Class: Cloud
The Cloud object describes the cloud computing environment where an event or
finding originated. It provides comprehensive context about the cloud
infrastructure, including the cloud service provider, account or subscription
details, organizational structure, geographic regions, availability zones, and
logical partitions.
URI: ocsf:Cloud
classDiagram
class Cloud
click Cloud href "../Cloud/"
Object <|-- Cloud
click Object href "../Object/"
Cloud : account
Cloud --> "0..1" Account : account
click Account href "../Account/"
Cloud : cloud_partition
Cloud : org
Cloud --> "0..1" Organization : org
click Organization href "../Organization/"
Cloud : project_uid
Cloud : provider
Cloud : region
Cloud : zone
Inheritance
- OcsfObject
- Object
- Cloud
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| account | 0..1 Account |
The Account object containing details about the cloud account, subscription, ... | direct |
| cloud_partition | 0..1 String |
The logical grouping or isolated segment within a cloud provider's | direct |
| org | 0..1 Organization |
The Organization object containing details about the organizational unit or | direct |
| project_uid | 0..1 String |
The unique identifier of a Cloud project | direct |
| provider | 1 String |
The unique name of the Cloud services provider where the event or finding was | direct |
| region | 0..1 recommended String |
The cloud region where the event or finding was created, as defined by the | direct |
| zone | 0..1 String |
The availability zone in the cloud region where the event or finding was | direct |
Usages
In Subsets
Aliases
- Cloud
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Cloud |
| native | ocsf:Cloud |
LinkML Source
Direct
name: Cloud
description: 'The Cloud object describes the cloud computing environment where an
event or
finding originated. It provides comprehensive context about the cloud
infrastructure, including the cloud service provider, account or subscription
details, organizational structure, geographic regions, availability zones, and
logical partitions.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud
is_a: Object
slots:
- account
- cloud_partition
- org
- project_uid
- provider
- region
- zone
slot_usage:
account:
name: account
description: 'The Account object containing details about the cloud account, subscription,
or
billing unit where the event or finding was created. This object includes
properties such as the account name, unique identifier, type, labels, and
tags.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong> Account
object with <code>name</code>, <code>uid</code> (Account ID),
<code>type</code>, and other account properties</li><li><strong>Azure:</strong>
Subscription object with <code>name</code>, <code>uid</code> (Subscription ID),
<code>type</code>, and subscription metadata</li><li><strong>GCP:</strong>
Project object with <code>name</code>, <code>uid</code> (Project ID),
<code>type</code>, and project attributes</li><li><strong>Oracle
Cloud:</strong> Compartment object with <code>name</code>, <code>uid</code>
(Tenancy OCID), <code>type</code>, and compartment details</li></ul>'
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the event or finding was created, often used for
compliance, governance, or regional
separation.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Partition where the event occurred (<code>aws</code>, <code>aws-cn</code>,
<code>aws-us-gov</code>)</li><li><strong>Azure:</strong> Cloud environment
where the event occurred (<code>AzureCloud</code>,
<code>AzureUSGovernment</code>, <code>AzureChinaCloud</code>)</li></ul>'
org:
name: org
description: 'The Organization object containing details about the organizational
unit or
management structure that governs the account, subscription, or project where
the event or finding was created. This object includes properties such as the
organization name, unique identifier, type, and other organizational
metadata.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Organization object with <code>name</code>, <code>uid</code> (Organization ID),
<code>type</code>, and other organizational
properties</li><li><strong>Azure:</strong> Management Group object with
<code>name</code>, <code>uid</code> (Management Group ID), <code>type</code>,
and management group metadata</li><li><strong>GCP:</strong> Organization object
with <code>name</code>, <code>uid</code> (Organization ID), <code>type</code>,
and organizational attributes</li><li><strong>Oracle Cloud:</strong> Tenancy
object with <code>name</code>, <code>uid</code> (Tenancy OCID),
<code>type</code>, and tenancy details</li></ul>'
provider:
name: provider
description: 'The unique name of the Cloud services provider where the event or
finding was
created. Examples include AWS, Azure, GCP (Google Cloud Platform), Oracle
Cloud, IBM Cloud, Alibaba Cloud, or other public, private, or hybrid cloud
providers.'
