Enum: DetectionSystemIdEnum
The type of data security tool or system that the finding, detection, or alert
originated from.
URI: ocsf:DetectionSystemIdEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| UNKNOWN | None | The type is not mapped |
| ENDPOINT | None | A dedicated agent or sensor installed on a device, either a dedicated data |
| DLP_GATEWAY | None | A Data Loss Prevention (DLP) gateway that is positioned in-line of an |
| MOBILE_DEVICE_MANAGEMENT | None | A Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) tool |
| DATA_DISCOVERY_CLASSIFICATION | None | A tool that actively identifies and classifies sensitive data in digital medi... |
| SECURE_WEB_GATEWAY | None | A Secure Web Gateway (SWG) is any tool that can detect sensitive data and/or |
| SECURE_EMAIL_GATEWAY | None | A Secure Email Gateway (SEG) is any tool that can detect sensitive data and/o... |
| DIGITAL_RIGHTS_MANAGEMENT | None | A Digital Rights Management (DRM) or a dedicated Information Rights Managemen... |
| CLOUD_ACCESS_SECURITY_BROKER | None | A Cloud Access Security Broker (CASB) that can detect sensitive data and/or |
| DATABASE_ACTIVITY_MONITORING | None | A Database Activity Monitoring (DAM) tool that can detect sensitive data and/... |
| APPLICATION_LEVEL_DLP | None | A built in Data Loss Prevention (DLP) or other data security capability withi... |
| DEVELOPER_SECURITY | None | Any Developer Security tool such as an Infrastructure-as-Code (IAC) security |
| DATA_SECURITY_POSTURE_MANAGEMENT | None | A Data Security Posture Management (DSPM) tool is a continuous monitoring and |
| OTHER | None | Any other type of detection system or a multi-variate system made up of sever... |
Slots
| Name | Description |
|---|---|
| detection_system_id | The type of data security tool or system that the finding, detection, or aler... |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: DetectionSystemIdEnum
description: 'The type of data security tool or system that the finding, detection,
or alert
originated from.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: 'The type is not mapped. See the <code>detection_system</code> attribute,
which
contains a data source specific value.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
ENDPOINT:
text: ENDPOINT
description: 'A dedicated agent or sensor installed on a device, either a dedicated
data
security tool or an Endpoint Detection & Response (EDR) tool that can detect
sensitive data and/or enforce data security policies. E.g., Forcepoint DLP,
Symantec DLP, Microsoft Defender for Endpoint (MDE).'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Endpoint
DLP_GATEWAY:
text: DLP_GATEWAY
description: 'A Data Loss Prevention (DLP) gateway that is positioned in-line
of an
information store such as a network share, a database, or otherwise that can
detect sensitive data and/or enforce data security policies.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: DLP Gateway
MOBILE_DEVICE_MANAGEMENT:
text: MOBILE_DEVICE_MANAGEMENT
description: 'A Mobile Device Management (MDM) or Enterprise Mobility Management
(EMM) tool
that can detect sensitive data and/or enforce data security policies on mobile
devices (e.g., cellphones, tablets, End User Devices [EUDs]).'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Mobile Device Management
DATA_DISCOVERY_CLASSIFICATION:
text: DATA_DISCOVERY_CLASSIFICATION
description: 'A tool that actively identifies and classifies sensitive data in
digital media
and information stores in accordance with a policy or automated functionality.
E.g, Amazon Macie, Microsoft Purview.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Data Discovery & Classification
SECURE_WEB_GATEWAY:
text: SECURE_WEB_GATEWAY
description: 'A Secure Web Gateway (SWG) is any tool that can detect sensitive
data and/or
enforce data security policies at a network-edge such as within a proxy or
firewall service.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Secure Web Gateway
SECURE_EMAIL_GATEWAY:
text: SECURE_EMAIL_GATEWAY
description: 'A Secure Email Gateway (SEG) is any tool that can detect sensitive
data and/or
enforce data security policies within email systems. E.g., Microsoft Defender
for Office, Google Workspaces.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Secure Email Gateway
DIGITAL_RIGHTS_MANAGEMENT:
text: DIGITAL_RIGHTS_MANAGEMENT
description: 'A Digital Rights Management (DRM) or a dedicated Information Rights
Management
(IRM) are tools which can detect sensitive data and/or enforce data security
policies on digital media via policy or user access rights.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Digital Rights Management
CLOUD_ACCESS_SECURITY_BROKER:
text: CLOUD_ACCESS_SECURITY_BROKER
description: 'A Cloud Access Security Broker (CASB) that can detect sensitive
data and/or
enforce data security policies in-line to cloud systems such as the public
cloud or Software-as-a-Service (SaaS) tool. E.g., Forcepoint CASB, SkyHigh
Security.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '8'
caption:
tag: caption
value: Cloud Access Security Broker
DATABASE_ACTIVITY_MONITORING:
text: DATABASE_ACTIVITY_MONITORING
description: 'A Database Activity Monitoring (DAM) tool that can detect sensitive
data and/or
enforce data security policies as part of a dedicated database or warehouse
monitoring solution.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '9'
caption:
tag: caption
value: Database Activity Monitoring
APPLICATION_LEVEL_DLP:
text: APPLICATION_LEVEL_DLP
description: 'A built in Data Loss Prevention (DLP) or other data security capability
within
a tool or platform such as an Enterprise Resource Planning (ERP) or Customer
Relations Management (CRM) tool that can detect sensitive data and/or enforce
data security policies.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '10'
caption:
tag: caption
value: Application-Level DLP
DEVELOPER_SECURITY:
text: DEVELOPER_SECURITY
description: 'Any Developer Security tool such as an Infrastructure-as-Code (IAC)
security
scanner, Secrets Detection, or Secure Software Development Lifecycle (SSDLC)
tool that can detect sensitive data and/or enforce data security policies.
E.g., TruffleHog, GitGuardian, Git-Secrets.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '11'
caption:
tag: caption
value: Developer Security
DATA_SECURITY_POSTURE_MANAGEMENT:
text: DATA_SECURITY_POSTURE_MANAGEMENT
description: 'A Data Security Posture Management (DSPM) tool is a continuous monitoring
and
data discovery solution that can detect sensitive data and/or enforce data
security policies for local and cloud environments. E.g., Cyera, Sentra, IBM
Polar Security.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '12'
caption:
tag: caption
value: Data Security Posture Management
OTHER:
text: OTHER
description: 'Any other type of detection system or a multi-variate system made
up of several
other systems.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other