Class: ResourceDetails
The Resource Details object describes details about resources that were
affected by the activity/event.
URI: ocsf:ResourceDetails
classDiagram
class ResourceDetails
click ResourceDetails href "../ResourceDetails/"
CloudProfile <|-- ResourceDetails
click CloudProfile href "../CloudProfile/"
Resource <|-- ResourceDetails
click Resource href "../Resource/"
ResourceDetails : agent_list
ResourceDetails --> "*" Agent : agent_list
click Agent href "../Agent/"
ResourceDetails : api
ResourceDetails --> "0..1" Api : api
click Api href "../Api/"
ResourceDetails : cloud
ResourceDetails --> "1" Cloud : cloud
click Cloud href "../Cloud/"
ResourceDetails : cloud_partition
ResourceDetails : created_time
ResourceDetails : criticality
ResourceDetails : data
ResourceDetails : data_classification
ResourceDetails --> "0..1 _recommended_" DataClassification : data_classification
click DataClassification href "../DataClassification/"
ResourceDetails : data_classifications
ResourceDetails --> "* _recommended_" DataClassification : data_classifications
click DataClassification href "../DataClassification/"
ResourceDetails : group
ResourceDetails --> "0..1" Group : group
click Group href "../Group/"
ResourceDetails : hostname
ResourceDetails : ip
ResourceDetails : is_backed_up
ResourceDetails : labels
ResourceDetails : modified_time
ResourceDetails : name
ResourceDetails : namespace
ResourceDetails : owner
ResourceDetails --> "0..1 _recommended_" User : owner
click User href "../User/"
ResourceDetails : provider
ResourceDetails : region
ResourceDetails : resource_relationship
ResourceDetails --> "0..1" Graph : resource_relationship
click Graph href "../Graph/"
ResourceDetails : role
ResourceDetails : role_id
ResourceDetails --> "0..1 _recommended_" ResourceDetailsRoleIdEnum : role_id
click ResourceDetailsRoleIdEnum href "../ResourceDetailsRoleIdEnum/"
ResourceDetails : tags
ResourceDetails --> "*" KeyValueObject : tags
click KeyValueObject href "../KeyValueObject/"
ResourceDetails : type
ResourceDetails : uid
ResourceDetails : uid_alt
ResourceDetails : version
ResourceDetails : zone
Inheritance
- OcsfObject
- Object
- Entity
- Resource [ DataClassificationProfile]
- ResourceDetails [ CloudProfile]
- Resource [ DataClassificationProfile]
- Entity
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| agent_list | * Agent |
A list of agent objects associated with a device, endpoint, or |
direct |
| cloud_partition | 0..1 String |
The logical grouping or isolated segment within a cloud provider's | direct |
| criticality | 0..1 String |
The criticality of the resource as defined by the event source | direct |
| group | 0..1 Group |
The name of the related resource group | direct |
| hostname | 0..1 recommended HostnameT |
The fully qualified name of the resource | direct |
| ip | 0..1 recommended IpT |
The IP address of the resource, in either IPv4 or IPv6 format | direct |
| is_backed_up | 0..1 Boolean |
Indicates whether the device or resource has a backup enabled, such as an | direct |
| name | 0..1 recommended String |
The name of the resource | direct |
| namespace | 0..1 String |
The namespace is useful when similar entities exist that you need to keep | direct |
| owner | 0..1 recommended User |
The details of the entity that owns the resource | direct |
| provider | 0..1 String |
The cloud service provider that hosts or manages the resource | direct |
| region | 0..1 String |
The cloud region where the resource is hosted, as defined by the cloud | direct |
| resource_relationship | 0..1 Graph |
A graph representation showing how this resource relates to and interacts wit... | direct |
| role | 0..1 String |
The role of the resource in the context of the event or finding, normalized t... | direct |
| role_id | 0..1 recommended ResourceDetailsRoleIdEnum |
The normalized identifier of the resource's role in the context of the event ... | direct |
| version | 0..1 String |
The version of the resource | direct |
| zone | 0..1 String |
The availability zone within a cloud region where the resource is located | direct |
| api | 0..1 Api |
Describes details about a typical API (Application Programming Interface) cal... | CloudProfile |
| cloud | 1 Cloud |
Describes details about the Cloud environment where the event or finding was | CloudProfile |
| created_time | 0..1 TimestampT |
The time when the resource was created | Resource |
