Class: Reporter
The entity from which an event or finding was reported.
URI: ocsf:Reporter
classDiagram
class Reporter
click Reporter href "../Reporter/"
Entity <|-- Reporter
click Entity href "../Entity/"
Reporter : hostname
Reporter : ip
Reporter : name
Reporter : org
Reporter --> "0..1" Organization : org
click Organization href "../Organization/"
Reporter : uid
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| hostname | 0..1 recommended HostnameT |
The hostname of the entity from which the event or finding was reported | direct |
| ip | 0..1 recommended IpT |
The IP address of the entity from which the event or finding was reported | direct |
| name | 0..1 recommended String |
The name of the entity from which the event or finding was reported | direct |
| org | 0..1 Organization |
The organization properties of the entity that reported the event or finding | direct |
| uid | 0..1 recommended String |
The unique identifier of the entity from which the event or finding was | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Metadata | reporter | range | Reporter |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {'hostname': {'required': True}}}, {'slot_conditions': {'ip': {'required': True}}}, {'slot_conditions': {}}, {'slot_conditions': {'uid': {'required': True}}}] |
In Subsets
Aliases
- Reporter
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["hostname", "ip", "name", "uid"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Reporter |
| native | ocsf:Reporter |
LinkML Source
Direct
name: Reporter
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["hostname", "ip", "name", "uid"]}'
description: The entity from which an event or finding was reported.
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Reporter
is_a: Entity
slots:
- hostname
- ip
- name
- org
- uid
slot_usage:
hostname:
name: hostname
description: The hostname of the entity from which the event or finding was reported.
recommended: true
ip:
name: ip
description: The IP address of the entity from which the event or finding was
reported.
recommended: true
name:
name: name
description: The name of the entity from which the event or finding was reported.
recommended: true
org:
name: org
description: The organization properties of the entity that reported the event
or finding.
uid:
name: uid
description: 'The unique identifier of the entity from which the event or finding
was
reported.'
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
hostname:
name: hostname
required: true
- slot_conditions:
ip:
name: ip
required: true
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''hostname'', ''ip'', ''name'',
''uid''] must be
set.'
Induced
name: Reporter
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["hostname", "ip", "name", "uid"]}'
description: The entity from which an event or finding was reported.
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Reporter
is_a: Entity
slot_usage:
hostname:
name: hostname
description: The hostname of the entity from which the event or finding was reported.
recommended: true
ip:
name: ip
description: The IP address of the entity from which the event or finding was
reported.
recommended: true
name:
name: name
description: The name of the entity from which the event or finding was reported.
recommended: true
org:
name: org
description: The organization properties of the entity that reported the event
or finding.
uid:
name: uid
description: 'The unique identifier of the entity from which the event or finding
was
reported.'
recommended: true
attributes:
hostname:
name: hostname
description: The hostname of the entity from which the event or finding was reported.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: Reporter
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
recommended: true
ip:
name: ip
description: The IP address of the entity from which the event or finding was
reported.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- IP Address
rank: 1000
alias: ip
owner: Reporter
domain_of:
- Databucket
- Endpoint
- LoadBalancer
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: IpT
recommended: true
name:
name: name
description: The name of the entity from which the event or finding was reported.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Reporter
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
org:
name: org
description: The organization properties of the entity that reported the event
or finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Organization
rank: 1000
alias: org
owner: Reporter
domain_of:
- Cloud
- ManagedEntity
- Reporter
- User
- Device
range: Organization
uid:
name: uid
description: 'The unique identifier of the entity from which the event or finding
was
reported.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Reporter
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
hostname:
name: hostname
required: true
- slot_conditions:
ip:
name: ip
required: true
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''hostname'', ''ip'', ''name'',
''uid''] must be
set.'