Account
account
The Account object contains details about the account that initiated or performed a specific activity within a system or application. Additionally, the Account object refers to logical Cloud and Software-as-a-Service (SaaS) based containers such as AWS Accounts, Azure Subscriptions, Oracle Cloud Compartments, Google Cloud Projects, and otherwise.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Labels | labels |
String[] | The list of labels associated to the account. |
| Name | name |
String |
Entity:ACCOUNT_OBJECT_NAMEThe name of the account (e.g. GCP Project name , Linux Account name or AWS Account name).
|
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Tags | tags |
Key:Value object[] |
The list of tags; {key:value} pairs associated to the account.
|
| Type | type |
String | The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source. |
| Type ID | type_id |
Integer |
The normalized account type identifier.
|
| Unique ID | uid |
String |
Entity:ACCOUNT_OBJECT_UIDThe unique identifier of the account (e.g. AWS Account ID , OCID , GCP Project ID , Azure Subscription ID , Google Workspace Customer ID , or M365 Tenant UID).
|
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Account in their attributes:
Outbound Relationships
Account references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 3 days ago