Class: AnomalyAnalysis
Describes the analysis of activity patterns and anomalies of target entities to
identify potential security threats, performance issues, or other deviations
from established baselines. This includes monitoring and analyzing user
interactions, API usage, resource utilization, access patterns and other
measured indicators.
URI: ocsf:AnomalyAnalysis
classDiagram
class AnomalyAnalysis
click AnomalyAnalysis href "../AnomalyAnalysis/"
OcsfObject <|-- AnomalyAnalysis
click OcsfObject href "../OcsfObject/"
AnomalyAnalysis : analysis_targets
AnomalyAnalysis --> "1..*" AnalysisTarget : analysis_targets
click AnalysisTarget href "../AnalysisTarget/"
AnomalyAnalysis : anomalies
AnomalyAnalysis --> "1..*" Anomaly : anomalies
click Anomaly href "../Anomaly/"
AnomalyAnalysis : baselines
AnomalyAnalysis --> "* _recommended_" Baseline : baselines
click Baseline href "../Baseline/"
Inheritance
- OcsfObject
- AnomalyAnalysis
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| analysis_targets | 1..* AnalysisTarget |
The analysis targets define the scope of monitored activities, specifying wha... | direct |
| anomalies | 1..* Anomaly |
List of detected activities that significantly deviate from the established | direct |
| baselines | * recommended Baseline |
List of established patterns representing normal activity that serve as | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| DetectionFinding | anomaly_analyses | range | AnomalyAnalysis |
In Subsets
Aliases
- Anomaly Analysis
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:AnomalyAnalysis |
| native | ocsf:AnomalyAnalysis |
LinkML Source
Direct
name: AnomalyAnalysis
description: 'Describes the analysis of activity patterns and anomalies of target
entities to
identify potential security threats, performance issues, or other deviations
from established baselines. This includes monitoring and analyzing user
interactions, API usage, resource utilization, access patterns and other
measured indicators.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Anomaly Analysis
is_a: OcsfObject
slots:
- analysis_targets
- anomalies
- baselines
slot_usage:
analysis_targets:
name: analysis_targets
description: 'The analysis targets define the scope of monitored activities, specifying
what
entities, systems or processes are analyzed for activity patterns.'
required: true
anomalies:
name: anomalies
description: 'List of detected activities that significantly deviate from the
established
baselines. This can include unusual access patterns, unexpected user-agents,
abnormal API usage, suspicious traffic spikes, unauthorized access attempts,
and other activities that may indicate potential security threats or system
issues.'
required: true
baselines:
name: baselines
description: 'List of established patterns representing normal activity that serve
as
reference points for anomaly detection. This includes typical user interaction
patterns like common user-agents, expected API access frequencies and patterns,
standard resource utilization levels, and regular traffic flows. These
baselines help establish what constitutes ''normal'' activity in the system.'
recommended: true
Induced
name: AnomalyAnalysis
description: 'Describes the analysis of activity patterns and anomalies of target
entities to
identify potential security threats, performance issues, or other deviations
from established baselines. This includes monitoring and analyzing user
interactions, API usage, resource utilization, access patterns and other
measured indicators.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Anomaly Analysis
is_a: OcsfObject
slot_usage:
analysis_targets:
name: analysis_targets
description: 'The analysis targets define the scope of monitored activities, specifying
what
entities, systems or processes are analyzed for activity patterns.'
required: true
anomalies:
name: anomalies
description: 'List of detected activities that significantly deviate from the
established
baselines. This can include unusual access patterns, unexpected user-agents,
abnormal API usage, suspicious traffic spikes, unauthorized access attempts,
and other activities that may indicate potential security threats or system
issues.'
required: true
baselines:
name: baselines
description: 'List of established patterns representing normal activity that serve
as
reference points for anomaly detection. This includes typical user interaction
patterns like common user-agents, expected API access frequencies and patterns,
standard resource utilization levels, and regular traffic flows. These
baselines help establish what constitutes ''normal'' activity in the system.'
recommended: true
attributes:
analysis_targets:
name: analysis_targets
description: 'The analysis targets define the scope of monitored activities, specifying
what
entities, systems or processes are analyzed for activity patterns.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Analysis Targets
rank: 1000
alias: analysis_targets
owner: AnomalyAnalysis
domain_of:
- AnomalyAnalysis
range: AnalysisTarget
required: true
multivalued: true
anomalies:
name: anomalies
description: 'List of detected activities that significantly deviate from the
established
baselines. This can include unusual access patterns, unexpected user-agents,
abnormal API usage, suspicious traffic spikes, unauthorized access attempts,
and other activities that may indicate potential security threats or system
issues.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Anomalies
rank: 1000
alias: anomalies
owner: AnomalyAnalysis
domain_of:
- AnomalyAnalysis
range: Anomaly
required: true
multivalued: true
baselines:
name: baselines
description: 'List of established patterns representing normal activity that serve
as
reference points for anomaly detection. This includes typical user interaction
patterns like common user-agents, expected API access frequencies and patterns,
standard resource utilization levels, and regular traffic flows. These
baselines help establish what constitutes ''normal'' activity in the system.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Baselines
rank: 1000
alias: baselines
owner: AnomalyAnalysis
domain_of:
- AnomalyAnalysis
range: Baseline
recommended: true
multivalued: true