Class: Group
The Group object represents a collection or association of entities, such as
users, policies, or devices. It serves as a logical grouping mechanism to
organize and manage entities with similar characteristics or permissions within
a system or organization, including but not limited to purposes of access
control.
URI: ocsf:Group
classDiagram
class Group
click Group href "../Group/"
Entity <|-- Group
click Entity href "../Entity/"
Group : desc
Group : domain
Group : name
Group : privileges
Group : type
Group : uid
Group : uid_alt
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| desc | 0..1 String |
The group description | direct |
| domain | 0..1 String |
The domain where the group is defined | direct |
| name | 0..1 recommended String |
The group name | direct |
| privileges | * String |
The group privileges | direct |
| type | 0..1 String |
The type of the group | direct |
| uid | 0..1 recommended String |
The unique identifier of the group | direct |
| uid_alt | 0..1 String |
The alternate unique identifier | direct |
Usages
In Subsets
Aliases
- Group
See Also
Notes
- D3FEND™ Ontology d3f:AccessControlGroup. — https://d3fend.mitre.org/dao/artifact/d3f:AccessControlGroup/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Group |
| native | ocsf:Group |
LinkML Source
Direct
name: Group
description: 'The Group object represents a collection or association of entities,
such as
users, policies, or devices. It serves as a logical grouping mechanism to
organize and manage entities with similar characteristics or permissions within
a system or organization, including but not limited to purposes of access
control.'
notes:
- 'D3FEND™ Ontology d3f:AccessControlGroup. —
https://d3fend.mitre.org/dao/artifact/d3f:AccessControlGroup/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:AccessControlGroup/
aliases:
- Group
is_a: Entity
slots:
- desc
- domain
- name
- privileges
- type
- uid
- uid_alt
slot_usage:
desc:
name: desc
description: The group description.
domain:
name: domain
description: 'The domain where the group is defined. For example: the LDAP or
Active
Directory domain.'
name:
name: name
description: The group name.
privileges:
name: privileges
description: The group privileges.
type:
name: type
description: The type of the group.
uid:
name: uid
description: 'The unique identifier of the group. For example, for Windows events
this is the
security identifier (SID) of the group. Another example, pool id or desktop
id
that the device belongs to.'
uid_alt:
name: uid_alt
description: The alternate unique identifier.
Induced
name: Group
description: 'The Group object represents a collection or association of entities,
such as
users, policies, or devices. It serves as a logical grouping mechanism to
organize and manage entities with similar characteristics or permissions within
a system or organization, including but not limited to purposes of access
control.'
notes:
- 'D3FEND™ Ontology d3f:AccessControlGroup. —
https://d3fend.mitre.org/dao/artifact/d3f:AccessControlGroup/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:AccessControlGroup/
aliases:
- Group
is_a: Entity
slot_usage:
desc:
name: desc
description: The group description.
domain:
name: domain
description: 'The domain where the group is defined. For example: the LDAP or
Active
Directory domain.'
name:
name: name
description: The group name.
privileges:
name: privileges
description: The group privileges.
type:
name: type
description: The type of the group.
uid:
name: uid
description: 'The unique identifier of the group. For example, for Windows events
this is the
security identifier (SID) of the group. Another example, pool id or desktop
id
that the device belongs to.'
uid_alt:
name: uid_alt
description: The alternate unique identifier.
attributes:
desc:
name: desc
description: The group description.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Group
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
domain:
name: domain
description: 'The domain where the group is defined. For example: the LDAP or
Active
Directory domain.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain
rank: 1000
alias: domain
owner: Group
domain_of:
- Url
- Whois
- Endpoint
- Group
- HttpCookie
- Idp
- User
- Device
range: string
name:
name: name
description: The group name.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Group
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
privileges:
name: privileges
description: The group privileges.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Privileges
rank: 1000
alias: privileges
owner: Group
domain_of:
- Group
- AuthorizeSession
- GroupManagement
- UserAccess
range: string
multivalued: true
type:
name: type
description: The type of the group.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Group
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
uid:
name: uid
description: 'The unique identifier of the group. For example, for Windows events
this is the
security identifier (SID) of the group. Another example, pool id or desktop
id
that the device belongs to.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Group
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
uid_alt:
name: uid_alt
description: The alternate unique identifier.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Alternate ID
rank: 1000
alias: uid_alt
owner: Group
domain_of:
- Scim
- Session
- Resource
- Agent
- Aircraft
- ApplicationObject
- FindingInfo
- Group
- UnmannedAerialSystem
- User
- Device
range: string