Enum: DispositionIdEnum
Describes the outcome or action taken by a security control, such as access
control checks, malware detections or various types of policy violations.
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| UNKNOWN | None | The disposition is unknown |
| ALLOWED | None | Granted access or allowed the action to the protected resource |
| BLOCKED | None | Denied access or blocked the action to the protected resource |
| QUARANTINED | None | A suspicious file or other content was moved to a benign location |
| ISOLATED | None | A session was isolated on the network or within a browser |
| DELETED | None | A file or other content was deleted |
| DROPPED | None | The request was detected as a threat and resulted in the connection being |
| CUSTOM_ACTION | None | A custom action was executed such as running of a command script |
| APPROVED | None | A request or submission was approved |
| RESTORED | None | A quarantined file or other content was restored to its original location |
| EXONERATED | None | A suspicious or risky entity was deemed to no longer be suspicious (re-scored... |
| CORRECTED | None | A corrupt file or configuration was corrected |
| PARTIALLY_CORRECTED | None | A corrupt file or configuration was partially corrected |
| UNCORRECTED | None | A corrupt file or configuration was not corrected |
| DELAYED | None | An operation was delayed, for example if a restart was required to finish the |
| DETECTED | None | Suspicious activity or a policy violation was detected without further action |
| NO_ACTION | None | The outcome of an operation had no action taken |
| LOGGED | None | The operation or action was logged without further action |
| TAGGED | None | A file or other entity was marked with extended attributes |
| ALERT | None | The request or activity was detected as a threat and resulted in a notificati... |
| COUNT | None | Counted the request or activity but did not determine whether to allow it or |
| RESET | None | The request was detected as a threat and resulted in the connection being |
| CAPTCHA | None | Required the end user to solve a CAPTCHA puzzle to prove that a human being i... |
| CHALLENGE | None | Ran a silent challenge that required the client session to verify that it's a |
| ACCESS_REVOKED | None | The requestor's access has been revoked due to security policy enforcements |
| REJECTED | None | A request or submission was rejected |
| UNAUTHORIZED | None | An attempt to access a resource was denied due to an authorization check that |
| ERROR | None | An error occurred during the processing of the activity or request |
| OTHER | None | The disposition is not mapped |
Slots
| Name | Description |
|---|---|
| disposition_id | Describes the outcome or action taken by a security control, such as access |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: DispositionIdEnum
description: 'Describes the outcome or action taken by a security control, such as
access
control checks, malware detections or various types of policy violations.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: The disposition is unknown.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
ALLOWED:
text: ALLOWED
description: Granted access or allowed the action to the protected resource.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Allowed
BLOCKED:
text: BLOCKED
description: Denied access or blocked the action to the protected resource.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Blocked
QUARANTINED:
text: QUARANTINED
description: A suspicious file or other content was moved to a benign location.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Quarantined
ISOLATED:
text: ISOLATED
description: A session was isolated on the network or within a browser.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Isolated
DELETED:
text: DELETED
description: A file or other content was deleted.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Deleted
DROPPED:
text: DROPPED
description: 'The request was detected as a threat and resulted in the connection
being
dropped.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Dropped
CUSTOM_ACTION:
text: CUSTOM_ACTION
description: 'A custom action was executed such as running of a command script.
Use the
<code>message</code> attribute of the base class for details.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Custom Action
APPROVED:
text: APPROVED
description: 'A request or submission was approved. For example, when a form was
properly
filled out and submitted. This is distinct from <code>1</code> ''Allowed''.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '8'
caption:
tag: caption
value: Approved
RESTORED:
text: RESTORED
description: A quarantined file or other content was restored to its original
location.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '9'
caption:
tag: caption
value: Restored
EXONERATED:
text: EXONERATED
description: A suspicious or risky entity was deemed to no longer be suspicious
(re-scored).
annotations:
ocsf_uid:
tag: ocsf_uid
value: '10'
caption:
tag: caption
value: Exonerated
CORRECTED:
text: CORRECTED
description: A corrupt file or configuration was corrected.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '11'
caption:
tag: caption
value: Corrected
PARTIALLY_CORRECTED:
text: PARTIALLY_CORRECTED
description: A corrupt file or configuration was partially corrected.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '12'
caption:
tag: caption
value: Partially Corrected
UNCORRECTED:
text: UNCORRECTED
description: A corrupt file or configuration was not corrected.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '13'
caption:
tag: caption
value: Uncorrected
DELAYED:
text: DELAYED
description: 'An operation was delayed, for example if a restart was required
to finish the
operation.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '14'
caption:
tag: caption
value: Delayed
DETECTED:
text: DETECTED
description: Suspicious activity or a policy violation was detected without further
action.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '15'
caption:
tag: caption
value: Detected
NO_ACTION:
text: NO_ACTION
description: The outcome of an operation had no action taken.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '16'
caption:
tag: caption
value: No Action
LOGGED:
text: LOGGED
description: The operation or action was logged without further action.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '17'
caption:
tag: caption
value: Logged
TAGGED:
text: TAGGED
description: A file or other entity was marked with extended attributes.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '18'
caption:
tag: caption
value: Tagged
ALERT:
text: ALERT
description: 'The request or activity was detected as a threat and resulted in
a notification
but request was not blocked.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '19'
caption:
tag: caption
value: Alert
COUNT:
text: COUNT
description: 'Counted the request or activity but did not determine whether to
allow it or
block it.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '20'
caption:
tag: caption
value: Count
RESET:
text: RESET
description: 'The request was detected as a threat and resulted in the connection
being
reset.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '21'
caption:
tag: caption
value: Reset
CAPTCHA:
text: CAPTCHA
description: 'Required the end user to solve a CAPTCHA puzzle to prove that a
human being is
sending the request.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '22'
caption:
tag: caption
value: Captcha
CHALLENGE:
text: CHALLENGE
description: 'Ran a silent challenge that required the client session to verify
that it''s a
browser, and not a bot.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '23'
caption:
tag: caption
value: Challenge
ACCESS_REVOKED:
text: ACCESS_REVOKED
description: 'The requestor''s access has been revoked due to security policy
enforcements.
Note: use the <code>Host</code> profile if the <code>User</code> or
<code>Actor</code> requestor is not present in the event class.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '24'
caption:
tag: caption
value: Access Revoked
REJECTED:
text: REJECTED
description: 'A request or submission was rejected. For example, when a form
was improperly
filled out and submitted. This is distinct from <code>2</code> ''Blocked''.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '25'
caption:
tag: caption
value: Rejected
UNAUTHORIZED:
text: UNAUTHORIZED
description: 'An attempt to access a resource was denied due to an authorization
check that
failed. This is a more specific disposition than <code>2</code> ''Blocked''
and
can be complemented with the <code>authorizations</code> attribute for more
detail.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '26'
caption:
tag: caption
value: Unauthorized
ERROR:
text: ERROR
description: 'An error occurred during the processing of the activity or request.
Use the
<code>message</code> attribute of the base class for details.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '27'
caption:
tag: caption
value: Error
OTHER:
text: OTHER
description: 'The disposition is not mapped. See the <code>disposition</code>
attribute,
which contains a data source specific value.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other