Guides

Data Security

Suggest Edits

The Data Security object describes the characteristics, techniques and content of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data Classification, or similar tools' finding, alert, or detection mechanism(s).

Attributes

CaptionNameTypeDescription
Category category String The name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc.
Category ID category_id Integer The normalized identifier of the data classification category.
  • 0: Unknown (UNKNOWN)
  • 1: Personal (PERSONAL)
  • 2: Governmental (GOVERNMENTAL)
  • 3: Financial (FINANCIAL)
  • 4: Business (BUSINESS)
  • 5: Military and Law Enforcement (MILITARY_AND_LAW_ENFORCEMENT)
  • 6: Security (SECURITY)
  • 99: Other (OTHER)
Confidentiality confidentiality String The file content confidentiality, normalized to the confidentiality_id value. In the case of 'Other', it is defined by the event source.
Confidentiality ID confidentiality_id Integer The normalized identifier of the file content confidentiality indicator.
  • 0: Unknown (UNKNOWN)
  • 1: Not Confidential (NOT_CONFIDENTIAL)
  • 2: Confidential (CONFIDENTIAL)
  • 3: Secret (SECRET)
  • 4: Top Secret (TOP_SECRET)
  • 5: Private (PRIVATE)
  • 6: Restricted (RESTRICTED)
  • 99: Other (OTHER)
Data Lifecycle State data_lifecycle_state String The name of the stage or state that the data was in. E.g., Data-at-Rest, Data-in-Transit, etc.
Data Lifecycle State ID data_lifecycle_state_id Integer The stage or state that the data was in when it was assessed or scanned by a data security tool.
  • 0: Unknown (UNKNOWN)
  • 1: Data at-Rest (DATA_AT-REST)
  • 2: Data in-Transit (DATA_IN-TRANSIT)
  • 3: Data in-Use (DATA_IN-USE)
  • 99: Other (OTHER)
Data Type data_type String The name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc.

🚧 WARNING: DEPRECATED

Data Type has been deprecated since 1.2.0. Deprecated in upgrade from qdm-1.1.0 to qdm-1.2.0
Data Type ID data_type_id Integer The category or type of sensitive data as assessed or scanned by a data security tool (e.g., Personal, Govermental, Financial).

🚧 WARNING: DEPRECATED

Data Type ID has been deprecated since 1.2.0. Deprecated in upgrade from qdm-1.1.0 to qdm-1.2.0

  • 0: Unknown (UNKNOWN)
  • 1: Personal (PERSONAL)
  • 2: Governmental (GOVERNMENTAL)
  • 3: Financial (FINANCIAL)
  • 4: Business (BUSINESS)
  • 5: Military and Law Enforcement (MILITARY_AND_LAW_ENFORCEMENT)
  • 6: Security (SECURITY)
  • 99: Other (OTHER)
Detection Pattern detection_pattern String Specific pattern, algorithm, fingerpint, or model used for detection.
Detection System detection_system String The name of the type of data security tool or system that the finding, detection, or alert originated from. E.g., Endpoint, Secure Email Gateway, etc.
Detection System ID detection_system_id Integer The type of data security tool or system that the finding, detection, or alert originated from.
  • 0: Unknown (UNKNOWN)
  • 1: Endpoint (ENDPOINT)
  • 10: Application-Level DLP (APPLICATION-LEVEL_DLP)
  • 11: Developer Security (DEVELOPER_SECURITY)
  • 12: Data Security Posture Management (DATA_SECURITY_POSTURE_MANAGEMENT)
  • 2: DLP Gateway (DLP_GATEWAY)
  • 3: Mobile Device Management (MOBILE_DEVICE_MANAGEMENT)
  • 4: Data Discovery & Classification (DATA_DISCOVERY_&_CLASSIFICATION)
  • 5: Secure Web Gateway (SECURE_WEB_GATEWAY)
  • 6: Secure Email Gateway (SECURE_EMAIL_GATEWAY)
  • 7: Digital Rights Management (DIGITAL_RIGHTS_MANAGEMENT)
  • 8: Cloud Access Security Broker (CLOUD_ACCESS_SECURITY_BROKER)
  • 9: Database Activity Monitoring (DATABASE_ACTIVITY_MONITORING)
  • 99: Other (OTHER)
Pattern Match pattern_match String A text, binary, file name, or datastore that matched against a detection rule.
Policy policy Policy[] Details about the policy that triggered the finding.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Data Security shown in context

Inbound Relationships

These objects and events reference Data Security in their attributes:

Outbound Relationships

Data Security references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 2 months ago