Skip to content

Enum: VerdictIdEnum

The normalized verdict of an Incident.

URI: ocsf:VerdictIdEnum

Permissible Values

Value Meaning Description
UNKNOWN None The type is unknown
FALSE_POSITIVE None The incident is a false positive
TRUE_POSITIVE None The incident is a true positive
DISREGARD None The incident can be disregarded as it is unimportant, an error or accident
SUSPICIOUS None The incident is suspicious
BENIGN None The incident is benign
TEST None The incident is a test
INSUFFICIENT_DATA None The incident has insufficient data to make a verdict
SECURITY_RISK None The incident is a security risk
MANAGED_EXTERNALLY None The incident remediation or required actions are managed externally
DUPLICATE None The incident is a duplicate
OTHER None The type is not mapped

Slots

Name Description
verdict_id The normalized verdict of an Incident

Identifier and Mapping Information

Schema Source

LinkML Source

name: VerdictIdEnum
description: The normalized verdict of an Incident.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  UNKNOWN:
    text: UNKNOWN
    description: The type is unknown.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  FALSE_POSITIVE:
    text: FALSE_POSITIVE
    description: The incident is a false positive.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: False Positive
  TRUE_POSITIVE:
    text: TRUE_POSITIVE
    description: The incident is a true positive.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: True Positive
  DISREGARD:
    text: DISREGARD
    description: The incident can be disregarded as it is unimportant, an error or
      accident.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: Disregard
  SUSPICIOUS:
    text: SUSPICIOUS
    description: The incident is suspicious.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Suspicious
  BENIGN:
    text: BENIGN
    description: The incident is benign.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: Benign
  TEST:
    text: TEST
    description: The incident is a test.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '6'
      caption:
        tag: caption
        value: Test
  INSUFFICIENT_DATA:
    text: INSUFFICIENT_DATA
    description: The incident has insufficient data to make a verdict.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '7'
      caption:
        tag: caption
        value: Insufficient Data
  SECURITY_RISK:
    text: SECURITY_RISK
    description: The incident is a security risk.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '8'
      caption:
        tag: caption
        value: Security Risk
  MANAGED_EXTERNALLY:
    text: MANAGED_EXTERNALLY
    description: The incident remediation or required actions are managed externally.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '9'
      caption:
        tag: caption
        value: Managed Externally
  DUPLICATE:
    text: DUPLICATE
    description: The incident is a duplicate.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '10'
      caption:
        tag: caption
        value: Duplicate
  OTHER:
    text: OTHER
    description: 'The type is not mapped. See the <code>type</code> attribute, which
      contains a

      data source specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other