Managed Entity
managed_entity
The Managed Entity object describes the type and version of an entity, such as a user, device, or policy. For types in the type_id enum list, an associated attribute should be populated. If the type of entity is not in the type_id list, information can be put into the data attribute and the type attribute should identify the entity.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Data | data |
JSON | The managed entity content as a JSON object. |
| Device | device |
Device[] | An addressable device, computer system or host. |
email |
Email[] |
Entity:EMAILThe email object. |
|
| Group | group |
Group[] | The group object associated with an entity such as user, policy, or rule. |
| Geo Location | location |
Geo Location[] |
Entity:GEO_LOCATIONThe detailed geographical location usually associated with an IP address. |
| Name | name |
String | The name of the managed entity. |
| Organization | org |
Organization[] | Organization and org unit relevant to the event or object. |
| Policy | policy |
Policy[] | Describes details of a managed policy. |
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Type | type |
String |
The managed entity type. For example: policy, user, organizational unit, device.
|
| Type ID | type_id |
Integer |
The type of the Managed Entity. It is recommended to also populate the type attribute with the associated label, or the source specific name if Other.
|
| Unique ID | uid |
String | The identifier of the managed entity. |
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
| User | user |
User[] |
Entity:USERThe user that pertains to the event or object. |
| Version | version |
String |
The version of the managed entity. For example: 1.2.3.
|
Relationships
Inbound Relationships
These objects and events reference Managed Entity in their attributes:
Outbound Relationships
Managed Entity references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 3 days ago