| data | 0..1 String |
Additional data describing the resource | Resource |
| labels | * String |
The list of labels associated to the resource | Resource |
| modified_time | 0..1 TimestampT |
The time when the resource was last modified | Resource |
| tags | * KeyValueObject |
The list of tags; {key:value} pairs associated to the resource |
Resource |
| type | 0..1 String |
The resource type as defined by the event source | Resource |
| uid | 0..1 recommended String |
The unique identifier of the resource | Resource, Entity |
| uid_alt | 0..1 String |
The alternative unique identifier of the resource | Resource |
| data_classification | 0..1 recommended DataClassification |
The Data Classification object includes information about data classification | DataClassificationProfile |
| data_classifications | * recommended DataClassification |
A list of Data Classification objects, that include information about data | DataClassificationProfile |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Check | resource | range | ResourceDetails |
| Evidences | resources | range | ResourceDetails |
| ApiActivity | resources | range | ResourceDetails |
| CloudResourcesInventoryInfo | resources | range | ResourceDetails |
| ApplicationSecurityPostureFinding | resources | range | ResourceDetails |
| ComplianceFinding | resource | range | ResourceDetails |
| ComplianceFinding | resources | range | ResourceDetails |
| DataSecurityFinding | resources | range | ResourceDetails |
| DetectionFinding | resources | range | ResourceDetails |
| IamAnalysisFinding | resources | range | ResourceDetails |
| SecurityFinding | resources | range | ResourceDetails |
| VulnerabilityFinding | resource | range | ResourceDetails |
| VulnerabilityFinding | resources | range | ResourceDetails |
| GroupManagement | resource | range | ResourceDetails |
| UserAccess | resource | range | ResourceDetails |
| UserAccess | resources | range | ResourceDetails |
| WindowsEvidences | resources | range | ResourceDetails |
In Subsets
Aliases
- Resource Details
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:ResourceDetails |
| native | ocsf:ResourceDetails |
LinkML Source
Direct
name: ResourceDetails
description: 'The Resource Details object describes details about resources that were
affected by the activity/event.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Resource Details
is_a: Resource
mixins:
- CloudProfile
slots:
- agent_list
- cloud_partition
- criticality
- group
- hostname
- ip
- is_backed_up
- name
- namespace
- owner
- provider
- region
- resource_relationship
- role
- role_id
- version
- zone
slot_usage:
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the resource is located. Examples include AWS partitions
(aws, aws-cn, aws-us-gov), Azure cloud environments (AzureCloud,
AzureUSGovernment, AzureChinaCloud), or similar logical divisions in other
cloud providers.'
criticality:
name: criticality
description: The criticality of the resource as defined by the event source.
group:
name: group
description: The name of the related resource group.
hostname:
name: hostname
description: The fully qualified name of the resource.
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
recommended: true
name:
name: name
recommended: true
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
owner:
name: owner
description: 'The details of the entity that owns the resource. This object includes
properties such as the owner''s name, unique identifier, type, domain, and other
relevant attributes that help identify the resource owner within the
environment.'
recommended: true
provider:
name: provider
description: 'The cloud service provider that hosts or manages the resource. This
field is
typically used when the resource is managed by a different provider than the
one generating the event or finding. Examples include AWS, Azure, GCP (Google
Cloud Platform), Oracle Cloud, IBM Cloud, Alibaba Cloud, or other public,
private, or hybrid cloud providers.'
region:
name: region
description: 'The cloud region where the resource is hosted, as defined by the
cloud
provider. This represents the physical or logical geographic area containing
the infrastructure supporting the resource. Examples include AWS regions
(us-east-1, eu-west-1), Azure regions (East US, West Europe), GCP regions
(us-central1, europe-west1), or Oracle Cloud regions (us-ashburn-1,
uk-london-1).'
