Data Security
The Data Security object describes the characteristics, techniques and content of a Data Loss Prevention (DLP), Data Loss Detection (DLD), Data Classification, or similar tools' finding, alert, or detection mechanism(s).
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Category | category |
String | The name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc. |
Category ID | category_id |
Integer |
The normalized identifier of the data classification category.
|
Confidentiality | confidentiality |
String | The file content confidentiality, normalized to the confidentiality_id value. In the case of 'Other', it is defined by the event source. |
Confidentiality ID | confidentiality_id |
Integer |
The normalized identifier of the file content confidentiality indicator.
|
Data Lifecycle State | data_lifecycle_state |
String | The name of the stage or state that the data was in. E.g., Data-at-Rest, Data-in-Transit, etc. |
Data Lifecycle State ID | data_lifecycle_state_id |
Integer |
The stage or state that the data was in when it was assessed or scanned by a data security tool.
|
Data Type | data_type |
String |
The name of the data classification category that data matched into, e.g. Financial, Personal, Governmental, etc.
|
Data Type ID | data_type_id |
Integer |
The category or type of sensitive data as assessed or scanned by a data security tool (e.g., Personal, Govermental, Financial).
|
Detection Pattern | detection_pattern |
String | Specific pattern, algorithm, fingerpint, or model used for detection. |
Detection System | detection_system |
String | The name of the type of data security tool or system that the finding, detection, or alert originated from. E.g., Endpoint, Secure Email Gateway, etc. |
Detection System ID | detection_system_id |
Integer |
The type of data security tool or system that the finding, detection, or alert originated from.
|
Pattern Match | pattern_match |
String | A text, binary, file name, or datastore that matched against a detection rule. |
Policy | policy |
Policy[] | Details about the policy that triggered the finding. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Data Security in their attributes:
Outbound Relationships
Data Security references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago