Class: Databucket
The databucket object is a basic container that holds data, typically organized
through the use of data partitions.
URI: ocsf:Databucket
classDiagram
class Databucket
click Databucket href "../Databucket/"
DataClassificationProfile <|-- Databucket
click DataClassificationProfile href "../DataClassificationProfile/"
CloudProfile <|-- Databucket
click CloudProfile href "../CloudProfile/"
Resource <|-- Databucket
click Resource href "../Resource/"
Databucket : agent_list
Databucket --> "*" Agent : agent_list
click Agent href "../Agent/"
Databucket : api
Databucket --> "0..1" Api : api
click Api href "../Api/"
Databucket : cloud
Databucket --> "1" Cloud : cloud
click Cloud href "../Cloud/"
Databucket : cloud_partition
Databucket : created_time
Databucket : criticality
Databucket : data
Databucket : data_classification
Databucket --> "0..1 _recommended_" DataClassification : data_classification
click DataClassification href "../DataClassification/"
Databucket : data_classifications
Databucket --> "* _recommended_" DataClassification : data_classifications
click DataClassification href "../DataClassification/"
Databucket : desc
Databucket : encryption_details
Databucket --> "0..1" EncryptionDetails : encryption_details
click EncryptionDetails href "../EncryptionDetails/"
Databucket : file
Databucket --> "0..1" File : file
click File href "../File/"
Databucket : group
Databucket --> "0..1" Group : group
click Group href "../Group/"
Databucket : groups
Databucket --> "*" Group : groups
click Group href "../Group/"
Databucket : hostname
Databucket : ip
Databucket : is_backed_up
Databucket : is_encrypted
Databucket : is_public
Databucket : labels
Databucket : modified_time
Databucket : name
Databucket : namespace
Databucket : owner
Databucket --> "0..1 _recommended_" User : owner
click User href "../User/"
Databucket : region
Databucket : resource_relationship
Databucket --> "0..1" Graph : resource_relationship
click Graph href "../Graph/"
Databucket : size
Databucket : tags
Databucket --> "*" KeyValueObject : tags
click KeyValueObject href "../KeyValueObject/"
Databucket : type
Databucket : type_id
Databucket --> "1" DatabucketTypeIdEnum : type_id
click DatabucketTypeIdEnum href "../DatabucketTypeIdEnum/"
Databucket : uid
Databucket : uid_alt
Databucket : version
Databucket : zone
Inheritance
- OcsfObject
- Object
- Entity
- Resource [ DataClassificationProfile]
- Databucket [ DataClassificationProfile CloudProfile]
- Resource [ DataClassificationProfile]
- Entity
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| agent_list | * Agent |
A list of agent objects associated with a device, endpoint, or |
direct |
| cloud_partition | 0..1 String |
The logical grouping or isolated segment within a cloud provider's | direct |
| created_time | 0..1 TimestampT |
The time when the databucket was known to have been created | direct |
| criticality | 0..1 String |
The criticality of the databucket as defined by the event source | direct |
| desc | 0..1 String |
The description of the databucket | direct |
| encryption_details | 0..1 EncryptionDetails |
The encryption details of the databucket | direct |
| file | 0..1 File |
Details about the file/object within a databucket | direct |
| group | 0..1 Group |
The name of the related resource group | direct |
| groups | * Group |
The group names to which the databucket belongs | direct |
| hostname | 0..1 recommended HostnameT |
The fully qualified hostname of the databucket | direct |
| ip | 0..1 recommended IpT |
The IP address of the resource, in either IPv4 or IPv6 format | direct |
| is_backed_up | 0..1 Boolean |
Indicates whether the device or resource has a backup enabled, such as an | direct |
| is_encrypted | 0..1 Boolean |
Indicates if the databucket is encrypted | direct |
| is_public | 0..1 recommended Boolean |
Indicates if the databucket is publicly accessible | direct |
| modified_time | 0..1 TimestampT |
The most recent time when any changes, updates, or modifications were made | direct |
| name | 0..1 recommended String |
The databucket name | direct |
| namespace | 0..1 String |
The namespace is useful when similar entities exist that you need to keep | direct |
| owner | 0..1 recommended User |
The identity of the service or user account that owns the databucket | direct |
| region | 0..1 String |
The cloud region of the databucket | direct |
| resource_relationship | 0..1 Graph |
A graph representation showing how this databucket relates to and interacts | direct |
| size | 0..1 Integer |
The size of the databucket in bytes | direct |
| type | 0..1 recommended String |
The databucket type | direct |
| type_id | 1 DatabucketTypeIdEnum |
The normalized identifier of the databucket type | direct |
| uid | 0..1 recommended String |
The unique identifier of the databucket | direct |
| version | 0..1 String |
The version of the resource | direct |
| zone | 0..1 String |
The specific availability zone within a cloud region where the databucket is | direct |
| data_classification | 0..1 recommended DataClassification |
The Data Classification object includes information about data classification | DataClassificationProfile |
| data_classifications | * recommended DataClassification |
A list of Data Classification objects, that include information about data | DataClassificationProfile |
| api | 0..1 Api |
Describes details about a typical API (Application Programming Interface) cal... | CloudProfile |
| cloud | 1 Cloud |
Describes details about the Cloud environment where the event or finding was | CloudProfile |
| data | 0..1 String |
Additional data describing the resource | Resource |
| labels | * String |
The list of labels associated to the resource | Resource |
| tags | * KeyValueObject |
The list of tags; {key:value} pairs associated to the resource |
Resource |
| uid_alt | 0..1 String |
The alternative unique identifier of the resource | Resource |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Evidences | databucket | range | Databucket |
| DatastoreActivity | databucket | range | Databucket |
| CloudResourcesInventoryInfo | databucket | range | Databucket |
| DataSecurityFinding | databucket | range | Databucket |
| WindowsEvidences | databucket | range | Databucket |
In Subsets
Aliases
- Databucket
See Also
Notes
- D3FEND™ Ontology d3f:CloudStorage. — https://d3fend.mitre.org/dao/artifact/d3f:CloudStorage/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Databucket |
| native | ocsf:Databucket |
LinkML Source
Direct
name: Databucket
description: 'The databucket object is a basic container that holds data, typically
organized
through the use of data partitions.'
notes:
- 'D3FEND™ Ontology d3f:CloudStorage. —
https://d3fend.mitre.org/dao/artifact/d3f:CloudStorage/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:CloudStorage/
aliases:
- Databucket
is_a: Resource
mixins:
- DataClassificationProfile
- CloudProfile
slots:
- agent_list
- cloud_partition
- created_time
- criticality
- desc
- encryption_details
- file
- group
- groups
- hostname
- ip
- is_backed_up
- is_encrypted
- is_public
- modified_time
- name
- namespace
- owner
- region
- resource_relationship
- size
- type
- type_id
- uid
- version
- zone
slot_usage:
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the databucket is located.'
created_time:
name: created_time
description: The time when the databucket was known to have been created.
criticality:
name: criticality
description: The criticality of the databucket as defined by the event source.
desc:
name: desc
description: The description of the databucket.
encryption_details:
name: encryption_details
description: 'The encryption details of the databucket. Should be populated if
the databucket
is encrypted.'
file:
name: file
description: Details about the file/object within a databucket.
group:
name: group
description: The name of the related resource group.
deprecated: Use the <code>groups</code> attribute instead.
groups:
name: groups
description: The group names to which the databucket belongs.
hostname:
name: hostname
description: The fully qualified hostname of the databucket.
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
recommended: true
is_encrypted:
name: is_encrypted
description: Indicates if the databucket is encrypted.
is_public:
name: is_public
description: Indicates if the databucket is publicly accessible.
recommended: true
modified_time:
name: modified_time
description: 'The most recent time when any changes, updates, or modifications
were made
within the databucket.'
name:
name: name
description: The databucket name.
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
owner:
name: owner
description: The identity of the service or user account that owns the databucket.
recommended: true
region:
name: region
description: The cloud region of the databucket.
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this databucket relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
size:
name: size
description: The size of the databucket in bytes.
type:
name: type
description: The databucket type.
recommended: true
type_id:
name: type_id
description: The normalized identifier of the databucket type.
range: DatabucketTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the databucket.
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
zone:
name: zone
description: 'The specific availability zone within a cloud region where the databucket
is
located.'
Induced
name: Databucket
description: 'The databucket object is a basic container that holds data, typically
organized
through the use of data partitions.'
notes:
- 'D3FEND™ Ontology d3f:CloudStorage. —
https://d3fend.mitre.org/dao/artifact/d3f:CloudStorage/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:CloudStorage/
aliases:
- Databucket
is_a: Resource
mixins:
- DataClassificationProfile
- CloudProfile
slot_usage:
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the databucket is located.'
created_time:
name: created_time
description: The time when the databucket was known to have been created.
criticality:
name: criticality
description: The criticality of the databucket as defined by the event source.
desc:
name: desc
description: The description of the databucket.
encryption_details:
name: encryption_details
description: 'The encryption details of the databucket. Should be populated if
the databucket
is encrypted.'
file:
name: file
description: Details about the file/object within a databucket.
group:
name: group
description: The name of the related resource group.
deprecated: Use the <code>groups</code> attribute instead.
groups:
name: groups
description: The group names to which the databucket belongs.
hostname:
name: hostname
description: The fully qualified hostname of the databucket.
