Guides
Start typing to search…

Account

account

The Account object contains details about the account that initiated or performed a specific activity within a system or application. Additionally, the Account object refers to logical Cloud and Software-as-a-Service (SaaS) based containers such as AWS Accounts, Azure Subscriptions, Oracle Cloud Compartments, Google Cloud Projects, and otherwise.

Attributes

CaptionNameTypeDescription
LabelslabelsString[]

The list of labels associated to the account.

NamenameString

Entity:ACCOUNT_OBJECT_NAME
The name of the account (e.g. GCP Project name , Linux Account name or AWS Account name).

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

TagstagsKey:Value object[]

The list of tags; json {key:value} pairs associated to the account.

TypetypeString

The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source.

Type IDtype_idInteger

The normalized account type identifier.

  • 0: Unknown (UNKNOWN)
  • 1: LDAP Account (LDAP_ACCOUNT)
  • 10: AWS Account (AWS_ACCOUNT)
  • 11: GCP Project (GCP_PROJECT)
  • 12: OCI Compartment (OCI_COMPARTMENT)
  • 13: Azure Subscription (AZURE_SUBSCRIPTION)
  • 14: Salesforce Account (SALESFORCE_ACCOUNT)
  • 15: Google Workspace (GOOGLE_WORKSPACE)
  • 16: Servicenow Instance (SERVICENOW_INSTANCE)
  • 17: M365 Tenant (M365_TENANT)
  • 18: Email Account (EMAIL_ACCOUNT)
  • 2: Windows Account (WINDOWS_ACCOUNT)
  • 3: AWS IAM User (AWS_IAM_USER)
  • 4: AWS IAM Role (AWS_IAM_ROLE)
  • 5: GCP Account (GCP_ACCOUNT)
  • 6: Azure AD Account (AZURE_AD_ACCOUNT)
  • 7: Mac OS Account (MAC_OS_ACCOUNT)
  • 8: Apple Account (APPLE_ACCOUNT)
  • 9: Linux Account (LINUX_ACCOUNT)
  • 99: Other (OTHER)
Unique IDuidString

Entity:ACCOUNT_OBJECT_UID
The unique identifier of the account (e.g. AWS Account ID , OCID , GCP Project ID , Azure Subscription ID , Google Workspace Customer ID , or M365 Tenant UID).

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Account shown in context

Inbound Relationships

These objects and events reference Account in their attributes:

Outbound Relationships

Account references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 9 days ago