Data Security

data_security

The Data Security object describes the characteristics, techniques and content of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data Classification, or similar tools' finding, alert, or detection mechanism(s).

Attributes

CaptionNameTypeDescription
CategorycategoryStringThe name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc.
Category IDcategory_idIntegerThe normalized identifier of the data classification category.
  • 0: Unknown (UNKNOWN)
  • 1: Personal (PERSONAL)
  • 2: Governmental (GOVERNMENTAL)
  • 3: Financial (FINANCIAL)
  • 4: Business (BUSINESS)
  • 5: Military and Law Enforcement (MILITARY_AND_LAW_ENFORCEMENT)
  • 6: Security (SECURITY)
  • 99: Other (OTHER)
Classifier Detailsclassifier_detailsClassifier Details[]Describes details about the classifier used for data classification.
ConfidentialityconfidentialityStringThe file content confidentiality, normalized to the confidentiality_id value. In the case of 'Other', it is defined by the event source.
Confidentiality IDconfidentiality_idIntegerThe normalized identifier of the file content confidentiality indicator.
  • 0: Unknown (UNKNOWN)
  • 1: Not Confidential (NOT_CONFIDENTIAL)
  • 2: Confidential (CONFIDENTIAL)
  • 3: Secret (SECRET)
  • 4: Top Secret (TOP_SECRET)
  • 5: Private (PRIVATE)
  • 6: Restricted (RESTRICTED)
  • 99: Other (OTHER)
Data Lifecycle Statedata_lifecycle_stateStringThe name of the stage or state that the data was in. E.g., Data-at-Rest, Data-in-Transit, etc.
Data Lifecycle State IDdata_lifecycle_state_idIntegerThe stage or state that the data was in when it was assessed or scanned by a data security tool.
  • 0: Unknown (UNKNOWN)
  • 1: Data at-Rest (DATA_AT_REST)
  • 2: Data in-Transit (DATA_IN_TRANSIT)
  • 3: Data in-Use (DATA_IN_USE)
  • 99: Other (OTHER)
Detection Patterndetection_patternStringSpecific pattern, algorithm, fingerprint, or model used for detection.
Detection Systemdetection_systemStringThe name of the type of data security tool or system that the finding, detection, or alert originated from. E.g., Endpoint, Secure Email Gateway, etc.
Detection System IDdetection_system_idIntegerThe type of data security tool or system that the finding, detection, or alert originated from.
  • 0: Unknown (UNKNOWN)
  • 1: Endpoint (ENDPOINT)
  • 2: DLP Gateway (DLP_GATEWAY)
  • 3: Mobile Device Management (MOBILE_DEVICE_MANAGEMENT)
  • 4: Data Discovery & Classification (DATA_DISCOVERY_AND_CLASSIFICATION)
  • 5: Secure Web Gateway (SECURE_WEB_GATEWAY)
  • 6: Secure Email Gateway (SECURE_EMAIL_GATEWAY)
  • 7: Digital Rights Management (DIGITAL_RIGHTS_MANAGEMENT)
  • 8: Cloud Access Security Broker (CLOUD_ACCESS_SECURITY_BROKER)
  • 9: Database Activity Monitoring (DATABASE_ACTIVITY_MONITORING)
  • 10: Application-Level DLP (APPLICATION_LEVEL_DLP)
  • 11: Developer Security (DEVELOPER_SECURITY)
  • 12: Data Security Posture Management (DATA_SECURITY_POSTURE_MANAGEMENT)
  • 99: Other (OTHER)
Discovery Detailsdiscovery_detailsDiscovery Details[]Details about the data discovered by classification job.
Pattern Matchpattern_matchStringA text, binary, file name, or datastore that matched against a detection rule.
PolicypolicyPolicy[]Details about the policy that triggered the finding.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
SizesizeLongSize of the data classified.
Source URLsrc_urlURL StringEntity:URL_STRING

The source URL pointing towards the full classification job details.
StatusstatusStringThe resultant status of the classification job normalized to the caption of the status_id value. In the case of 'Other', it is defined by the event source.
Status Detailsstatus_detailsString[]The contextual description of the status, status_id value.
Status IDstatus_idIntegerThe normalized status identifier of the classification job.
  • 0: Unknown (UNKNOWN)
  • 1: Complete (COMPLETE)
  • 2: Partial (PARTIAL)
  • 3: Fail (FAIL)
  • 99: Other (OTHER)
TotaltotalIntegerThe total count of discovered entities, by the classification job.
Unique IDuidStringThe unique identifier of the classification job.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Data Security shown in context

Inbound Relationships

These objects and events reference Data Security in their attributes:

Outbound Relationships

Data Security references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0


Did this page help you?