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
recommended: true
is_encrypted:
name: is_encrypted
description: Indicates if the databucket is encrypted.
is_public:
name: is_public
description: Indicates if the databucket is publicly accessible.
recommended: true
modified_time:
name: modified_time
description: 'The most recent time when any changes, updates, or modifications
were made
within the databucket.'
name:
name: name
description: The databucket name.
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
owner:
name: owner
description: The identity of the service or user account that owns the databucket.
recommended: true
region:
name: region
description: The cloud region of the databucket.
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this databucket relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
size:
name: size
description: The size of the databucket in bytes.
type:
name: type
description: The databucket type.
recommended: true
type_id:
name: type_id
description: The normalized identifier of the databucket type.
range: DatabucketTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the databucket.
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
zone:
name: zone
description: 'The specific availability zone within a cloud region where the databucket
is
located.'
attributes:
agent_list:
name: agent_list
description: 'A list of <code>agent</code> objects associated with a device, endpoint,
or
resource.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Agent List
rank: 1000
alias: agent_list
owner: Databucket
domain_of:
- Databucket
- Endpoint
- ResourceDetails
range: Agent
multivalued: true
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the databucket is located.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud Partition
rank: 1000
alias: cloud_partition
owner: Databucket
domain_of:
- Cloud
- Databucket
- ResourceDetails
range: string
created_time:
name: created_time
description: The time when the databucket was known to have been created.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: Databucket
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
criticality:
name: criticality
description: The criticality of the databucket as defined by the event source.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Criticality
rank: 1000
alias: criticality
owner: Databucket
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: string
desc:
name: desc
description: The description of the databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Databucket
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
encryption_details:
name: encryption_details
description: 'The encryption details of the databucket. Should be populated if
the databucket
is encrypted.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Encryption Details
rank: 1000
alias: encryption_details
owner: Databucket
domain_of:
- AuthenticationToken
- Databucket
- File
range: EncryptionDetails
file:
name: file
description: Details about the file/object within a databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- File
rank: 1000
alias: file
owner: Databucket
domain_of:
- Osint
- QueryEvidence
- Script
- AffectedCode
- Databucket
- Evidences
- Job
- KernelDriver
- Module
- Process
- FileHosting
- FileQuery
- DataSecurityFinding
- EmailFileActivity
- FtpActivity
- HttpActivity
- NetworkFileActivity
- RdpActivity
- SmbActivity
- SshActivity
- FileRemediationActivity
- EventLogActvity
- FileActivity
range: File
group:
name: group
description: The name of the related resource group.
deprecated: Use the <code>groups</code> attribute instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Group
rank: 1000
alias: group
owner: Databucket
domain_of:
- QueryEvidence
- Api
- ApplicationObject
- Databucket
- ManagedEntity
- Policy
- ResourceDetails
- AdminGroupQuery
- AuthorizeSession
- GroupManagement
- LinuxUsersProfile
range: Group
groups:
name: groups
description: The group names to which the databucket belongs.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Groups
rank: 1000
alias: groups
owner: Databucket
domain_of:
- Database
- Databucket
- Table
- User
- Device
range: Group
multivalued: true
hostname:
name: hostname
description: The fully qualified hostname of the databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: Databucket
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- IP Address
rank: 1000
alias: ip
owner: Databucket
domain_of:
- Databucket
- Endpoint
- LoadBalancer
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: IpT
recommended: true
is_backed_up:
name: is_backed_up
description: 'Indicates whether the device or resource has a backup enabled, such
as an
automated snapshot or a cloud backup. For example, this is indicated by the
<code>cloudBackupEnabled</code> value within JAMF Pro mobile devices or the
registration of an AWS ARN with the AWS Backup service.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Back Ups Configured
rank: 1000
alias: is_backed_up
owner: Databucket
domain_of:
- Databucket
- ResourceDetails
- Device
range: boolean
is_encrypted:
name: is_encrypted
description: Indicates if the databucket is encrypted.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Encrypted
rank: 1000
alias: is_encrypted
owner: Databucket
domain_of:
- Databucket
- File
range: boolean
is_public:
name: is_public
description: Indicates if the databucket is publicly accessible.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Public
rank: 1000
alias: is_public
owner: Databucket
domain_of:
- Databucket
- File
range: boolean
recommended: true
modified_time:
name: modified_time
description: 'The most recent time when any changes, updates, or modifications
were made
within the databucket.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Modified Time
rank: 1000
alias: modified_time
owner: Databucket
domain_of:
- Osint
- RelatedEvent
- Scim
- Sso
- Token
- Resource
- Advisory
- Cve
- Database
- Databucket
- File
- FindingObject
- FindingInfo
- LdapPerson
- Metadata
- Table
- Device
- RegKey
- RegValue
range: TimestampT
name:
name: name
description: The databucket name.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Databucket
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Namespace
rank: 1000
alias: namespace
owner: Databucket
domain_of:
- Databucket
- NetworkInterface
- ResourceDetails
range: string
owner:
name: owner
description: The identity of the service or user account that owns the databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Owner
rank: 1000
alias: owner
owner: Databucket
domain_of:
- AffectedCode
- ApplicationObject
- Databucket
- Endpoint
- File
- ResourceDetails
range: User
recommended: true
region:
name: region
description: The cloud region of the databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Region
rank: 1000
alias: region
owner: Databucket
domain_of:
- ApplicationObject
- Cloud
- Databucket
- Location
- ResourceDetails
- Device
- CloudResourcesInventoryInfo
range: string
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this databucket relates to and
interacts
with other entities in the environment. This can include parent/child
relationships, dependencies, or other connections.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Resource Relationship
rank: 1000
alias: resource_relationship
owner: Databucket
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: Graph
size:
name: size
description: The size of the databucket in bytes.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Size
rank: 1000
alias: size
owner: Databucket
domain_of:
- Advisory
- Container
- DataClassification
- Database
- Databucket
- Email
- File
- KbArticle
- Table
- MalwareScanInfo
- MemoryActivity
range: integer
type:
name: type
description: The databucket type.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Databucket
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
recommended: true
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The normalized identifier of the databucket type.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: Databucket
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: DatabucketTypeIdEnum
required: true
uid:
name: uid
description: The unique identifier of the databucket.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Databucket
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Databucket
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string
zone:
name: zone
description: 'The specific availability zone within a cloud region where the databucket
is
located.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Zone
rank: 1000
alias: zone
owner: Databucket
domain_of:
- Token
- Cloud
- Databucket
- Endpoint
- ResourceDetails
range: string
data_classification:
name: data_classification
annotations:
group:
tag: group
value: context
description: 'The Data Classification object includes information about data classification
levels and data category types.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Classification
rank: 1000
alias: data_classification
owner: Databucket
domain_of:
- DataClassificationProfile
range: DataClassification
recommended: true
data_classifications:
name: data_classifications
annotations:
group:
tag: group
value: context
description: 'A list of Data Classification objects, that include information
about data
classification levels and data category types, identified by a classifier.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Classification
rank: 1000
alias: data_classifications
owner: Databucket
domain_of:
- DataClassificationProfile
range: DataClassification
recommended: true
multivalued: true
api:
name: api
annotations:
group:
tag: group
value: context
description: Describes details about a typical API (Application Programming Interface)
call.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- API Details
rank: 1000
alias: api
owner: Databucket
domain_of:
- Evidences
- CloudProfile
- ApiActivity
range: Api
cloud:
name: cloud
annotations:
group:
tag: group
value: primary
description: 'Describes details about the Cloud environment where the event or
finding was
created.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud
rank: 1000
alias: cloud
owner: Databucket
domain_of:
- CloudProfile
- CloudResourcesInventoryInfo
range: Cloud
required: true
data:
name: data
description: Additional data describing the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data
rank: 1000
alias: data
owner: Databucket
domain_of:
- Request
- Response
- TlsExtension
- Resource
- ApplicationObject
- Edge
- Enrichment
- Evidences
- ManagedEntity
- Node
- Policy
- QueryInfo
- WebResource
- RegValue
range: string
labels:
name: labels
description: The list of labels associated to the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Labels
rank: 1000
alias: labels
owner: Databucket
domain_of:
- Osint
- Resource
- Account
- ApplicationObject
- Container
- Image
- LdapPerson
- Metadata
- Service
range: string
multivalued: true
tags:
name: tags
description: The list of tags; <code>{key:value}</code> pairs associated to the
resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Tags
rank: 1000
alias: tags
owner: Databucket
domain_of:
- RelatedEvent
- Resource
- Account
- ApplicationObject
- Container
- File
- FindingInfo
- Image
- LdapPerson
- Metadata
- Service
range: KeyValueObject
multivalued: true
uid_alt:
name: uid_alt
description: The alternative unique identifier of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Alternate ID
rank: 1000
alias: uid_alt
owner: Databucket
domain_of:
- Scim
- Session
- Resource
- Agent
- Aircraft
- ApplicationObject
- FindingInfo
- Group
- UnmannedAerialSystem
- User
- Device
range: string