Enum: SecurityStateStateIdEnum
The security state of the managed entity.
URI: ocsf:SecurityStateStateIdEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| UNKNOWN | None | The security state is unknown |
| MISSING_OR_OUTDATED_CONTENT | None | The content is missing or outdated |
| POLICY_MISMATCH | None | Not in compliance with the expected security policy |
| IN_NETWORK_QUARANTINE | None | Isolated from the network |
| PROTECTION_OFF | None | Not protected by a security solution |
| PROTECTION_MALFUNCTION | None | The security solution is not functioning properly |
| PROTECTION_NOT_LICENSED | None | The security solution does not have a valid license |
| UNREMEDIATED_THREAT | None | A detected threat has not been remediated |
| SUSPICIOUS_REPUTATION | None | Reputation of the entity is suspicious |
| REBOOT_PENDING | None | A reboot is required for one or more pending actions |
| CONTENT_IS_LOCKED | None | The content is locked to a specific version |
| NOT_INSTALLED | None | The entity is not installed |
| WRITABLE_SYSTEM_PARTITION | None | The system partition is writeable |
| SAFETYNET_FAILURE | None | The device has failed the SafetyNet check |
| FAILED_BOOT_VERIFY | None | The device has failed the boot verification process |
| MODIFIED_EXECUTION_ENVIRONMENT | None | The execution environment has been modified |
| SELINUX_DISABLED | None | The SELinux security feature has been disabled |
| ELEVATED_PRIVILEGE_SHELL | None | An elevated privilege shell has been detected |
| IOS_FILE_SYSTEM_ALTERED | None | The file system has been altered on an iOS device |
| OPEN_REMOTE_ACCESS | None | Remote access is enabled |
| OTA_UPDATES_DISABLED | None | Mobile OTA (Over The Air) updates have been disabled |
| ROOTED | None | The device has been modified to allow root access |
| ANDROID_PARTITION_MODIFIED | None | The Android partition has been modified |
| COMPLIANCE_FAILURE | None | The entity is not compliant with the associated security policy |
| OTHER | None | The security state is not mapped |
Slots
| Name | Description |
|---|---|
| state_id | The security state of the managed entity |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: SecurityStateStateIdEnum
description: The security state of the managed entity.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: The security state is unknown.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
MISSING_OR_OUTDATED_CONTENT:
text: MISSING_OR_OUTDATED_CONTENT
description: The content is missing or outdated.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Missing or outdated content
POLICY_MISMATCH:
text: POLICY_MISMATCH
description: Not in compliance with the expected security policy.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Policy mismatch
IN_NETWORK_QUARANTINE:
text: IN_NETWORK_QUARANTINE
description: Isolated from the network.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: In network quarantine
PROTECTION_OFF:
text: PROTECTION_OFF
description: Not protected by a security solution.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Protection off
PROTECTION_MALFUNCTION:
text: PROTECTION_MALFUNCTION
description: The security solution is not functioning properly.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Protection malfunction
PROTECTION_NOT_LICENSED:
text: PROTECTION_NOT_LICENSED
description: The security solution does not have a valid license.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Protection not licensed
UNREMEDIATED_THREAT:
text: UNREMEDIATED_THREAT
description: A detected threat has not been remediated.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Unremediated threat
SUSPICIOUS_REPUTATION:
text: SUSPICIOUS_REPUTATION
description: Reputation of the entity is suspicious.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '8'
caption:
tag: caption
value: Suspicious reputation
REBOOT_PENDING:
text: REBOOT_PENDING
description: A reboot is required for one or more pending actions.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '9'
caption:
tag: caption
value: Reboot pending
CONTENT_IS_LOCKED:
text: CONTENT_IS_LOCKED
description: The content is locked to a specific version.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '10'
caption:
tag: caption
value: Content is locked
NOT_INSTALLED:
text: NOT_INSTALLED
description: The entity is not installed.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '11'
caption:
tag: caption
value: Not installed
WRITABLE_SYSTEM_PARTITION:
text: WRITABLE_SYSTEM_PARTITION
description: The system partition is writeable.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '12'
caption:
tag: caption
value: Writable system partition
SAFETYNET_FAILURE:
text: SAFETYNET_FAILURE
description: The device has failed the SafetyNet check.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '13'
caption:
tag: caption
value: SafetyNet failure
FAILED_BOOT_VERIFY:
text: FAILED_BOOT_VERIFY
description: The device has failed the boot verification process.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '14'
caption:
tag: caption
value: Failed boot verify
MODIFIED_EXECUTION_ENVIRONMENT:
text: MODIFIED_EXECUTION_ENVIRONMENT
description: The execution environment has been modified.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '15'
caption:
tag: caption
value: Modified execution environment
SELINUX_DISABLED:
text: SELINUX_DISABLED
description: The SELinux security feature has been disabled.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '16'
caption:
tag: caption
value: SELinux disabled
ELEVATED_PRIVILEGE_SHELL:
text: ELEVATED_PRIVILEGE_SHELL
description: An elevated privilege shell has been detected.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '17'
caption:
tag: caption
value: Elevated privilege shell
IOS_FILE_SYSTEM_ALTERED:
text: IOS_FILE_SYSTEM_ALTERED
description: The file system has been altered on an iOS device.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '18'
caption:
tag: caption
value: iOS file system altered
OPEN_REMOTE_ACCESS:
text: OPEN_REMOTE_ACCESS
description: Remote access is enabled.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '19'
caption:
tag: caption
value: Open remote access
OTA_UPDATES_DISABLED:
text: OTA_UPDATES_DISABLED
description: Mobile OTA (Over The Air) updates have been disabled.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '20'
caption:
tag: caption
value: OTA updates disabled
ROOTED:
text: ROOTED
description: The device has been modified to allow root access.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '21'
caption:
tag: caption
value: Rooted
ANDROID_PARTITION_MODIFIED:
text: ANDROID_PARTITION_MODIFIED
description: The Android partition has been modified.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '22'
caption:
tag: caption
value: Android partition modified
COMPLIANCE_FAILURE:
text: COMPLIANCE_FAILURE
description: The entity is not compliant with the associated security policy.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '23'
caption:
tag: caption
value: Compliance failure
OTHER:
text: OTHER
description: 'The security state is not mapped. See the <code>state</code> attribute,
which
contains data source specific values.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other