Class: Enrichment
The Enrichment object provides inline enrichment data for specific attributes
of interest within an event. It serves as a mechanism to enhance or supplement
the information associated with the event by adding additional relevant details
or context.
URI: ocsf:Enrichment
classDiagram
class Enrichment
click Enrichment href "../Enrichment/"
Object <|-- Enrichment
click Object href "../Object/"
Enrichment : created_time
Enrichment : data
Enrichment : desc
Enrichment : name
Enrichment : provider
Enrichment : reputation
Enrichment --> "0..1" Reputation : reputation
click Reputation href "../Reputation/"
Enrichment : short_desc
Enrichment : src_url
Enrichment : type
Enrichment : value
Inheritance
- OcsfObject
- Object
- Enrichment
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| created_time | 0..1 recommended TimestampT |
The time when the enrichment data was generated | direct |
| data | 1 String |
The enrichment data associated with the attribute and value | direct |
| desc | 0..1 String |
A long description of the enrichment data | direct |
| name | 1 String |
The name of the attribute to which the enriched data pertains | direct |
| provider | 0..1 recommended String |
The enrichment data provider name | direct |
| reputation | 0..1 Reputation |
The reputation of the enrichment data | direct |
| short_desc | 0..1 recommended String |
A short description of the enrichment data | direct |
| src_url | 0..1 recommended UrlT |
The URL of the source of the enrichment data | direct |
| type | 0..1 recommended String |
The enrichment type | direct |
| value | 1 String |
The value of the attribute to which the enriched data pertains | direct |
Usages
In Subsets
Aliases
- Enrichment
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Enrichment |
| native | ocsf:Enrichment |
LinkML Source
Direct
name: Enrichment
description: 'The Enrichment object provides inline enrichment data for specific attributes
of interest within an event. It serves as a mechanism to enhance or supplement
the information associated with the event by adding additional relevant details
or context.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Enrichment
is_a: Object
slots:
- created_time
- data
- desc
- name
- provider
- reputation
- short_desc
- src_url
- type
- value
slot_usage:
created_time:
name: created_time
description: The time when the enrichment data was generated.
recommended: true
data:
name: data
description: 'The enrichment data associated with the attribute and value. The
meaning of
this data depends on the type the enrichment record.'
required: true
desc:
name: desc
description: A long description of the enrichment data.
name:
name: name
description: The name of the attribute to which the enriched data pertains.
required: true
provider:
name: provider
description: The enrichment data provider name.
recommended: true
reputation:
name: reputation
description: The reputation of the enrichment data.
short_desc:
name: short_desc
description: A short description of the enrichment data.
recommended: true
src_url:
name: src_url
description: The URL of the source of the enrichment data.
recommended: true
type:
name: type
description: 'The enrichment type. For example: <code>location</code>.'
recommended: true
value:
name: value
description: The value of the attribute to which the enriched data pertains.
required: true
Induced
name: Enrichment
description: 'The Enrichment object provides inline enrichment data for specific attributes
of interest within an event. It serves as a mechanism to enhance or supplement
the information associated with the event by adding additional relevant details
or context.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Enrichment
is_a: Object
slot_usage:
created_time:
name: created_time
description: The time when the enrichment data was generated.
recommended: true
data:
name: data
description: 'The enrichment data associated with the attribute and value. The
meaning of
this data depends on the type the enrichment record.'
required: true
desc:
name: desc
description: A long description of the enrichment data.
name:
name: name
description: The name of the attribute to which the enriched data pertains.
required: true
provider:
name: provider
description: The enrichment data provider name.
recommended: true
reputation:
name: reputation
description: The reputation of the enrichment data.
short_desc:
name: short_desc
description: A short description of the enrichment data.
recommended: true
src_url:
name: src_url
description: The URL of the source of the enrichment data.
recommended: true
type:
name: type
description: 'The enrichment type. For example: <code>location</code>.'
recommended: true
value:
name: value
description: The value of the attribute to which the enriched data pertains.
required: true
attributes:
created_time:
name: created_time
description: The time when the enrichment data was generated.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: Enrichment
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
recommended: true
data:
name: data
description: 'The enrichment data associated with the attribute and value. The
meaning of
this data depends on the type the enrichment record.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data
rank: 1000
alias: data
owner: Enrichment
domain_of:
- Request
- Response
- TlsExtension
- Resource
- ApplicationObject
- Edge
- Enrichment
- Evidences
- ManagedEntity
- Node
- Policy
- QueryInfo
- WebResource
- RegValue
range: string
required: true
desc:
name: desc
description: A long description of the enrichment data.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Enrichment
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
name:
name: name
description: The name of the attribute to which the enriched data pertains.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Enrichment
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
required: true
provider:
name: provider
description: The enrichment data provider name.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Provider
rank: 1000
alias: provider
owner: Enrichment
domain_of:
- Reputation
- AuthFactor
- Cloud
- Enrichment
- Location
- Malware
- ResourceDetails
range: string
recommended: true
reputation:
name: reputation
description: The reputation of the enrichment data.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Reputation Scores
rank: 1000
alias: reputation
owner: Enrichment
domain_of:
- Observable
- Osint
- Enrichment
range: Reputation
short_desc:
name: short_desc
description: A short description of the enrichment data.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Short Description
rank: 1000
alias: short_desc
owner: Enrichment
domain_of:
- Enrichment
range: string
recommended: true
src_url:
name: src_url
description: The URL of the source of the enrichment data.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: Enrichment
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
recommended: true
type:
name: type
description: 'The enrichment type. For example: <code>location</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Enrichment
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
recommended: true
value:
name: value
description: The value of the attribute to which the enriched data pertains.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Value
rank: 1000
alias: value
owner: Enrichment
domain_of:
- Observable
- Observation
- Osint
- Packet
- DiscoveryDetails
- Enrichment
- EnvironmentVariable
- Fingerprint
- HttpCookie
- HttpHeader
- Ja4Fingerprint
- KeyValueObject
- LongString
- Metric
range: string
required: true