Guides

Account

Suggest Edits

The Account object contains details about the account that initiated or performed a specific activity within a system or application. Additionally, the Account object refers to logical Cloud and Software-as-a-Service (SaaS) based containers such as AWS Accounts, Azure Subscriptions, Oracle Cloud Compartments, Google Cloud Projects, and otherwise.

Attributes

CaptionNameTypeDescription
Labels labels String[] The list of labels/tags associated to the account.
Name name String The name of the account (e.g. GCP Project name , Linux Account name or AWS Account name ).
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Type type String The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source.
Type ID type_id Integer The normalized account type identifier.
  • 0: Unknown (UNKNOWN)
  • 1: LDAP Account (LDAP_ACCOUNT)
  • 10: AWS Account (AWS_ACCOUNT)
  • 11: GCP Project (GCP_PROJECT)
  • 12: OCI Compartment (OCI_COMPARTMENT)
  • 13: Azure Subscription (AZURE_SUBSCRIPTION)
  • 14: Salesforce Account (SALESFORCE_ACCOUNT)
  • 15: Google Workspace (GOOGLE_WORKSPACE)
  • 16: Servicenow Instance (SERVICENOW_INSTANCE)
  • 17: M365 Tenant (M365_TENANT)
  • 2: Windows Account (WINDOWS_ACCOUNT)
  • 3: AWS IAM User (AWS_IAM_USER)
  • 4: AWS IAM Role (AWS_IAM_ROLE)
  • 5: GCP Account (GCP_ACCOUNT)
  • 6: Azure AD Account (AZURE_AD_ACCOUNT)
  • 7: Mac OS Account (MAC_OS_ACCOUNT)
  • 8: Apple Account (APPLE_ACCOUNT)
  • 9: Linux Account (LINUX_ACCOUNT)
  • 99: Other (OTHER)
Unique ID uid String The unique identifier of the account (e.g. AWS Account ID , OCID , GCP Project ID , Azure Subscription ID , Google Workspace Customer ID , or M365 Tenant UID ).
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Account shown in context

Inbound Relationships

These objects and events reference Account in their attributes:

Outbound Relationships

Account references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 6 months ago