Analytic

The Analytic object contains details about the analytic technique used to analyze and derive insights from the data or information that led to the creation of a finding or conclusion.

Attributes

Caption	Name	Type	Description
Category	`category`	String	The analytic category.
Description	`desc`	String	The description of the analytic that generated the finding.
Name	`name`	String	The name of the analytic that generated the finding.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Record ID	`record_id`	String	Unique identifier for the object
Related Analytics	`related_analytics`	Analytic[]	Other analytics related to this analytic. 🚧 WARNING: DEPRECATED Related Analytics has been deprecated since 1.0.0. Related Analytics has been decoupled from this object, instead use `finding_info.related_analytics`.
Type	`type`	String	The analytic type.
Type ID	`type_id`	Integer	The analytic type ID. `0`: Unknown (`UNKNOWN`) `1`: Rule (`RULE`) `10`: Partial Data Match (`PARTIAL_DATA_MATCH`) `11`: Indexed Data Match (`INDEXED_DATA_MATCH`) `2`: Behavioral (`BEHAVIORAL`) `3`: Statistical (`STATISTICAL`) `4`: Learning (ML/DL) (`LEARNING_(ML/DL)`) `5`: Fingerprinting (`FINGERPRINTING`) `6`: Tagging (`TAGGING`) `7`: Keyword Match (`KEYWORD_MATCH`) `8`: Regular Expressions (`REGULAR_EXPRESSIONS`) `9`: Exact Data Match (`EXACT_DATA_MATCH`) `99`: Other (`OTHER`)
Unique ID	`uid`	String	The unique identifier of the analytic that generated the finding.
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version	`version`	String	The analytic version. For example: `1.1`.

Relationships

Inbound Relationships

These objects and events reference Analytic in their attributes:

Outbound Relationships

Analytic references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0