Class: Entity
The Entity object is an unordered collection of attributes, with a name and
unique identifier. It serves as a base object that defines a set of attributes
and default constraints available in all objects that extend it.
URI: ocsf:Entity
classDiagram
class Entity
click Entity href "../Entity/"
Object <|-- Entity
click Object href "../Object/"
Entity <|-- Resource
click Resource href "../Resource/"
Entity <|-- Account
click Account href "../Account/"
Entity <|-- AiModel
click AiModel href "../AiModel/"
Entity <|-- Aircraft
click Aircraft href "../Aircraft/"
Entity <|-- Analytic
click Analytic href "../Analytic/"
Entity <|-- Assessment
click Assessment href "../Assessment/"
Entity <|-- D3fTactic
click D3fTactic href "../D3fTactic/"
Entity <|-- D3fTechnique
click D3fTechnique href "../D3fTechnique/"
Entity <|-- Database
click Database href "../Database/"
Entity <|-- Edge
click Edge href "../Edge/"
Entity <|-- Endpoint
click Endpoint href "../Endpoint/"
Entity <|-- Evidences
click Evidences href "../Evidences/"
Entity <|-- Extension
click Extension href "../Extension/"
Entity <|-- Feature
click Feature href "../Feature/"
Entity <|-- File
click File href "../File/"
Entity <|-- Graph
click Graph href "../Graph/"
Entity <|-- Group
click Group href "../Group/"
Entity <|-- Idp
click Idp href "../Idp/"
Entity <|-- Image
click Image href "../Image/"
Entity <|-- LoadBalancer
click LoadBalancer href "../LoadBalancer/"
Entity <|-- Logger
click Logger href "../Logger/"
Entity <|-- Malware
click Malware href "../Malware/"
Entity <|-- ManagedEntity
click ManagedEntity href "../ManagedEntity/"
Entity <|-- MessageContext
click MessageContext href "../MessageContext/"
Entity <|-- Mitigation
click Mitigation href "../Mitigation/"
Entity <|-- NetworkInterface
click NetworkInterface href "../NetworkInterface/"
Entity <|-- Organization
click Organization href "../Organization/"
Entity <|-- PeripheralDevice
click PeripheralDevice href "../PeripheralDevice/"
Entity <|-- Policy
click Policy href "../Policy/"
Entity <|-- ProcessEntity
click ProcessEntity href "../ProcessEntity/"
Entity <|-- Product
click Product href "../Product/"
Entity <|-- QueryInfo
click QueryInfo href "../QueryInfo/"
Entity <|-- Reporter
click Reporter href "../Reporter/"
Entity <|-- Rule
click Rule href "../Rule/"
Entity <|-- Scan
click Scan href "../Scan/"
Entity <|-- Service
click Service href "../Service/"
Entity <|-- SubTechnique
click SubTechnique href "../SubTechnique/"
Entity <|-- Table
click Table href "../Table/"
Entity <|-- Tactic
click Tactic href "../Tactic/"
Entity <|-- Technique
click Technique href "../Technique/"
Entity <|-- Trait
click Trait href "../Trait/"
Entity <|-- TransformationInfo
click TransformationInfo href "../TransformationInfo/"
Entity <|-- User
click User href "../User/"
Entity : name
Entity : uid
Inheritance
- OcsfObject
- Object
- Entity
- Resource [ DataClassificationProfile]
- Account
- AiModel
- Aircraft
- Analytic
- Assessment
- D3fTactic
- D3fTechnique
- Database [ DataClassificationProfile]
- Edge
- Endpoint [ ContainerProfile]
- Evidences
- Extension
- Feature
- File [ DataClassificationProfile]
- Graph
- Group
- Idp
- Image
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Mitigation
- NetworkInterface
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product [ DataClassificationProfile]
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- User
- Entity
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| name | 0..1 recommended String |
The name of the entity | direct |
| uid | 0..1 recommended String |
The unique identifier of the entity | direct |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {}}, {'slot_conditions': {'uid': {'required': True}}}] |
In Subsets
Aliases
- Entity
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["name", "uid"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Entity |
| native | ocsf:Entity |
LinkML Source
Direct
name: Entity
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["name", "uid"]}'
description: 'The Entity object is an unordered collection of attributes, with a name
and
unique identifier. It serves as a base object that defines a set of attributes
and default constraints available in all objects that extend it.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Entity
is_a: Object
slots:
- name
- uid
slot_usage:
name:
name: name
description: The name of the entity.
recommended: true
uid:
name: uid
description: The unique identifier of the entity.
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''name'', ''uid''] must be set.'
Induced
name: Entity
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["name", "uid"]}'
description: 'The Entity object is an unordered collection of attributes, with a name
and
unique identifier. It serves as a base object that defines a set of attributes
and default constraints available in all objects that extend it.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Entity
is_a: Object
slot_usage:
name:
name: name
description: The name of the entity.
recommended: true
uid:
name: uid
description: The unique identifier of the entity.
recommended: true
attributes:
name:
name: name
description: The name of the entity.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Entity
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
uid:
name: uid
description: The unique identifier of the entity.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Entity
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''name'', ''uid''] must be set.'