Skip to content

Enum: CategoryUidEnum

The normalized OCSF event category (see categories.json).

URI: ocsf:CategoryUidEnum

Permissible Values

Value Meaning Description
APPLICATION_ACTIVITY None Application Activity events report detailed information about the behavior of
DISCOVERY None Discovery events report the existence and state of devices, files,
FINDINGS None Findings events report findings, detections, and possible resolutions of
IDENTITY_ACCESS_MANAGEMENT None Identity & Access Management (IAM) events relate to the supervision of the
NETWORK_ACTIVITY None Network Activity events
REMEDIATION None Remediation events report the results of remediation commands targeting files...
SYSTEM_ACTIVITY None System Activity events
UNMANNED_SYSTEMS None Unmanned Systems events report the activity, existence, and/or state of

Identifier and Mapping Information

Schema Source

LinkML Source

name: CategoryUidEnum
description: The normalized OCSF event category (see categories.json).
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  APPLICATION_ACTIVITY:
    text: APPLICATION_ACTIVITY
    description: 'Application Activity events report detailed information about the
      behavior of

      applications and services.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 6
      category:
        tag: category
        value: application
  DISCOVERY:
    text: DISCOVERY
    description: 'Discovery events report the existence and state of devices, files,

      configurations, processes, registry keys, and other objects.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 5
      category:
        tag: category
        value: discovery
  FINDINGS:
    text: FINDINGS
    description: 'Findings events report findings, detections, and possible resolutions
      of

      malware, anomalies, or other actions performed by security products.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 2
      category:
        tag: category
        value: findings
  IDENTITY_ACCESS_MANAGEMENT:
    text: IDENTITY_ACCESS_MANAGEMENT
    description: 'Identity & Access Management (IAM) events relate to the supervision
      of the

      system''s authentication and access control model. Examples of such events are

      the success or failure of authentication, granting of authority, password

      change, entity change, privileged use etc.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 3
      category:
        tag: category
        value: iam
  NETWORK_ACTIVITY:
    text: NETWORK_ACTIVITY
    description: Network Activity events.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 4
      category:
        tag: category
        value: network
  REMEDIATION:
    text: REMEDIATION
    description: 'Remediation events report the results of remediation commands targeting
      files,

      processes, and other objects.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 7
      category:
        tag: category
        value: remediation
  SYSTEM_ACTIVITY:
    text: SYSTEM_ACTIVITY
    description: System Activity events.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 1
      category:
        tag: category
        value: system
  UNMANNED_SYSTEMS:
    text: UNMANNED_SYSTEMS
    description: 'Unmanned Systems events report the activity, existence, and/or state
      of

      unmanned systems for tracking, mission planning, and other related activities.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: 8
      category:
        tag: category
        value: unmanned_systems