Data Security
data_security
The Data Security object describes the characteristics, techniques and content of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data Classification, or similar tools' finding, alert, or detection mechanism(s).
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Category | category |
String | The name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc. |
Category ID | category_id |
Integer |
The normalized identifier of the data classification category.
|
Classifier Details | classifier_details |
Classifier Details[] | Describes details about the classifier used for data classification. |
Confidentiality | confidentiality |
String | The file content confidentiality, normalized to the confidentiality_id value. In the case of 'Other', it is defined by the event source. |
Confidentiality ID | confidentiality_id |
Integer |
The normalized identifier of the file content confidentiality indicator.
|
Data Lifecycle State | data_lifecycle_state |
String | The name of the stage or state that the data was in. E.g., Data-at-Rest, Data-in-Transit, etc. |
Data Lifecycle State ID | data_lifecycle_state_id |
Integer |
The stage or state that the data was in when it was assessed or scanned by a data security tool.
|
Detection Pattern | detection_pattern |
String | Specific pattern, algorithm, fingerprint, or model used for detection. |
Detection System | detection_system |
String | The name of the type of data security tool or system that the finding, detection, or alert originated from. E.g., Endpoint, Secure Email Gateway, etc. |
Detection System ID | detection_system_id |
Integer |
The type of data security tool or system that the finding, detection, or alert originated from.
|
Discovery Details | discovery_details |
Discovery Details[] | Details about the data discovered by classification job. |
Pattern Match | pattern_match |
String | A text, binary, file name, or datastore that matched against a detection rule. |
Policy | policy |
Policy[] | Details about the policy that triggered the finding. |
Raw Data | raw_data |
JSON |
Group:context The event data as received from the event source. |
Record ID | record_id |
String |
Group:primary Unique identifier for the object |
Size | size |
Long | Size of the data classified. |
Source URL | src_url |
URL String |
Entity:URL_STRING The source URL pointing towards the full classifcation job details. |
Status | status |
String |
The resultant status of the classification job normalized to the caption of the status_id value. In the case of 'Other', it is defined by the event source.
|
Status Details | status_details |
String[] |
The contextual description of the status, status_id value.
|
Status ID | status_id |
Integer |
The normalized status identifier of the classification job.
|
Total | total |
Integer | The total count of discovered entities, by the classification job. |
Unique ID | uid |
String | The unique identifier of the classification job. |
Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Data Security in their attributes:
Outbound Relationships
Data Security references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 3 days ago