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this resource relates to and
interacts with
other entities in the environment. This can include parent/child relationships,
dependencies, or other connections.'
role:
name: role
description: 'The role of the resource in the context of the event or finding,
normalized to
the caption of the role_id value. In the case of ''Other'', it is defined by
the
event source.'
role_id:
name: role_id
description: 'The normalized identifier of the resource''s role in the context
of the event or
finding.'
range: ResourceDetailsRoleIdEnum
recommended: true
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
zone:
name: zone
description: 'The availability zone within a cloud region where the resource is
located.
Examples include AWS availability zones (us-east-1a, us-east-1b), Azure
availability zones (1, 2, 3 within a region), GCP zones (us-central1-a,
us-central1-b), or Oracle Cloud availability domains (AD-1, AD-2, AD-3).'
Induced
name: ResourceDetails
description: 'The Resource Details object describes details about resources that were
affected by the activity/event.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Resource Details
is_a: Resource
mixins:
- CloudProfile
slot_usage:
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the resource is located. Examples include AWS partitions
(aws, aws-cn, aws-us-gov), Azure cloud environments (AzureCloud,
AzureUSGovernment, AzureChinaCloud), or similar logical divisions in other
cloud providers.'
criticality:
name: criticality
description: The criticality of the resource as defined by the event source.
group:
name: group
description: The name of the related resource group.
hostname:
name: hostname
description: The fully qualified name of the resource.
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
recommended: true
name:
name: name
recommended: true
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
owner:
name: owner
description: 'The details of the entity that owns the resource. This object includes
properties such as the owner''s name, unique identifier, type, domain, and other
relevant attributes that help identify the resource owner within the
environment.'
recommended: true
provider:
name: provider
description: 'The cloud service provider that hosts or manages the resource. This
field is
typically used when the resource is managed by a different provider than the
one generating the event or finding. Examples include AWS, Azure, GCP (Google
Cloud Platform), Oracle Cloud, IBM Cloud, Alibaba Cloud, or other public,
private, or hybrid cloud providers.'
region:
name: region
description: 'The cloud region where the resource is hosted, as defined by the
cloud
provider. This represents the physical or logical geographic area containing
the infrastructure supporting the resource. Examples include AWS regions
(us-east-1, eu-west-1), Azure regions (East US, West Europe), GCP regions
(us-central1, europe-west1), or Oracle Cloud regions (us-ashburn-1,
uk-london-1).'
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this resource relates to and
interacts with
other entities in the environment. This can include parent/child relationships,
dependencies, or other connections.'
role:
name: role
description: 'The role of the resource in the context of the event or finding,
normalized to
the caption of the role_id value. In the case of ''Other'', it is defined by
the
event source.'
role_id:
name: role_id
description: 'The normalized identifier of the resource''s role in the context
of the event or
finding.'
range: ResourceDetailsRoleIdEnum
recommended: true
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
zone:
name: zone
description: 'The availability zone within a cloud region where the resource is
located.
Examples include AWS availability zones (us-east-1a, us-east-1b), Azure
availability zones (1, 2, 3 within a region), GCP zones (us-central1-a,
us-central1-b), or Oracle Cloud availability domains (AD-1, AD-2, AD-3).'
