Skip to content

Enum: NetworkEventObservationPointIdEnum

The normalized identifier of the observation point. The observation point

identifier indicates whether the source network endpoint, destination network

endpoint, or neither served as the observation point for the activity.

URI: ocsf:NetworkEventObservationPointIdEnum

Permissible Values

Value Meaning Description
UNKNOWN None The observation point is unknown
SOURCE None The source network endpoint is the observation point
DESTINATION None The destination network endpoint is the observation point
NEITHER None Neither the source nor destination network endpoint is the observation point
BOTH None Both the source and destination network endpoint are the observation point
OTHER None The observation point is not mapped

Slots

Name Description
observation_point_id The normalized identifier of the observation point

Identifier and Mapping Information

Schema Source

LinkML Source

name: NetworkEventObservationPointIdEnum
description: 'The normalized identifier of the observation point. The observation
  point

  identifier indicates whether the source network endpoint, destination network

  endpoint, or neither served as the observation point for the activity.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  UNKNOWN:
    text: UNKNOWN
    description: The observation point is unknown.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  SOURCE:
    text: SOURCE
    description: The source network endpoint is the observation point.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: Source
  DESTINATION:
    text: DESTINATION
    description: The destination network endpoint is the observation point.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: Destination
  NEITHER:
    text: NEITHER
    description: 'Neither the source nor destination network endpoint is the observation
      point.

      Refer to the <code>network_observation_point</code> attribute for details.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: Neither
  BOTH:
    text: BOTH
    description: 'Both the source and destination network endpoint are the observation
      point.

      This typically occurs in localhost or internal communications where the source

      and destination are the same endpoint, often resulting in a

      <code>connection_info.direction</code> of <code>Local</code>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Both
  OTHER:
    text: OTHER
    description: 'The observation point is not mapped. See the <code>observation_point</code>

      attribute for a data source specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other