Class: Observation

A record of an observed value or event that captures the timing and frequency

of its occurrence. Used to track when values/events were first detected, last

detected, and their total occurrence count.

 classDiagram
    class Observation
    click Observation href "../Observation/"
      Object <|-- Observation
        click Object href "../Object/"

      Observation : count

      Observation : timespan





        Observation --> "0..1 _recommended_" Timespan : timespan
        click Timespan href "../Timespan/"



      Observation : value

Inheritance

OcsfObject
- Object
  - Observation

Slots

Name	Cardinality and Range	Description	Inheritance
count	0..1 recommended Integer	Integer representing the total number of times this specific value/event was	direct
timespan	0..1 recommended Timespan	The time window when the value or event was first observed	direct
value	1 String	The specific value, event, indicator or data point that was observed and	direct

Usages

used by	used in	type	used
Anomaly	observations	range	Observation
Baseline	observations	range	Observation

In Subsets

objects_subset

Aliases

Observation

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:Observation
native	ocsf:Observation
exact	uco_master:Observation

LinkML Source

Direct

name: Observation
description: 'A record of an observed value or event that captures the timing and
  frequency

  of its occurrence. Used to track when values/events were first detected, last

  detected, and their total occurrence count.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Observation
exact_mappings:
- uco_master:Observation
is_a: Object
slots:
- count
- timespan
- value
slot_usage:
  count:
    name: count
    description: 'Integer representing the total number of times this specific value/event
      was

      observed across all occurrences. Helps establish prevalence and patterns.'
    recommended: true
  timespan:
    name: timespan
    description: 'The time window when the value or event was first observed. It is
      used to

      analyze activity patterns, detect trends, or correlate events within a specific

      timeframe.'
    recommended: true
  value:
    name: value
    description: 'The specific value, event, indicator or data point that was observed
      and

      recorded. This is the core piece of information being tracked.'
    required: true

Induced

name: Observation
description: 'A record of an observed value or event that captures the timing and
  frequency

  of its occurrence. Used to track when values/events were first detected, last

  detected, and their total occurrence count.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Observation
exact_mappings:
- uco_master:Observation
is_a: Object
slot_usage:
  count:
    name: count
    description: 'Integer representing the total number of times this specific value/event
      was

      observed across all occurrences. Helps establish prevalence and patterns.'
    recommended: true
  timespan:
    name: timespan
    description: 'The time window when the value or event was first observed. It is
      used to

      analyze activity patterns, detect trends, or correlate events within a specific

      timeframe.'
    recommended: true
  value:
    name: value
    description: 'The specific value, event, indicator or data point that was observed
      and

      recorded. This is the core piece of information being tracked.'
    required: true
attributes:
  count:
    name: count
    description: 'Integer representing the total number of times this specific value/event
      was

      observed across all occurrences. Helps establish prevalence and patterns.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Count
    rank: 1000
    alias: count
    owner: Observation
    domain_of:
    - Observation
    - RelatedEvent
    - Session
    - DiscoveryDetails
    - UnmannedSystemOperatingArea
    - BaseEvent
    range: integer
    recommended: true
  timespan:
    name: timespan
    description: 'The time window when the value or event was first observed. It is
      used to

      analyze activity patterns, detect trends, or correlate events within a specific

      timeframe.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Time Span
    rank: 1000
    alias: timespan
    owner: Observation
    domain_of:
    - Observation
    - NetworkTraffic
    range: Timespan
    recommended: true
  value:
    name: value
    description: 'The specific value, event, indicator or data point that was observed
      and

      recorded. This is the core piece of information being tracked.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Value
    rank: 1000
    alias: value
    owner: Observation
    domain_of:
    - Observable
    - Observation
    - Osint
    - Packet
    - DiscoveryDetails
    - Enrichment
    - EnvironmentVariable
    - Fingerprint
    - HttpCookie
    - HttpHeader
    - Ja4Fingerprint
    - KeyValueObject
    - LongString
    - Metric
    range: string
    required: true