| Service |
The Service object describes characteristics of a service, e |
yes |
| DataClassification |
The Data Classification object includes information about data classification |
yes |
| Table |
The table object represents a table within a structured relational database o... |
yes |
| Trait |
Describes a characteristic or feature of an entity that was observed |
yes |
| WindowsProcess |
Extends the process object to add Windows specific fields |
no |
| Mitigation |
The MITRE Mitigation object describes the ATT&CK® or ATLAS™ Mitigation ID |
yes |
| Process |
The Process object describes a running instance of a launched program |
no |
| Entity |
The Entity object is an unordered collection of attributes, with a name and |
yes |
| D3fTactic |
The MITRE D3FEND™ Tactic object describes the tactic ID and/or name that is |
yes |
| Evidences |
A collection of evidence artifacts associated to the activity/activities that |
yes |
| Sbom |
The Software Bill of Materials object describes characteristics of a generate... |
yes |
| ClassifierDetails |
The Classifier Details object describes details about the classifier used for |
yes |
| WinService |
The Windows Service object describes a Windows service |
no |
| MacosProcess |
Extends the process object to add macOS specific fields |
no |
| Rule |
The Rule object describes characteristics of a rule associated with a policy ... |
yes |
| MessageContext |
Communication context for AI system interactions including protocols, roles, |
yes |
| WindowsEvidences |
Extends the evidences object to add Windows specific fields |
no |
| AuthenticationToken |
The Authentication Token object extends the base token object an... |
no |
| Group |
The Group object represents a collection or association of entities, such as |
yes |
| WebResource |
The Web Resource object describes characteristics of a web resource that was |
yes |
| Image |
The Image object provides a description of a specific Virtual Machine (VM) or |
yes |
| Agent |
An Agent (also known as a Sensor) is typically installed on an Operating Syst... |
yes |
| Aircraft |
The Aircraft object represents any aircraft or otherwise airborne asset such ... |
yes |
| ManagedEntity |
The Managed Entity object describes the type and version of an entity, such a... |
yes |
| MalwareScanInfo |
The malware scan information object describes characteristics, metadata of a |
no |
| Scim |
The System for Cross-domain Identity Management (SCIM) Configuration object |
yes |
| Session |
The Session object describes details about an authenticated session |
yes |
| Tactic |
The MITRE Tactic object describes the ATT&CK® or ATLAS™ Tactic ID and/or name |
yes |
| NetworkEndpoint |
The Network Endpoint object describes characteristics of a network endpoint |
no |
| Analytic |
The Analytic object contains details about the analytic technique used to |
yes |
| KbArticle |
The KB Article object contains metadata that describes the patch or update |
yes |
| Metadata |
The Metadata object describes the metadata associated with the event |
yes |
| Cwe |
The CWE object represents a weakness in a software system that can be exploit... |
yes |
| Script |
The Script object describes a script or command that can be executed by a |
yes |
| Advisory |
The Advisory object represents publicly disclosed cybersecurity vulnerabiliti... |
yes |
| LoadBalancer |
The load balancer object describes the load balancer entity and contains |
yes |
| Extension |
The OCSF Schema Extension object provides detailed information about the sche... |
yes |
| Request |
The Request Elements object describes characteristics of an API request |
yes |
| Cve |
The Common Vulnerabilities and Exposures (CVE) object represents publicly |
yes |
| Device |
The Device object represents an addressable computer system or host, which is |
yes |
| UnmannedAerialSystem |
The Unmanned Aerial System object describes the characteristics, Position |
yes |
| AffectedPackage |
The Affected Package object describes details about a software package |
no |
| Malware |
The Malware object describes the classification of known malicious software, |
yes |
| Sso |
The Single Sign-On (SSO) object provides a structure for normalizing SSO |
yes |
| AiModel |
The AI Model object describes the characteristics of an AI/ML model |
yes |
| PeripheralDevice |
The peripheral device object describes the properties of external, connectabl... |
yes |
| Feature |
The Feature object provides information about the software product feature th... |
yes |
| Databucket |
The databucket object is a basic container that holds data, typically organiz... |
yes |
| FindingObject |
The Finding object describes metadata related to a security finding generated |
yes |
| Product |
The Product object describes characteristics of a software product |
yes |
| File |
The File object represents the metadata associated with a file stored in a |
yes |
| Database |
The database object is used for databases which are typically datastore |
yes |
| Check |
The check object defines a specific, testable compliance verification point |
yes |
| Container |
The Container object describes an instance of a specific container |
yes |
| Scan |
The Scan object describes characteristics of a proactive scan |
yes |
| ResourceDetails |
The Resource Details object describes details about resources that were |
no |
| Certificate |
The Digital Certificate, also known as a Public Key Certificate, object |
yes |
| D3fTechnique |
The MITRE D3FEND™ Technique object describes the leaf defensive technique ID |
yes |
| Account |
The Account object contains details about the account that initiated or |
yes |
| Ticket |
The Ticket object represents ticket in the customer's IT Service Management |
yes |
| Package |
The Software Package object describes details about a software package |
yes |
| ProgrammaticCredential |
The Programmatic Credential object describes service-specific credentials use... |
yes |
| WinResource |
The Windows resource object describes a resource object managed by Windows, |
yes |
| HttpRequest |
The HTTP Request object represents the attributes of a request made to a web |
yes |
| TransformationInfo |
The transformation_info object represents the mapping or transformation used |
yes |
| Graph |
A graph data structure representation with nodes and edges |
yes |
| RelatedEvent |
The Related Event object describes an event or another finding related to a |
yes |
| ProcessEntity |
The Process Entity object provides critical fields for referencing a process |
yes |
| Reporter |
The entity from which an event or finding was reported |
yes |
| Organization |
The Organization object describes characteristics of an organization or compa... |
yes |
| DataSecurity |
The Data Security object describes the characteristics, techniques and conten... |
no |
| Edge |
Represents a connection or relationship between two nodes in a graph |
yes |
| Node |
Represents a node or a vertex in a graph structure |
yes |
| FindingInfo |
The Finding Information object describes metadata related to a security findi... |
yes |
| QueryInfo |
The query info object holds information related to data access within a |
yes |
| Trace |
The trace object contains information about a distributed trace, which is |
yes |
| Logger |
The Logger object represents the device and product where events are stored |
yes |
| Osint |
The OSINT (Open Source Intelligence) object contains details related to an |
yes |
| Span |
Represents a single unit of work or operation within a distributed trace |
yes |
| NetworkInterface |
The Network Interface object describes the type and associated attributes of ... |
yes |
| NetworkProxy |
The network proxy endpoint object describes a proxy server, which acts as an |
no |
| DomainContact |
The contact information related to a domain registration, e |
yes |
| LinuxProcess |
Extends the process object to add Linux specific fields |
no |
| Idp |
The Identity Provider object contains detailed information about a provider |
yes |
| Technique |
The MITRE Technique object describes the ATT&CK® or ATLAS™ Technique ID and/o... |
yes |
| User |
The User object describes the characteristics of a user/person or a security |
yes |
| Resource |
The Resource object contains attributes that provide information about a |
yes |
| Email |
The Email object describes the email metadata such as sender, recipients, and |
yes |
| ApplicationObject |
An Application describes the details for an inventoried application as report... |
yes |
| Policy |
The Policy object describes the policies that are applicable |
yes |
| Endpoint |
The Endpoint object describes a physical or virtual device that connects to a... |
yes |
| FirewallRule |
The Firewall Rule object represents a specific rule within a firewall policy ... |
no |
| Token |
The Token object is the base object for representing tokens, API keys, and |
yes |
| NetworkConnectionInfo |
The Network Connection Information object describes characteristics of an OSI |
yes |
| Assessment |
The Assessment object describes a point-in-time assessment, check, or |
yes |
| SubTechnique |
The MITRE Sub-technique object describes the ATT&CK® or ATLAS™ Sub-technique ... |
yes |