Subset: discovery_subset
Discovery events report the existence and state of devices, files,
configurations, processes, registry keys, and other objects.
URI: discovery_subset
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Classes in subset
| Class | Description |
|---|---|
| AdminGroupQuery | Admin Group Query events report information about administrative groups |
| CloudResourcesInventoryInfo | Cloud Resources Inventory Info events report cloud asset inventory data |
| ConfigState | Device Config State events report device configuration data, device |
| DeviceConfigStateChange | Device Config State Change events report state changes that impact the securi... |
| DiscoveryEvent | The Discovery event is a generic event that defines a set of attributes |
| DiscoveryResult | Discovery Result events report the results of a discovery request |
| EvidenceInfo | Data collected directly from devices that represents forensic information |
| FileQuery | File Query events report information about files that are present on the |
| FolderQuery | Folder Query events report information about folders that are present on the |
| InventoryInfo | Device Inventory Info events report device inventory data that is either logg... |
| JobQuery | Job Query events report information about scheduled jobs |
| KernelObjectQuery | Kernel Object Query events report information about discovered kernel |
| ModuleQuery | Module Query events report information about loaded modules |
| NetworkConnectionQuery | Network Connection Query events report information about active network |
| NetworksQuery | Networks Query events report information about network adapters |
| OsintInventoryInfo | OSINT Inventory Info events report open source intelligence or threat |
| PatchState | Operating System Patch State reports the installation of an OS patch to a |
| PeripheralDeviceQuery | Peripheral Device Query events report information about peripheral devices |
| ProcessQuery | Process Query events report information about running processes |
| ServiceQuery | Service Query events report information about running services |
| SessionQuery | User Session Query events report information about existing user sessions |
| SoftwareInfo | Software Inventory Info events report device software inventory data that is |
| StartupItemQuery | Startup Item Query events report information about discovered items, e |
| UserInventory | User Inventory Info events report user inventory data that is either logged o... |
| UserQuery | User Query events report user data that have been discovered, queried, polled |