attributes:
agent_list:
name: agent_list
description: 'A list of <code>agent</code> objects associated with a device, endpoint,
or
resource.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Agent List
rank: 1000
alias: agent_list
owner: ResourceDetails
domain_of:
- Databucket
- Endpoint
- ResourceDetails
range: Agent
multivalued: true
cloud_partition:
name: cloud_partition
description: 'The logical grouping or isolated segment within a cloud provider''s
infrastructure where the resource is located. Examples include AWS partitions
(aws, aws-cn, aws-us-gov), Azure cloud environments (AzureCloud,
AzureUSGovernment, AzureChinaCloud), or similar logical divisions in other
cloud providers.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud Partition
rank: 1000
alias: cloud_partition
owner: ResourceDetails
domain_of:
- Cloud
- Databucket
- ResourceDetails
range: string
criticality:
name: criticality
description: The criticality of the resource as defined by the event source.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Criticality
rank: 1000
alias: criticality
owner: ResourceDetails
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: string
group:
name: group
description: The name of the related resource group.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Group
rank: 1000
alias: group
owner: ResourceDetails
domain_of:
- QueryEvidence
- Api
- ApplicationObject
- Databucket
- ManagedEntity
- Policy
- ResourceDetails
- AdminGroupQuery
- AuthorizeSession
- GroupManagement
- LinuxUsersProfile
range: Group
hostname:
name: hostname
description: The fully qualified name of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: ResourceDetails
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
recommended: true
ip:
name: ip
description: The IP address of the resource, in either IPv4 or IPv6 format.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- IP Address
rank: 1000
alias: ip
owner: ResourceDetails
domain_of:
- Databucket
- Endpoint
- LoadBalancer
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: IpT
recommended: true
is_backed_up:
name: is_backed_up
description: 'Indicates whether the device or resource has a backup enabled, such
as an
automated snapshot or a cloud backup. For example, this is indicated by the
<code>cloudBackupEnabled</code> value within JAMF Pro mobile devices or the
registration of an AWS ARN with the AWS Backup service.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Back Ups Configured
rank: 1000
alias: is_backed_up
owner: ResourceDetails
domain_of:
- Databucket
- ResourceDetails
- Device
range: boolean
name:
name: name
description: The name of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: ResourceDetails
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
namespace:
name: namespace
description: 'The namespace is useful when similar entities exist that you need
to keep
separate.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Namespace
rank: 1000
alias: namespace
owner: ResourceDetails
domain_of:
- Databucket
- NetworkInterface
- ResourceDetails
range: string
owner:
name: owner
description: 'The details of the entity that owns the resource. This object includes
properties such as the owner''s name, unique identifier, type, domain, and other
relevant attributes that help identify the resource owner within the
environment.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Owner
rank: 1000
alias: owner
owner: ResourceDetails
domain_of:
- AffectedCode
- ApplicationObject
- Databucket
- Endpoint
- File
- ResourceDetails
range: User
recommended: true
provider:
name: provider
description: 'The cloud service provider that hosts or manages the resource. This
field is
typically used when the resource is managed by a different provider than the
one generating the event or finding. Examples include AWS, Azure, GCP (Google
Cloud Platform), Oracle Cloud, IBM Cloud, Alibaba Cloud, or other public,
private, or hybrid cloud providers.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Provider
rank: 1000
alias: provider
owner: ResourceDetails
domain_of:
- Reputation
- AuthFactor
- Cloud
- Enrichment
- Location
- Malware
- ResourceDetails
range: string
region:
name: region
description: 'The cloud region where the resource is hosted, as defined by the
cloud
provider. This represents the physical or logical geographic area containing
the infrastructure supporting the resource. Examples include AWS regions
(us-east-1, eu-west-1), Azure regions (East US, West Europe), GCP regions
(us-central1, europe-west1), or Oracle Cloud regions (us-ashburn-1,
uk-london-1).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Region
rank: 1000
alias: region
owner: ResourceDetails
domain_of:
- ApplicationObject
- Cloud
- Databucket
- Location
- ResourceDetails
- Device
- CloudResourcesInventoryInfo
range: string
resource_relationship:
name: resource_relationship
description: 'A graph representation showing how this resource relates to and
interacts with
other entities in the environment. This can include parent/child relationships,
dependencies, or other connections.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Resource Relationship
rank: 1000
alias: resource_relationship
owner: ResourceDetails
domain_of:
- ApplicationObject
- Databucket
- ResourceDetails
range: Graph
role:
name: role
description: 'The role of the resource in the context of the event or finding,
normalized to
the caption of the role_id value. In the case of ''Other'', it is defined by
the
event source.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Role
rank: 1000
alias: role
owner: ResourceDetails
domain_of:
- ResourceDetails
range: string
role_id:
name: role_id
annotations:
sibling:
tag: sibling
value: role
description: 'The normalized identifier of the resource''s role in the context
of the event or
finding.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Role ID
rank: 1000
alias: role_id
owner: ResourceDetails
domain_of:
- ResourceDetails
range: ResourceDetailsRoleIdEnum
recommended: true
version:
name: version
description: The version of the resource. For example <code>1.2.3</code>.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: ResourceDetails
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string
zone:
name: zone
description: 'The availability zone within a cloud region where the resource is
located.
Examples include AWS availability zones (us-east-1a, us-east-1b), Azure
availability zones (1, 2, 3 within a region), GCP zones (us-central1-a,
us-central1-b), or Oracle Cloud availability domains (AD-1, AD-2, AD-3).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Zone
rank: 1000
alias: zone
owner: ResourceDetails
domain_of:
- Token
- Cloud
- Databucket
- Endpoint
- ResourceDetails
range: string
api:
name: api
annotations:
group:
tag: group
value: context
description: Describes details about a typical API (Application Programming Interface)
call.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- API Details
rank: 1000
alias: api
owner: ResourceDetails
domain_of:
- Evidences
- CloudProfile
- ApiActivity
range: Api
cloud:
name: cloud
annotations:
group:
tag: group
value: primary
description: 'Describes details about the Cloud environment where the event or
finding was
created.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cloud
rank: 1000
alias: cloud
owner: ResourceDetails
domain_of:
- CloudProfile
- CloudResourcesInventoryInfo
range: Cloud
required: true
created_time:
name: created_time
description: The time when the resource was created.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: ResourceDetails
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
data:
name: data
description: Additional data describing the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data
rank: 1000
alias: data
owner: ResourceDetails
domain_of:
- Request
- Response
- TlsExtension
- Resource
- ApplicationObject
- Edge
- Enrichment
- Evidences
- ManagedEntity
- Node
- Policy
- QueryInfo
- WebResource
- RegValue
range: string
labels:
name: labels
description: The list of labels associated to the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Labels
rank: 1000
alias: labels
owner: ResourceDetails
domain_of:
- Osint
- Resource
- Account
- ApplicationObject
- Container
- Image
- LdapPerson
- Metadata
- Service
range: string
multivalued: true
modified_time:
name: modified_time
description: The time when the resource was last modified.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Modified Time
rank: 1000
alias: modified_time
owner: ResourceDetails
domain_of:
- Osint
- RelatedEvent
- Scim
- Sso
- Token
- Resource
- Advisory
- Cve
- Database
- Databucket
- File
- FindingObject
- FindingInfo
- LdapPerson
- Metadata
- Table
- Device
- RegKey
- RegValue
range: TimestampT
tags:
name: tags
description: The list of tags; <code>{key:value}</code> pairs associated to the
resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Tags
rank: 1000
alias: tags
owner: ResourceDetails
domain_of:
- RelatedEvent
- Resource
- Account
- ApplicationObject
- Container
- File
- FindingInfo
- Image
- LdapPerson
- Metadata
- Service
range: KeyValueObject
multivalued: true
type:
name: type
description: The resource type as defined by the event source.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: ResourceDetails
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
uid:
name: uid
description: The unique identifier of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: ResourceDetails
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
uid_alt:
name: uid_alt
description: The alternative unique identifier of the resource.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Alternate ID
rank: 1000
alias: uid_alt
owner: ResourceDetails
domain_of:
- Scim
- Session
- Resource
- Agent
- Aircraft
- ApplicationObject
- FindingInfo
- Group
- UnmannedAerialSystem
- User
- Device
range: string
data_classification:
name: data_classification
annotations:
group:
tag: group
value: context
description: 'The Data Classification object includes information about data classification
levels and data category types.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Classification
rank: 1000
alias: data_classification
owner: ResourceDetails
domain_of:
- DataClassificationProfile
range: DataClassification
recommended: true
data_classifications:
name: data_classifications
annotations:
group:
tag: group
value: context
description: 'A list of Data Classification objects, that include information
about data
classification levels and data category types, identified by a classifier.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Data Classification
rank: 1000
alias: data_classifications
owner: ResourceDetails
domain_of:
- DataClassificationProfile
range: DataClassification
recommended: true
multivalued: true