Class: DataSecurity
The Data Security object describes the characteristics, techniques and content
of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data
Classification, or similar tools' finding, alert, or detection mechanism(s).
URI: ocsf:DataSecurity
classDiagram
class DataSecurity
click DataSecurity href "../DataSecurity/"
DataClassification <|-- DataSecurity
click DataClassification href "../DataClassification/"
DataSecurity : category
DataSecurity : category_id
DataSecurity --> "0..1 _recommended_" DataClassificationCategoryIdEnum : category_id
click DataClassificationCategoryIdEnum href "../DataClassificationCategoryIdEnum/"
DataSecurity : classifier_details
DataSecurity --> "0..1 _recommended_" ClassifierDetails : classifier_details
click ClassifierDetails href "../ClassifierDetails/"
DataSecurity : confidentiality
DataSecurity : confidentiality_id
DataSecurity --> "0..1 _recommended_" ConfidentialityIdEnum : confidentiality_id
click ConfidentialityIdEnum href "../ConfidentialityIdEnum/"
DataSecurity : data_lifecycle_state
DataSecurity : data_lifecycle_state_id
DataSecurity --> "0..1 _recommended_" DataLifecycleStateIdEnum : data_lifecycle_state_id
click DataLifecycleStateIdEnum href "../DataLifecycleStateIdEnum/"
DataSecurity : detection_pattern
DataSecurity : detection_system
DataSecurity : detection_system_id
DataSecurity --> "0..1 _recommended_" DetectionSystemIdEnum : detection_system_id
click DetectionSystemIdEnum href "../DetectionSystemIdEnum/"
DataSecurity : discovery_details
DataSecurity --> "*" DiscoveryDetails : discovery_details
click DiscoveryDetails href "../DiscoveryDetails/"
DataSecurity : pattern_match
DataSecurity : policy
DataSecurity --> "0..1 _recommended_" Policy : policy
click Policy href "../Policy/"
DataSecurity : size
DataSecurity : src_url
DataSecurity : status
DataSecurity : status_details
DataSecurity : status_id
DataSecurity --> "0..1 _recommended_" DataClassificationStatusIdEnum : status_id
click DataClassificationStatusIdEnum href "../DataClassificationStatusIdEnum/"
DataSecurity : total
DataSecurity : uid
Inheritance
- OcsfObject
- Object
- DataClassification
- DataSecurity
- DataClassification
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| data_lifecycle_state | 0..1 String |
The name of the stage or state that the data was in | direct |
| data_lifecycle_state_id | 0..1 recommended DataLifecycleStateIdEnum |
The stage or state that the data was in when it was assessed or scanned by a | direct |
| detection_pattern | 0..1 recommended String |
Specific pattern, algorithm, fingerprint, or model used for detection | direct |
| detection_system | 0..1 String |
The name of the type of data security tool or system that the finding, | direct |
| detection_system_id | 0..1 recommended DetectionSystemIdEnum |
The type of data security tool or system that the finding, detection, or aler... | direct |
| pattern_match | 0..1 String |
A text, binary, file name, or datastore that matched against a detection rule | direct |
| policy | 0..1 recommended Policy |
Details about the policy that triggered the finding | direct |
| category | 0..1 String |
The name of the data classification category that data matched into, e | DataClassification |
| category_id | 0..1 recommended DataClassificationCategoryIdEnum |
The normalized identifier of the data classification category | DataClassification |
| classifier_details | 0..1 recommended ClassifierDetails |
Describes details about the classifier used for data classification | DataClassification |
| confidentiality | 0..1 String |
The file content confidentiality, normalized to the confidentiality_id value | DataClassification |
| confidentiality_id | 0..1 recommended ConfidentialityIdEnum |
The normalized identifier of the file content confidentiality indicator | DataClassification |
| discovery_details | * DiscoveryDetails |
Details about the data discovered by classification job | DataClassification |
| size | 0..1 Integer |
Size of the data classified | DataClassification |
| src_url | 0..1 UrlT |
The source URL pointing towards the full classification job details | DataClassification |
| status | 0..1 recommended String |
The resultant status of the classification job normalized to the caption of t... | DataClassification |
| status_details | * String |
The contextual description of the status, status_id value |
DataClassification |
| status_id | 0..1 recommended DataClassificationStatusIdEnum |
The normalized status identifier of the classification job | DataClassification |
| total | 0..1 Integer |
The total count of discovered entities, by the classification job | DataClassification |
| uid | 0..1 String |
The unique identifier of the classification job | DataClassification |
Usages
| used by | used in | type | used |
|---|---|---|---|
| DataSecurityFinding | data_security | range | DataSecurity |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {'data_lifecycle_state_id': {'required': True}}}, {'slot_conditions': {'detection_pattern': {'required': True}}}, {'slot_conditions': {'detection_system_id': {'required': True}}}, {'slot_conditions': {'policy': {'required': True}}}] |
In Subsets
