Managed Entity
managed_entity
The Managed Entity object describes the type and version of an entity, such as a user, device, or policy. For types in the type_id enum list, an associated attribute should be populated. If the type of entity is not in the type_id list, information can be put into the data attribute and the type attribute should identify the entity.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Data | data | JSON | The managed entity content as a JSON object. |
| Device | device | Device[] | An addressable device, computer system or host. |
email | Email[] | Entity: | |
| Group | group | Group[] | The group object associated with an entity such as user, policy, or rule. |
| Geo Location | location | Geo Location[] | Entity: |
| Name | name | String | The name of the managed entity. |
| Organization | org | Organization[] | Organization and org unit relevant to the event or object. |
| Policy | policy | Policy[] | Describes details of a managed policy. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Type | type | String | The managed entity type. For example: |
| Type ID | type_id | Integer | The type of the Managed Entity. It is recommended to also populate the
|
| Unique ID | uid | String | The identifier of the managed entity. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| User | user | User[] | Entity: |
| Version | version | String | The version of the managed entity. For example: |
Relationships
Inbound Relationships
These objects and events reference Managed Entity in their attributes:
Outbound Relationships
Managed Entity references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 9 days ago