Class: ApplicationObject
An Application describes the details for an inventoried application as reported
by an Application Security tool or other Developer-centric tooling.
Applications can be defined as Kubernetes resources, Containerized resources,
or application hosting-specific cloud sources such as AWS Elastic BeanStalk,
AWS Lightsail, or Azure Logic Apps.
classDiagram
class ApplicationObject
click ApplicationObject href "../ApplicationObject/"
Object <|-- ApplicationObject
click Object href "../Object/"
ApplicationObject : criticality
ApplicationObject : data
ApplicationObject : desc
ApplicationObject : group
ApplicationObject --> "0..1" Group : group
click Group href "../Group/"
ApplicationObject : hostname
ApplicationObject : labels
ApplicationObject : name
ApplicationObject : owner
ApplicationObject --> "0..1 _recommended_" User : owner
click User href "../User/"
ApplicationObject : region
ApplicationObject : resource_relationship
ApplicationObject --> "0..1" Graph : resource_relationship
click Graph href "../Graph/"
ApplicationObject : risk_level
ApplicationObject : risk_level_id
ApplicationObject --> "0..1" RiskLevelIdEnum : risk_level_id
click RiskLevelIdEnum href "../RiskLevelIdEnum/"
ApplicationObject : risk_score
ApplicationObject : sbom
ApplicationObject --> "0..1" Sbom : sbom
click Sbom href "../Sbom/"
ApplicationObject : tags
ApplicationObject --> "*" KeyValueObject : tags
click KeyValueObject href "../KeyValueObject/"
ApplicationObject : type
ApplicationObject : uid
ApplicationObject : uid_alt
ApplicationObject : url
ApplicationObject --> "0..1" Url : url
click Url href "../Url/"
ApplicationObject : version
Inheritance
- OcsfObject
- Object
- ApplicationObject
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| criticality | 0..1 String |
The criticality of the application as defined by the event source | direct |
| data | 0..1 String |
Additional data describing the application | direct |
| desc | 0..1 String |
A description or commentary for an application, usually retrieved from an | direct |
| group | 0..1 Group |
The name of the related application or associated resource group | direct |
| hostname | 0..1 HostnameT |
The fully qualified name of the application | direct |
| labels | * String |
The list of labels associated to the application | direct |
| name | 0..1 recommended String |
The name of the application | direct |
| owner | 0..1 recommended User |
The identity of the service or user account that owns the application | direct |
| region | 0..1 String |
The cloud region of the resource | direct |
| resource_relationship | 0..1 Graph |
A graph representation showing how this application relates to and interacts | direct |
| risk_level | 0..1 String |
The risk level, normalized to the caption of the risk_level_id value | direct |
| risk_level_id | 0..1 RiskLevelIdEnum |
The normalized risk level id | direct |
| risk_score | 0..1 Integer |
The risk score as reported by the event source | direct |
| sbom | 0..1 Sbom |
The Software Bill of Materials (SBOM) associated with the application | direct |
| tags | * KeyValueObject |
The list of tags; {key:value} pairs associated to the applicatio... |
direct |
| type | 0..1 String |
The type of application as defined by the event source, e | direct |
| uid | 0..1 recommended String |
The unique identifier for the application | direct |
| uid_alt | 0..1 String |
An alternative or contextual identifier for the application, such as a | direct |
| url | 0..1 Url |
The URL of the application | direct |
| version | 0..1 String |
The semantic version of the application, e | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| MessageContext | application | range | ApplicationObject |
| ApplicationSecurityPostureFinding | application | range | ApplicationObject |
| IamAnalysisFinding | applications | range | ApplicationObject |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {'uid': {'required': True}}}, {'slot_conditions': {}}] |
In Subsets
Aliases
- Application
See Also
Notes
- D3FEND™ Ontology d3f:Application. — https://d3fend.mitre.org/dao/artifact/d3f:Application/
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["uid", "name"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:ApplicationObject |
| native | ocsf:ApplicationObject |
| exact | uco_master:Application |
LinkML Source
Direct
name: ApplicationObject
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["uid", "name"]}'
description: 'An Application describes the details for an inventoried application
as reported
by an Application Security tool or other Developer-centric tooling.
