
    required: true
  observation_type:
    name: observation_type
    description: 'The type of analysis methodology used to detect the anomaly. This
      indicates how

      the anomaly was identified through different analytical approaches. Common

      types include: Frequency Analysis, Time Pattern Analysis, Volume Analysis,

      Sequence Analysis, Distribution Analysis, etc.'
    recommended: true
  observations:
    name: observations
    description: 'Details about the observed anomaly or observations that were flagged
      as

      anomalous compared to expected baseline behavior.'
    required: true
  observed_pattern:
    name: observed_pattern
    description: 'The specific pattern identified within the observation type. For
      Frequency

      Analysis, this could be ''FREQUENT'', ''INFREQUENT'', ''RARE'', or ''UNSEEN''.
      For Time

      Pattern Analysis, this could be ''BUSINESS_HOURS'', ''OFF_HOURS'', or

      ''UNUSUAL_TIME''. For Volume Analysis, this could be ''NORMAL_VOLUME'',

      ''HIGH_VOLUME'', or ''SURGE''. The pattern values are specific to each observation

      type and indicate how the observed behavior relates to the baseline.'
    recommended: true
attributes:
  observation_parameter:
    name: observation_parameter
    description: 'The specific parameter, metric or property where the anomaly was
      observed.

      Examples include: CPU usage percentage, API response time in milliseconds, HTTP

      error rate, memory utilization, network latency, transaction volume, etc. This

      helps identify the exact aspect of the system exhibiting anomalous behavior.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Observation Parameter
    rank: 1000
    alias: observation_parameter
    owner: Anomaly
    domain_of:
    - Anomaly
    - Baseline
    range: string
    required: true
  observation_type:
    name: observation_type
    description: 'The type of analysis methodology used to detect the anomaly. This
      indicates how

      the anomaly was identified through different analytical approaches. Common

      types include: Frequency Analysis, Time Pattern Analysis, Volume Analysis,

      Sequence Analysis, Distribution Analysis, etc.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Observation Type
    rank: 1000
    alias: observation_type
    owner: Anomaly
    domain_of:
    - Anomaly
    - Baseline
    range: string
    recommended: true
  observations:
    name: observations
    description: 'Details about the observed anomaly or observations that were flagged
      as

      anomalous compared to expected baseline behavior.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Observations
    rank: 1000
    alias: observations
    owner: Anomaly
    domain_of:
    - Anomaly
    - Baseline
    range: Observation
    required: true
    multivalued: true
  observed_pattern:
    name: observed_pattern
    description: 'The specific pattern identified within the observation type. For
      Frequency

      Analysis, this could be ''FREQUENT'', ''INFREQUENT'', ''RARE'', or ''UNSEEN''.
      For Time

      Pattern Analysis, this could be ''BUSINESS_HOURS'', ''OFF_HOURS'', or

      ''UNUSUAL_TIME''. For Volume Analysis, this could be ''NORMAL_VOLUME'',

      ''HIGH_VOLUME'', or ''SURGE''. The pattern values are specific to each observation

      type and indicate how the observed behavior relates to the baseline.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Observed Pattern
    rank: 1000
    alias: observed_pattern
    owner: Anomaly
    domain_of:
    - Anomaly
    - Baseline
    range: string
    recommended: true