Authorization Result

authorization

The Authorization Result object provides details about the authorization outcome and associated policies related to activity.

Attributes

Caption	Name	Type	Description
Authorization Decision/Outcome	`decision`	String	Authorization Result/outcome, e.g. allowed, denied.
Policy	`policy`	Policy[]	Details about the Identity/Access management policies that are applicable.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Authorization Result in their attributes:

Kernel Object Query
Web Resource Access Activity
Email URL Activity
Discovery
Web Resources Activity
Network Connection Query
Kernel Activity
Memory Activity
Script Activity
Authentication
Group Management
Software Inventory Info
Unmanned Systems
NTP Activity
Job Query
Registry Key Activity
Authorize Session
Detection Finding
User Session Query
Module Query
Scheduled Job Activity
Device Inventory Info
Process Remediation Activity
Remediation Activity
Actor
Network Remediation Activity
User Access Management
API Activity
DHCP Activity
Device Config State Change
Drone Flights Activity
Admin Group Query
Security Finding
Prefetch Query
Email File Activity
Networks Query
Network Activity
Network File Activity
File System Activity
Event Log Activity
Compliance Finding
File Query
User Inventory Info
File Remediation Activity
Application Activity
HTTP Activity
Module Activity
Application Lifecycle
Datastore Activity
FTP Activity
Base Event
Vulnerability Finding
Cloud Resources Inventory Info
Registry Value Query
Tunnel Activity
Network
Windows Resource Activity
Peripheral Device Query
Airborne Broadcast Activity
Process Activity
Device Config State
Kernel Extension Activity
User Query
System Activity
Email Activity
Operating System Patch State
RDP Activity
Application Error
Startup Item Query
Registry Key Query
Service Query
Entity Management
DNS Activity
Registry Value Activity
Process Query
Data Security Finding
File Hosting Activity
Folder Query
SMB Activity
Finding
Incident Finding
Windows Service Activity
Scan Activity
SSH Activity
Account Change
Identity & Access Management
Discovery Result
OSINT Inventory Info

Outbound Relationships

Authorization Result references the following objects and events in its attributes:

Policy
Unmapped

This page describes ocsf-1.4.0