Applications can be defined as Kubernetes resources, Containerized resources,
or application hosting-specific cloud sources such as AWS Elastic BeanStalk,
AWS Lightsail, or Azure Logic Apps.'
notes:
- 'D3FEND™ Ontology d3f:Application. —
https://d3fend.mitre.org/dao/artifact/d3f:Application/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:Application/
aliases:
- Application
exact_mappings:
- uco_master:Application
is_a: Object
slots:
- criticality
- data
- desc
- group
- hostname
- labels
- name
- owner
- region
- resource_relationship
- risk_level
- risk_level_id
- risk_score
- sbom
- tags
- type
- uid
- uid_alt
- url
- version
slot_usage:
criticality:
name: criticality
description: The criticality of the application as defined by the event source.
data:
name: data
description: Additional data describing the application.
desc:
name: desc
description: 'A description or commentary for an application, usually retrieved
from an
upstream system.'
group:
name: group
description: The name of the related application or associated resource group.
hostname:
name: hostname
description: The fully qualified name of the application.
labels:
name: labels
description: The list of labels associated to the application.
name:
name: name
description: The name of the application.
recommended: true
owner:
name: owner
description: The identity of the service or user account that owns the application.
recommended: true
region:
name: region
description: The cloud region of the resource.
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this application relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
sbom:
name: sbom
description: The Software Bill of Materials (SBOM) associated with the application
tags:
name: tags
description: The list of tags; <code>{key:value}</code> pairs associated to the
application.
type:
name: type
description: 'The type of application as defined by the event source, e.g.,
<code>GitHub</code>, <code>Azure Logic App</code>, or <code>Amazon Elastic
BeanStalk</code>.'
uid:
name: uid
description: The unique identifier for the application.
recommended: true
uid_alt:
name: uid_alt
description: 'An alternative or contextual identifier for the application, such
as a
configuration, organization, or license UID.'
url:
name: url
description: The URL of the application.
version:
name: version
description: The semantic version of the application, e.g., <code>1.7.4</code>.
rules:
- postconditions:
any_of:
- slot_conditions:
uid:
name: uid
required: true
- slot_conditions:
name:
name: name
required: true
description: 'OCSF at_least_one: at least one of [''uid'', ''name''] must be set.'
Induced
name: ApplicationObject
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["uid", "name"]}'
description: 'An Application describes the details for an inventoried application
as reported
by an Application Security tool or other Developer-centric tooling.
Applications can be defined as Kubernetes resources, Containerized resources,
or application hosting-specific cloud sources such as AWS Elastic BeanStalk,
AWS Lightsail, or Azure Logic Apps.'
notes:
- 'D3FEND™ Ontology d3f:Application. —
https://d3fend.mitre.org/dao/artifact/d3f:Application/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:Application/
aliases:
- Application
exact_mappings:
- uco_master:Application
is_a: Object
slot_usage:
criticality:
name: criticality
description: The criticality of the application as defined by the event source.
data:
name: data
description: Additional data describing the application.
desc:
name: desc
description: 'A description or commentary for an application, usually retrieved
from an
upstream system.'
group:
name: group
description: The name of the related application or associated resource group.
hostname:
name: hostname
description: The fully qualified name of the application.
labels:
name: labels
description: The list of labels associated to the application.
name:
name: name
description: The name of the application.
recommended: true
owner:
name: owner
description: The identity of the service or user account that owns the application.
recommended: true
region:
name: region
description: The cloud region of the resource.
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this application relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
sbom:
name: sbom
description: The Software Bill of Materials (SBOM) associated with the application
tags:
name: tags
description: The list of tags; <code>{key:value}</code> pairs associated to the
application.
type:
name: type
description: 'The type of application as defined by the event source, e.g.,
<code>GitHub</code>, <code>Azure Logic App</code>, or <code>Amazon Elastic
BeanStalk</code>.'
uid:
name: uid
description: The unique identifier for the application.
recommended: true
uid_alt:
name: uid_alt
description: 'An alternative or contextual identifier for the application, such
as a
configuration, organization, or license UID.'
url:
name: url
description: The URL of the application.
version:
name: version
description: The semantic version of the application, e.g., <code>1.7.4</code>.
attributes:
criticality:
name: criticality
description: The criticality of the application as defined by the event source.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Criticality
rank: 1000
alias: criticality
owner: ApplicationObject
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: string
data:
name: data
description: Additional data describing the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data
rank: 1000
alias: data
owner: ApplicationObject
domain_of:
- Request
- Response
- TlsExtension
- Resource
- ApplicationObject
- Edge
- Enrichment
- Evidences
- ManagedEntity
- Node
- Policy
- QueryInfo
- WebResource
- RegValue
range: string
desc:
name: desc
description: 'A description or commentary for an application, usually retrieved
from an
upstream system.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: ApplicationObject
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
group:
name: group
description: The name of the related application or associated resource group.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Group
rank: 1000
alias: group
owner: ApplicationObject
domain_of:
- QueryEvidence
- Api
- ApplicationObject
- Databucket
- ManagedEntity
- Policy
- ResourceDetails
- AdminGroupQuery
- AuthorizeSession
- GroupManagement
- LinuxUsersProfile
range: Group
hostname:
name: hostname
description: The fully qualified name of the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: ApplicationObject
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
labels:
name: labels
description: The list of labels associated to the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Labels
rank: 1000
alias: labels
owner: ApplicationObject
domain_of:
- Osint
- Resource
- Account
- ApplicationObject
- Container
- Image
- LdapPerson
- Metadata
- Service
range: string
multivalued: true
name:
name: name
description: The name of the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: ApplicationObject
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
owner:
name: owner
description: The identity of the service or user account that owns the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Owner
rank: 1000
alias: owner
owner: ApplicationObject
domain_of:
- AffectedCode
- ApplicationObject
- Databucket
- Endpoint
- File
- ResourceDetails
range: User
recommended: true
region:
name: region
description: The cloud region of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Region
rank: 1000
alias: region
owner: ApplicationObject
domain_of:
- ApplicationObject
- Cloud
- Databucket
- Location
- ResourceDetails
- Device
- CloudResourcesInventoryInfo
range: string
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this application relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Resource Relationship
rank: 1000
alias: resource_relationship
owner: ApplicationObject
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: Graph
risk_level:
name: risk_level
description: The risk level, normalized to the caption of the risk_level_id value.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Risk Level
rank: 1000
alias: risk_level
owner: ApplicationObject
domain_of:
- ApplicationObject
- User
- Device
- SecurityControlProfile
- DataSecurityFinding
- DetectionFinding
- SecurityFinding
range: string
risk_level_id:
name: risk_level_id
annotations:
sibling:
tag: sibling
value: risk_level
suppress_checks:
tag: suppress_checks
value: enum_convention
description: The normalized risk level id.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Risk Level ID
rank: 1000
alias: risk_level_id
owner: ApplicationObject
domain_of:
- ApplicationObject
- User
- Device
- SecurityControlProfile
- DataSecurityFinding
- DetectionFinding
- SecurityFinding
range: RiskLevelIdEnum
risk_score:
name: risk_score
description: The risk score as reported by the event source.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Risk Score
rank: 1000
alias: risk_score
owner: ApplicationObject
domain_of:
- Osint
- ApplicationObject
- User
- Device
- SecurityControlProfile
- DataSecurityFinding
- DetectionFinding
- SecurityFinding
range: integer
sbom:
name: sbom
description: The Software Bill of Materials (SBOM) associated with the application
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Software Bill Of Materials
rank: 1000
alias: sbom
owner: ApplicationObject
domain_of:
- ApplicationObject
- SoftwareInfo
range: Sbom
tags:
name: tags
description: The list of tags; <code>{key:value}</code> pairs associated to the
application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Tags
rank: 1000
alias: tags
owner: ApplicationObject
domain_of:
- RelatedEvent
- Resource
- Account
- ApplicationObject
- Container
- File
- FindingInfo
- Image
- LdapPerson
- Metadata
- Service
range: KeyValueObject
multivalued: true
type:
name: type
description: 'The type of application as defined by the event source, e.g.,
<code>GitHub</code>, <code>Azure Logic App</code>, or <code>Amazon Elastic
BeanStalk</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: ApplicationObject
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
uid:
name: uid
description: The unique identifier for the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: ApplicationObject
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
uid_alt:
name: uid_alt
description: 'An alternative or contextual identifier for the application, such
as a
configuration, organization, or license UID.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Alternate ID
rank: 1000
alias: uid_alt
owner: ApplicationObject
domain_of:
- Scim
- Session
- Resource
- Agent
- Aircraft
- ApplicationObject
- FindingInfo
- Group
- UnmannedAerialSystem
- User
- Device
range: string
url:
name: url
description: The URL of the application.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- URL
rank: 1000
alias: url
owner: ApplicationObject
domain_of:
- ApplicationObject
- Evidences
- File
- HttpRequest
- EmailUrlActivity
- NetworkActivity
range: Url
version:
name: version
description: The semantic version of the application, e.g., <code>1.7.4</code>.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: ApplicationObject
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string
rules:
- postconditions:
any_of:
- slot_conditions:
uid:
name: uid
required: true
- slot_conditions:
name:
name: name
required: true
description: 'OCSF at_least_one: at least one of [''uid'', ''name''] must be set.'