Agent
An Agent (also known as a Sensor) is typically installed on an Operating System (OS) and serves as a specialized software component that can be designed to monitor, detect, collect, archive, or take action. These activities and possible actions are defined by the upstream system controlling the Agent and its intended purpose. For instance, an Agent can include Endpoint Detection & Response (EDR) agents, backup/disaster recovery sensors, Application Performance Monitoring or profiling sensors, and similar software.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Agent Name | name |
String |
The name of the agent or sensor. For example: AWS SSM Agent .
|
Agent Policies | policies |
Policy[] | Describes the various policies that may be applied or enforced by an agent or sensor. E.g., Conditional Access, prevention, auto-update, tamper protection, destination configuration, etc. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Agent Type | type |
String | The normalized caption of the type_id value for the agent or sensor. In the case of 'Other' or 'Unknown', it is defined by the event source. |
Type ID | type_id |
Integer |
The normalized representation of an agent or sensor. E.g., EDR, vulnerability management, APM, backup & recovery, etc.
|
Agent ID | uid |
String |
The UID of the agent or sensor, sometimes known as a Sensor ID or aid .
|
Alternate Agent ID | uid_alt |
String | An alternative or contextual identifier for the agent or sensor, such as a configuration, organization, or license UID. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Vendor Name | vendor_name |
String |
The company or author who created the agent or sensor. For example: Crowdstrike .
|
Agent Version | version |
String |
The semantic version of the agent or sensor, e.g., 7.101.50.0 .
|
Relationships
Inbound Relationships
These objects and events reference Agent in their attributes:
Outbound Relationships
Agent references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago