Class: PrivilegeInfo
The Privilege Info object describes information about a specific privilege,
action, or permission. It captures the privilege name, type, usage status, and
when it was last used.
URI: ocsf:PrivilegeInfo
classDiagram
class PrivilegeInfo
click PrivilegeInfo href "../PrivilegeInfo/"
Object <|-- PrivilegeInfo
click Object href "../Object/"
PrivilegeInfo : is_unused
PrivilegeInfo : last_used_time
PrivilegeInfo : name
PrivilegeInfo : type
PrivilegeInfo : type_id
PrivilegeInfo --> "0..1" PrivilegeInfoTypeIdEnum : type_id
click PrivilegeInfoTypeIdEnum href "../PrivilegeInfoTypeIdEnum/"
Inheritance
- OcsfObject
- Object
- PrivilegeInfo
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| is_unused | 0..1 Boolean |
Indicates whether the privilege is unused within the analysis timeframe | direct |
| last_used_time | 0..1 TimestampT |
The most recent time this privilege was used | direct |
| name | 1 String |
The name of the privilege, action, or permission | direct |
| type | 0..1 String |
The type or category of the privilege, normalized to the caption of the | direct |
| type_id | 0..1 PrivilegeInfoTypeIdEnum |
The normalized type of the privilege | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| PrivilegeAttackInfo | privilege_info_list | range | PrivilegeInfo |
In Subsets
Aliases
- Privilege Info
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:PrivilegeInfo |
| native | ocsf:PrivilegeInfo |
LinkML Source
Direct
name: PrivilegeInfo
description: 'The Privilege Info object describes information about a specific privilege,
action, or permission. It captures the privilege name, type, usage status, and
when it was last used.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Privilege Info
is_a: Object
slots:
- is_unused
- last_used_time
- name
- type
- type_id
slot_usage:
is_unused:
name: is_unused
description: Indicates whether the privilege is unused within the analysis timeframe.
last_used_time:
name: last_used_time
description: The most recent time this privilege was used.
name:
name: name
description: 'The name of the privilege, action, or permission. Examples:
<code>GetObject</code>, <code>CreateStoreImageTask</code> (AWS);
<code>Microsoft.Storage/storageAccounts/read</code> (Azure);
<code>storage.objects.get</code> (GCP).'
required: true
type:
name: type
description: 'The type or category of the privilege, normalized to the caption
of the
<code>type_id</code> value. In the case of ''Other'', it is defined by the event
source.'
type_id:
name: type_id
description: The normalized type of the privilege.
range: PrivilegeInfoTypeIdEnum
Induced
name: PrivilegeInfo
description: 'The Privilege Info object describes information about a specific privilege,
action, or permission. It captures the privilege name, type, usage status, and
when it was last used.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Privilege Info
is_a: Object
slot_usage:
is_unused:
name: is_unused
description: Indicates whether the privilege is unused within the analysis timeframe.
last_used_time:
name: last_used_time
description: The most recent time this privilege was used.
name:
name: name
description: 'The name of the privilege, action, or permission. Examples:
<code>GetObject</code>, <code>CreateStoreImageTask</code> (AWS);
<code>Microsoft.Storage/storageAccounts/read</code> (Azure);
<code>storage.objects.get</code> (GCP).'
required: true
type:
name: type
description: 'The type or category of the privilege, normalized to the caption
of the
<code>type_id</code> value. In the case of ''Other'', it is defined by the event
source.'
type_id:
name: type_id
description: The normalized type of the privilege.
range: PrivilegeInfoTypeIdEnum
attributes:
is_unused:
name: is_unused
description: Indicates whether the privilege is unused within the analysis timeframe.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Is Unused
rank: 1000
alias: is_unused
owner: PrivilegeInfo
domain_of:
- PrivilegeInfo
range: boolean
last_used_time:
name: last_used_time
description: The most recent time this privilege was used.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Last Used Time
rank: 1000
alias: last_used_time
owner: PrivilegeInfo
domain_of:
- PrivilegeInfo
- ProgrammaticCredential
- ServicePrivilegeAnalysis
range: TimestampT
name:
name: name
description: 'The name of the privilege, action, or permission. Examples:
<code>GetObject</code>, <code>CreateStoreImageTask</code> (AWS);
<code>Microsoft.Storage/storageAccounts/read</code> (Azure);
<code>storage.objects.get</code> (GCP).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: PrivilegeInfo
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
required: true
type:
name: type
description: 'The type or category of the privilege, normalized to the caption
of the
<code>type_id</code> value. In the case of ''Other'', it is defined by the event
source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: PrivilegeInfo
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The normalized type of the privilege.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: PrivilegeInfo
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: PrivilegeInfoTypeIdEnum