Managed Entity
The Managed Entity object describes the type and version of an entity, such as a user, device, or policy. For types in the type_id
enum list, an associated attribute should be populated. If the type of entity is not in the type_id
list, information can be put into the data
attribute and the type
attribute should identify the entity.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Data | data |
JSON | The managed entity content as a JSON object. |
Device | device |
Device[] | An addressable device, computer system or host. |
email |
Email[] | The email object. | |
Group | group |
Group[] | The group object associated with an entity such as user, policy, or rule. |
Name | name |
String | The name of the managed entity. |
Organization | org |
Organization[] | Organization and org unit relevant to the event or object. |
Policy | policy |
Policy[] | Describes details of a managed policy. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Type | type |
String |
The managed entity type. For example: policy , user , organizational unit , device .
|
Type ID | type_id |
Integer |
The type of the Managed Entity. It is recommended to also populate the type attribute with the associated label, or the source specific name if Other .
|
Unique ID | uid |
String | The identifier of the managed entity. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
User | user |
User[] | The user that pertains to the event or object. |
Version | version |
String |
The version of the managed entity. For example: 1.2.3 .
|
Relationships
Inbound Relationships
These objects and events reference Managed Entity in their attributes:
Outbound Relationships
Managed Entity references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago