Guides
Start typing to search…

Analytic

analytic

The Analytic object contains details about the analytic technique used to analyze and derive insights from the data or information that led to the creation of a finding or conclusion.

Attributes

CaptionNameTypeDescription
AlgorithmalgorithmString

The algorithm used by the underlying analytic to generate the finding.

CategorycategoryString

The analytic category.

DescriptiondescString

The description of the analytic that generated the finding.

NamenameString

The name of the analytic that generated the finding.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

StatestateString

The Analytic state.

State IDstate_idInteger

The Analytic state identifier.

  • 1: Active (ACTIVE)
  • 2: Suppressed (SUPPRESSED)
  • 3: Experimental (EXPERIMENTAL)
  • 0: Unknown (UNKNOWN)
  • 99: Other (OTHER)
TypetypeString

The analytic type.

Type IDtype_idInteger

The analytic type ID.

  • 0: Unknown (UNKNOWN)
  • 1: Rule (RULE)
  • 2: Behavioral (BEHAVIORAL)
  • 3: Statistical (STATISTICAL)
  • 4: Learning (ML/DL) (LEARNING_(ML/DL))
  • 5: Fingerprinting (FINGERPRINTING)
  • 6: Tagging (TAGGING)
  • 7: Keyword Match (KEYWORD_MATCH)
  • 8: Regular Expressions (REGULAR_EXPRESSIONS)
  • 9: Exact Data Match (EXACT_DATA_MATCH)
  • 10: Partial Data Match (PARTIAL_DATA_MATCH)
  • 11: Indexed Data Match (INDEXED_DATA_MATCH)
  • 99: Other (OTHER)
Unique IDuidString

The unique identifier of the analytic that generated the finding.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

VersionversionString

The analytic version. For example: 1.1.

Relationships

Analytic shown in context

Inbound Relationships

These objects and events reference Analytic in their attributes:

Outbound Relationships

Analytic references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 16 days ago