Skip to content

Enum: DetectionPatternTypeIdEnum

Specifies the type of detection pattern used to identify the associated threat

indicator.

URI: ocsf:DetectionPatternTypeIdEnum

Permissible Values

Value Meaning Description
UNKNOWN None The type is not mapped
STIX None STIX
PCRE None PCRE
SIGMA None SIGMA
SNORT None Snort
SURICATA None Suricata
YARA None YARA
OTHER None The detection pattern type is not mapped

Slots

Name Description
detection_pattern_type_id Specifies the type of detection pattern used to identify the associated threa...

Identifier and Mapping Information

Schema Source

LinkML Source

name: DetectionPatternTypeIdEnum
description: 'Specifies the type of detection pattern used to identify the associated
  threat

  indicator.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  UNKNOWN:
    text: UNKNOWN
    description: The type is not mapped.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  STIX:
    text: STIX
    description: STIX
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: STIX
  PCRE:
    text: PCRE
    description: PCRE
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: PCRE
  SIGMA:
    text: SIGMA
    description: SIGMA
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: SIGMA
  SNORT:
    text: SNORT
    description: Snort
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Snort
  SURICATA:
    text: SURICATA
    description: Suricata
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: Suricata
  YARA:
    text: YARA
    description: YARA
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '6'
      caption:
        tag: caption
        value: YARA
  OTHER:
    text: OTHER
    description: 'The detection pattern type is not mapped. See the

      <code>detection_pattern_type</code> attribute, which contains a data source

      specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other