Class: FirewallRule
The Firewall Rule object represents a specific rule within a firewall policy or
event. It contains information about a rule's configuration, properties, and
associated actions that define how network traffic is handled by the firewall.
URI: ocsf:FirewallRule
classDiagram
class FirewallRule
click FirewallRule href "../FirewallRule/"
Rule <|-- FirewallRule
click Rule href "../Rule/"
FirewallRule : category
FirewallRule : condition
FirewallRule : desc
FirewallRule : duration
FirewallRule : match_details
FirewallRule : match_location
FirewallRule : name
FirewallRule : rate_limit
FirewallRule : sensitivity
FirewallRule : type
FirewallRule : uid
FirewallRule : version
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| condition | 0..1 String |
The rule trigger condition for the rule | direct |
| duration | 0..1 Integer |
The rule response time duration, usually used for challenge completion time | direct |
| match_details | * String |
The data in a request that rule matched | direct |
| match_location | 0..1 String |
The location of the matched data in the source which resulted in the triggere... | direct |
| rate_limit | 0..1 Integer |
The rate limit for a rate-based rule | direct |
| sensitivity | 0..1 String |
The sensitivity of the firewall rule in the matched event | direct |
| category | 0..1 String |
The rule category | Rule |
| desc | 0..1 String |
The description of the rule that generated the event | Rule |
| name | 0..1 recommended String |
The name of the rule that generated the event | Entity, Rule |
| type | 0..1 String |
The rule type | Rule |
| uid | 0..1 recommended String |
The unique identifier of the rule that generated the event | Entity, Rule |
| version | 0..1 String |
The rule version | Rule |
Usages
In Subsets
Aliases
- Firewall Rule
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:FirewallRule |
| native | ocsf:FirewallRule |
LinkML Source
Direct
name: FirewallRule
description: 'The Firewall Rule object represents a specific rule within a firewall
policy or
event. It contains information about a rule''s configuration, properties, and
associated actions that define how network traffic is handled by the firewall.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Firewall Rule
is_a: Rule
slots:
- condition
- duration
- match_details
- match_location
- rate_limit
- sensitivity
slot_usage:
condition:
name: condition
description: 'The rule trigger condition for the rule. For example: SQL_INJECTION.'
duration:
name: duration
description: The rule response time duration, usually used for challenge completion
time.
Induced
name: FirewallRule
description: 'The Firewall Rule object represents a specific rule within a firewall
policy or
event. It contains information about a rule''s configuration, properties, and
associated actions that define how network traffic is handled by the firewall.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Firewall Rule
is_a: Rule
slot_usage:
condition:
name: condition
description: 'The rule trigger condition for the rule. For example: SQL_INJECTION.'
duration:
name: duration
description: The rule response time duration, usually used for challenge completion
time.
attributes:
condition:
name: condition
description: 'The rule trigger condition for the rule. For example: SQL_INJECTION.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Condition
rank: 1000
alias: condition
owner: FirewallRule
domain_of:
- FirewallRule
range: string
duration:
name: duration
description: The rule response time duration, usually used for challenge completion
time.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Duration Milliseconds
rank: 1000
alias: duration
owner: FirewallRule
domain_of:
- Span
- Timespan
- Trace
- FirewallRule
- BaseEvent
- ScanActivity
range: integer
match_details:
name: match_details
description: 'The data in a request that rule matched. For example: ''["10","and","1"]''.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Match Details
rank: 1000
alias: match_details
owner: FirewallRule
domain_of:
- FirewallRule
range: string
multivalued: true
match_location:
name: match_location
description: 'The location of the matched data in the source which resulted in
the triggered
firewall rule. For example: HEADER.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Match Location
rank: 1000
alias: match_location
owner: FirewallRule
domain_of:
- FirewallRule
range: string
rate_limit:
name: rate_limit
description: The rate limit for a rate-based rule.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Rate Limit
rank: 1000
alias: rate_limit
owner: FirewallRule
domain_of:
- Scim
- FirewallRule
range: integer
sensitivity:
name: sensitivity
description: 'The sensitivity of the firewall rule in the matched event. For example:
HIGH.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Sensitivity
rank: 1000
alias: sensitivity
owner: FirewallRule
domain_of:
- FirewallRule
range: string
category:
name: category
description: The rule category.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Category
rank: 1000
alias: category
owner: FirewallRule
domain_of:
- Osint
- Vulnerability
- Analytic
- Assessment
- Compliance
- DataClassification
- Rule
- Trait
range: string
desc:
name: desc
description: The description of the rule that generated the event.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: FirewallRule
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
name:
name: name
description: The name of the rule that generated the event.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: FirewallRule
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
type:
name: type
description: The rule type.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: FirewallRule
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
uid:
name: uid
description: The unique identifier of the rule that generated the event.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: FirewallRule
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
version:
name: version
description: 'The rule version. For example: <code>1.1</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: FirewallRule
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string