required: true
region:
name: region
description: 'The cloud region where the event or finding was created, as defined
by the
cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Region where the event occurred (<code>us-east-1</code>,
<code>eu-west-1</code>)</li><li><strong>Azure:</strong> Region where the event
occurred (<code>East US</code>, <code>West
Europe</code>)</li><li><strong>GCP:</strong> Region where the event occurred
(<code>us-central1</code>, <code>europe-west1</code>)</li><li><strong>Oracle
Cloud:</strong> Region where the event occurred (<code>us-ashburn-1</code>,
<code>uk-london-1</code>)</li></ul>'
recommended: true
zone:
name: zone
description: 'The availability zone in the cloud region where the event or finding
was
created, as defined by the cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Availability zone where the event occurred (<code>us-east-1a</code>,
<code>us-east-1b</code>)</li><li><strong>Azure:</strong> Availability zone
where the event occurred (<code>1</code>, <code>2</code>, <code>3</code> within
a region)</li><li><strong>GCP:</strong> Availability zone where the event
occurred (<code>us-central1-a</code>,
<code>us-central1-b</code>)</li><li><strong>Oracle Cloud:</strong> Availability
zone where the event occurred (<code>AD-1</code>, <code>AD-2</code>,
<code>AD-3</code>)</li></ul>'
Induced
name: Cloud
description: 'The Cloud object describes the cloud computing environment where an
event or
finding originated. It provides comprehensive context about the cloud
infrastructure, including the cloud service provider, account or subscription
details, organizational structure, geographic regions, availability zones, and
logical partitions.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud
is_a: Object
slot_usage:
account:
name: account
description: 'The Account object containing details about the cloud account, subscription,
or
billing unit where the event or finding was created. This object includes
properties such as the account name, unique identifier, type, labels, and
tags.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong> Account
object with <code>name</code>, <code>uid</code> (Account ID),
<code>type</code>, and other account properties</li><li><strong>Azure:</strong>
Subscription object with <code>name</code>, <code>uid</code> (Subscription ID),
<code>type</code>, and subscription metadata</li><li><strong>GCP:</strong>
Project object with <code>name</code>, <code>uid</code> (Project ID),
<code>type</code>, and project attributes</li><li><strong>Oracle
Cloud:</strong> Compartment object with <code>name</code>, <code>uid</code>
(Tenancy OCID), <code>type</code>, and compartment details</li></ul>'
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the event or finding was created, often used for
compliance, governance, or regional
separation.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Partition where the event occurred (<code>aws</code>, <code>aws-cn</code>,
<code>aws-us-gov</code>)</li><li><strong>Azure:</strong> Cloud environment
where the event occurred (<code>AzureCloud</code>,
<code>AzureUSGovernment</code>, <code>AzureChinaCloud</code>)</li></ul>'
org:
name: org
description: 'The Organization object containing details about the organizational
unit or
management structure that governs the account, subscription, or project where
the event or finding was created. This object includes properties such as the
organization name, unique identifier, type, and other organizational
metadata.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Organization object with <code>name</code>, <code>uid</code> (Organization ID),
<code>type</code>, and other organizational
properties</li><li><strong>Azure:</strong> Management Group object with
<code>name</code>, <code>uid</code> (Management Group ID), <code>type</code>,
and management group metadata</li><li><strong>GCP:</strong> Organization object
with <code>name</code>, <code>uid</code> (Organization ID), <code>type</code>,
and organizational attributes</li><li><strong>Oracle Cloud:</strong> Tenancy
object with <code>name</code>, <code>uid</code> (Tenancy OCID),
<code>type</code>, and tenancy details</li></ul>'
provider:
name: provider
description: 'The unique name of the Cloud services provider where the event or
finding was
created. Examples include AWS, Azure, GCP (Google Cloud Platform), Oracle
Cloud, IBM Cloud, Alibaba Cloud, or other public, private, or hybrid cloud
providers.'
required: true
region:
name: region
description: 'The cloud region where the event or finding was created, as defined
by the
cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Region where the event occurred (<code>us-east-1</code>,
<code>eu-west-1</code>)</li><li><strong>Azure:</strong> Region where the event
occurred (<code>East US</code>, <code>West
Europe</code>)</li><li><strong>GCP:</strong> Region where the event occurred
(<code>us-central1</code>, <code>europe-west1</code>)</li><li><strong>Oracle
Cloud:</strong> Region where the event occurred (<code>us-ashburn-1</code>,
<code>uk-london-1</code>)</li></ul>'
recommended: true
zone:
name: zone
description: 'The availability zone in the cloud region where the event or finding
was
created, as defined by the cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Availability zone where the event occurred (<code>us-east-1a</code>,
<code>us-east-1b</code>)</li><li><strong>Azure:</strong> Availability zone
where the event occurred (<code>1</code>, <code>2</code>, <code>3</code> within
a region)</li><li><strong>GCP:</strong> Availability zone where the event
occurred (<code>us-central1-a</code>,
<code>us-central1-b</code>)</li><li><strong>Oracle Cloud:</strong> Availability
zone where the event occurred (<code>AD-1</code>, <code>AD-2</code>,
<code>AD-3</code>)</li></ul>'
attributes:
account:
name: account
description: 'The Account object containing details about the cloud account, subscription,
or
billing unit where the event or finding was created. This object includes
properties such as the account name, unique identifier, type, labels, and
tags.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong> Account
object with <code>name</code>, <code>uid</code> (Account ID),
<code>type</code>, and other account properties</li><li><strong>Azure:</strong>
Subscription object with <code>name</code>, <code>uid</code> (Subscription ID),
<code>type</code>, and subscription metadata</li><li><strong>GCP:</strong>
Project object with <code>name</code>, <code>uid</code> (Project ID),
<code>type</code>, and project attributes</li><li><strong>Oracle
Cloud:</strong> Compartment object with <code>name</code>, <code>uid</code>
(Tenancy OCID), <code>type</code>, and compartment details</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Account
rank: 1000
alias: account
owner: Cloud
domain_of:
- Cloud
- User
range: Account
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the event or finding was created, often used for
compliance, governance, or regional
separation.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Partition where the event occurred (<code>aws</code>, <code>aws-cn</code>,
<code>aws-us-gov</code>)</li><li><strong>Azure:</strong> Cloud environment
where the event occurred (<code>AzureCloud</code>,
<code>AzureUSGovernment</code>, <code>AzureChinaCloud</code>)</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud Partition
rank: 1000
alias: cloud_partition
owner: Cloud
domain_of:
- Cloud
- Databucket
- ResourceDetails
range: string
org:
name: org
description: 'The Organization object containing details about the organizational
unit or
management structure that governs the account, subscription, or project where
the event or finding was created. This object includes properties such as the
organization name, unique identifier, type, and other organizational
metadata.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Organization object with <code>name</code>, <code>uid</code> (Organization ID),
<code>type</code>, and other organizational
properties</li><li><strong>Azure:</strong> Management Group object with
<code>name</code>, <code>uid</code> (Management Group ID), <code>type</code>,
and management group metadata</li><li><strong>GCP:</strong> Organization object
with <code>name</code>, <code>uid</code> (Organization ID), <code>type</code>,
and organizational attributes</li><li><strong>Oracle Cloud:</strong> Tenancy
object with <code>name</code>, <code>uid</code> (Tenancy OCID),
<code>type</code>, and tenancy details</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Organization
rank: 1000
alias: org
owner: Cloud
domain_of:
- Cloud
- ManagedEntity
- Reporter
- User
- Device
range: Organization
project_uid:
name: project_uid
description: The unique identifier of a Cloud project.
deprecated: Use the <code>account.uid</code> attribute instead. (since 1.4.0)
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Project ID
rank: 1000
alias: project_uid
owner: Cloud
domain_of:
- Cloud
range: string
provider:
name: provider
description: 'The unique name of the Cloud services provider where the event or
finding was
created. Examples include AWS, Azure, GCP (Google Cloud Platform), Oracle
Cloud, IBM Cloud, Alibaba Cloud, or other public, private, or hybrid cloud
providers.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Provider
rank: 1000
alias: provider
owner: Cloud
domain_of:
- Reputation
- AuthFactor
- Cloud
- Enrichment
- Location
- Malware
- ResourceDetails
range: string
required: true
region:
name: region
description: 'The cloud region where the event or finding was created, as defined
by the
cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Region where the event occurred (<code>us-east-1</code>,
<code>eu-west-1</code>)</li><li><strong>Azure:</strong> Region where the event
occurred (<code>East US</code>, <code>West
Europe</code>)</li><li><strong>GCP:</strong> Region where the event occurred
(<code>us-central1</code>, <code>europe-west1</code>)</li><li><strong>Oracle
Cloud:</strong> Region where the event occurred (<code>us-ashburn-1</code>,
<code>uk-london-1</code>)</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Region
rank: 1000
alias: region
owner: Cloud
domain_of:
- ApplicationObject
- Cloud
- Databucket
- Location
- ResourceDetails
- Device
- CloudResourcesInventoryInfo
range: string
recommended: true
zone:
name: zone
description: 'The availability zone in the cloud region where the event or finding
was
created, as defined by the cloud
provider.<br/><br/><strong>Examples:</strong><ul><li><strong>AWS:</strong>
Availability zone where the event occurred (<code>us-east-1a</code>,
<code>us-east-1b</code>)</li><li><strong>Azure:</strong> Availability zone
where the event occurred (<code>1</code>, <code>2</code>, <code>3</code> within
a region)</li><li><strong>GCP:</strong> Availability zone where the event
occurred (<code>us-central1-a</code>,
<code>us-central1-b</code>)</li><li><strong>Oracle Cloud:</strong> Availability
zone where the event occurred (<code>AD-1</code>, <code>AD-2</code>,
<code>AD-3</code>)</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Zone
rank: 1000
alias: zone
owner: Cloud
domain_of:
- Token
- Cloud
- Databucket
- Endpoint
- ResourceDetails
range: string