Databucket

databucket

The databucket object is a basic container that holds data, typically organized through the use of data partitions.

Attributes

Caption	Name	Type	Description
Agent List	`agent_list`	Agent[]	A list of `agent` objects associated with a device, endpoint, or resource.
API Details	`api`	API[]	Group:`context` Describes details about a typical API (Application Programming Interface) call.
Cloud	`cloud`	Cloud[]	Group:`primary` Describes details about the Cloud environment where the event was originally created or logged.
Cloud Partition	`cloud_partition`	String	The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).
Created Time	`created_time`	Timestamp	The time when the databucket was known to have been created.
Criticality	`criticality`	String	The criticality of the resource as defined by the event source.
Data	`data`	JSON	Additional data describing the resource.
Data Classification	`data_classification`	Data Classification[]	Group:`context` The Data Classification object includes information about data classification levels and data category types. 🚧 WARNING: DEPRECATED Data Classification has been deprecated since 1.4.0. Use the attribute `data_classifications` instead
Data Classification	`data_classifications`	Data Classification[]	Group:`context` A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
Description	`desc`	String	The description of the databucket.
Encryption Details	`encryption_details`	Encryption Details[]	The encryption details of the databucket. Should be populated if the databucket is encrypted.
File	`file`	File[]	Entity:`FILE` Details about the file/object within a databucket.
Group	`group`	Group[]	The name of the related resource group.
Groups	`groups`	Group[]	The group names to which the databucket belongs.
Hostname	`hostname`	Hostname	Entity:`HOSTNAME` The fully qualified name of the resource.
IP Address	`ip`	IP Address	Entity:`IP_ADDRESS` The IP address of the resource, in either IPv4 or IPv6 format.
Back Ups Configured	`is_backed_up`	Boolean	Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the `cloudBackupEnabled` value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
Encrypted	`is_encrypted`	Boolean	Indicates if the databucket is encrypted.
Public	`is_public`	Boolean	Indicates if the databucket is publicly accessible.
Labels	`labels`	String[]	The list of labels associated to the resource.
Modified Time	`modified_time`	Timestamp	The most recent time when any changes, updates, or modifications were made within the databucket.
Name	`name`	String	The databucket name.
Namespace	`namespace`	String	The namespace is useful when similar entities exist that you need to keep separate.
Owner	`owner`	User[]	Entity:`USER` The identity of the service or user account that owns the resource.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Region	`region`	String	The cloud region of the resource.
Size	`size`	Long	The size of the databucket in bytes.
Tags	`tags`	Key:Value object[]	The list of tags; `{key:value}` pairs associated to the resource.
Type	`type`	String	The databucket type.
Type ID	`type_id`	Integer	The normalized identifier of the databucket type. `0`: Unknown (`UNKNOWN`) `1`: S3 (`S3`) `2`: Azure Blob (`AZURE_BLOB`) `3`: GCP Bucket (`GCP_BUCKET`) `99`: Other (`OTHER`)
Unique ID	`uid`	Resource UID	Entity:`RESOURCE_UID` The unique identifier of the databucket.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Version	`version`	String	The version of the resource. For example `1.2.3`.

Relationships

Inbound Relationships

These objects and events reference Databucket in their attributes:

Outbound Relationships

Databucket references the following objects and events in its attributes:

This page describes ocsf-1.4.0