Aliases
- Data Security
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["data_lifecycle_state_id", "detection_pattern", |
| "detection_system_id", "policy"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:DataSecurity |
| native | ocsf:DataSecurity |
LinkML Source
Direct
name: DataSecurity
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["data_lifecycle_state_id", "detection_pattern",
"detection_system_id", "policy"]}'
description: 'The Data Security object describes the characteristics, techniques and
content
of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data
Classification, or similar tools'' finding, alert, or detection mechanism(s).'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Security
is_a: DataClassification
slots:
- data_lifecycle_state
- data_lifecycle_state_id
- detection_pattern
- detection_system
- detection_system_id
- pattern_match
- policy
slot_usage:
data_lifecycle_state_id:
name: data_lifecycle_state_id
recommended: true
detection_pattern:
name: detection_pattern
recommended: true
detection_system_id:
name: detection_system_id
recommended: true
policy:
name: policy
description: Details about the policy that triggered the finding.
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
data_lifecycle_state_id:
name: data_lifecycle_state_id
required: true
- slot_conditions:
detection_pattern:
name: detection_pattern
required: true
- slot_conditions:
detection_system_id:
name: detection_system_id
required: true
- slot_conditions:
policy:
name: policy
required: true
description: 'OCSF at_least_one: at least one of [''data_lifecycle_state_id'',
''detection_pattern'', ''detection_system_id'', ''policy''] must be set.'
Induced
name: DataSecurity
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["data_lifecycle_state_id", "detection_pattern",
"detection_system_id", "policy"]}'
description: 'The Data Security object describes the characteristics, techniques and
content
of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data
Classification, or similar tools'' finding, alert, or detection mechanism(s).'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Security
is_a: DataClassification
slot_usage:
data_lifecycle_state_id:
name: data_lifecycle_state_id
recommended: true
detection_pattern:
name: detection_pattern
recommended: true
detection_system_id:
name: detection_system_id
recommended: true
policy:
name: policy
description: Details about the policy that triggered the finding.
recommended: true
attributes:
data_lifecycle_state:
name: data_lifecycle_state
description: 'The name of the stage or state that the data was in. E.g., Data-at-Rest,
Data-in-Transit, etc.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Lifecycle State
rank: 1000
alias: data_lifecycle_state
owner: DataSecurity
domain_of:
- DataSecurity
range: string
data_lifecycle_state_id:
name: data_lifecycle_state_id
annotations:
sibling:
tag: sibling
value: data_lifecycle_state
description: 'The stage or state that the data was in when it was assessed or
scanned by a
data security tool.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Lifecycle State ID
rank: 1000
alias: data_lifecycle_state_id
owner: DataSecurity
domain_of:
- DataSecurity
range: DataLifecycleStateIdEnum
recommended: true
detection_pattern:
name: detection_pattern
description: Specific pattern, algorithm, fingerprint, or model used for detection.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Detection Pattern
rank: 1000
alias: detection_pattern
owner: DataSecurity
domain_of:
- Osint
- DataSecurity
range: string
recommended: true
detection_system:
name: detection_system
description: 'The name of the type of data security tool or system that the finding,
detection, or alert originated from. E.g., Endpoint, Secure Email Gateway, etc.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Detection System
rank: 1000
alias: detection_system
owner: DataSecurity
domain_of:
- DataSecurity
range: string
detection_system_id:
name: detection_system_id
annotations:
sibling:
tag: sibling
value: detection_system
description: 'The type of data security tool or system that the finding, detection,
or alert
originated from.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Detection System ID
rank: 1000
alias: detection_system_id
owner: DataSecurity
domain_of:
- DataSecurity
range: DetectionSystemIdEnum
recommended: true
pattern_match:
name: pattern_match
description: A text, binary, file name, or datastore that matched against a detection
rule.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Pattern Match
rank: 1000
alias: pattern_match
owner: DataSecurity
domain_of:
- DataSecurity
range: string
policy:
name: policy
description: Details about the policy that triggered the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Policy
rank: 1000
alias: policy
owner: DataSecurity
domain_of:
- PermissionAnalysisResult
- AdditionalRestriction
- Assessment
- Authorization
- DataClassification
- DataSecurity
- ManagedEntity
- SecurityControlProfile
- ScanActivity
- AccountChange
range: Policy
recommended: true
category:
name: category
description: 'The name of the data classification category that data matched into,
e.g.
Financial, Personal, Governmental, etc.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category
rank: 1000
alias: category
owner: DataSecurity
domain_of:
- Osint
- Vulnerability
- Analytic
- Assessment
- Compliance
- DataClassification
- Rule
- Trait
range: string
category_id:
name: category_id
annotations:
sibling:
tag: sibling
value: category
description: The normalized identifier of the data classification category.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category ID
rank: 1000
alias: category_id
owner: DataSecurity
domain_of:
- DataClassification
range: DataClassificationCategoryIdEnum
recommended: true
classifier_details:
name: classifier_details
description: Describes details about the classifier used for data classification.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Classifier Details
rank: 1000
alias: classifier_details
owner: DataSecurity
domain_of:
- DataClassification
range: ClassifierDetails
recommended: true
confidentiality:
name: confidentiality
description: 'The file content confidentiality, normalized to the confidentiality_id
value.
In the case of ''Other'', it is defined by the event source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Confidentiality
rank: 1000
alias: confidentiality
owner: DataSecurity
domain_of:
- DataClassification
- File
range: string
confidentiality_id:
name: confidentiality_id
annotations:
sibling:
tag: sibling
value: confidentiality
description: The normalized identifier of the file content confidentiality indicator.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Confidentiality ID
rank: 1000
alias: confidentiality_id
owner: DataSecurity
domain_of:
- DataClassification
- File
range: ConfidentialityIdEnum
recommended: true
discovery_details:
name: discovery_details
description: Details about the data discovered by classification job.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Discovery Details
rank: 1000
alias: discovery_details
owner: DataSecurity
domain_of:
- DataClassification
range: DiscoveryDetails
multivalued: true
size:
name: size
description: Size of the data classified.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Size
rank: 1000
alias: size
owner: DataSecurity
domain_of:
- Advisory
- Container
- DataClassification
- Database
- Databucket
- Email
- File
- KbArticle
- Table
- MalwareScanInfo
- MemoryActivity
range: integer
src_url:
name: src_url
description: The source URL pointing towards the full classification job details.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: DataSecurity
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
status:
name: status
description: 'The resultant status of the classification job normalized to the
caption of the
<code>status_id</code> value. In the case of ''Other'', it is defined by the
event source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status
rank: 1000
alias: status
owner: DataSecurity
domain_of:
- RelatedEvent
- Ticket
- Whois
- AdditionalRestriction
- Check
- Compliance
- DataClassification
- HttpResponse
- BaseEvent
- Finding
- IncidentFinding
- DroneFlightsActivity
range: string
recommended: true
status_details:
name: status_details
description: The contextual description of the <code>status, status_id</code>
value.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status Details
rank: 1000
alias: status_details
owner: DataSecurity
domain_of:
- Ticket
- Compliance
- DataClassification
range: string
multivalued: true
status_id:
name: status_id
annotations:
sibling:
tag: sibling
value: status
description: The normalized status identifier of the classification job.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Status ID
rank: 1000
alias: status_id
owner: DataSecurity
domain_of:
- Ticket
- AdditionalRestriction
- Check
- Compliance
- DataClassification
- BaseEvent
- Finding
- IncidentFinding
- RemediationActivity
- DroneFlightsActivity
range: DataClassificationStatusIdEnum
recommended: true
total:
name: total
description: The total count of discovered entities, by the classification job.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Total
rank: 1000
alias: total
owner: DataSecurity
domain_of:
- DataClassification
- ScanActivity
range: integer
uid:
name: uid
description: The unique identifier of the classification job.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: DataSecurity
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
rules:
- postconditions:
any_of:
- slot_conditions:
data_lifecycle_state_id:
name: data_lifecycle_state_id
required: true
- slot_conditions:
detection_pattern:
name: detection_pattern
required: true
- slot_conditions:
detection_system_id:
name: detection_system_id
required: true
- slot_conditions:
policy:
name: policy
required: true
description: 'OCSF at_least_one: at least one of [''data_lifecycle_state_id'',
''detection_pattern'', ''detection_system_id'', ''policy''] must be set.'