Logger
logger
The Logger object represents the device and product where events are stored with times for receipt and transmission. This may be at the source device where the event occurred, a remote scanning device, intermediate hops, or the ultimate destination.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Device | device | Device[] | The device where the events are logged. |
| Event UID | event_uid | String | The unique identifier of the event assigned by the logger. |
| Log Level | log_level | String | The audit level at which an event was generated. |
| Log Name | log_name | String | The event log name. For example, syslog file name or Windows logging subsystem: Security. |
| Log Provider | log_provider | String | The logging provider or logging service that logged the event. For example, Microsoft-Windows-Security-Auditing. |
| Log Version | log_version | String | The event log schema version that specifies the format of the original event. For example syslog version or Cisco Log Schema Version. |
| Logged Time | logged_time | Timestamp | The time when the logging system collected and logged the event. This attribute is distinct from the event time in that event time typically contain the time extracted from the original event. Most of the time, these two times will be different. |
| Name | name | String | The name of the logging product instance. |
| Product | product | Product[] | The product logging the event. This may be the event source product, a management server product, a scanning product, a SIEM, etc. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Transmission Time | transmit_time | Timestamp | The time when the event was transmitted from the logging device to it's next destination. |
| Unique ID | uid | String | The unique identifier of the logging product instance. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The version of the logging product. |
Relationships
Inbound Relationships
These objects and events reference Logger in their attributes:
Outbound Relationships
Logger references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago