Slot: vendor_attributes
The Vendor Attributes object can be used to represent values of attributes
populated by the Vendor/Finding Provider. It can help distinguish between the
vendor-provided values and consumer-updated values, of key attributes like
severity_id.
The original finding producer should not populate
this object. It should be populated by consuming systems that support data
mutability.
URI: ocsf:vendor_attributes Alias: vendor_attributes
Applicable Classes
| Name | Description | Modifies Slot |
|---|---|---|
| DataSecurityFinding | A Data Security Finding describes detections or alerts generated by various | no |
| DetectionFinding | A Detection Finding describes detections or alerts generated by security | no |
| ApplicationSecurityPostureFinding | The Application Security Posture Finding event is a notification about any bu... | no |
| VulnerabilityFinding | The Vulnerability Finding event is a notification about weakness in an | no |
| ComplianceFinding | Compliance Finding events describe results of evaluations performed against | no |
| IncidentFinding | An Incident Finding reports the creation, update, or closure of security | no |
| IamAnalysisFinding | This finding represents an IAM analysis result, which evaluates IAM policies, | no |
| Finding | The Finding event is a generic event that defines a set of attributes availab... | yes |
Properties
Type and Range
| Property | Value |
|---|---|
| Range | VendorAttributes |
| Domain Of | Finding, IncidentFinding |
Cardinality and Requirements
| Property | Value |
|---|---|
Aliases
- Vendor Attributes
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:vendor_attributes |
| native | ocsf:vendor_attributes |
LinkML Source
name: vendor_attributes
description: 'The Vendor Attributes object can be used to represent values of attributes
populated by the Vendor/Finding Provider. It can help distinguish between the
vendor-provided values and consumer-updated values, of key attributes like
<code>severity_id</code>.<br>The original finding producer should not populate
this object. It should be populated by consuming systems that support data
mutability.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Vendor Attributes
rank: 1000
alias: vendor_attributes
domain_of:
- Finding
- IncidentFinding
range: VendorAttributes