Policy
policy
The Policy object describes the policies that are applicable.
Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Data | data | JSON | Additional data about the policy such as the underlying JSON policy itself or other details. |
| Description | desc | String | The description of the policy. |
| Group | group | Group[] | The policy group. |
| Applied | is_applied | Boolean | A determination if the content of a policy was applied to a target or request, or not. |
| Name | name | String | The policy name. For example: |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Unique ID | uid | String | A unique identifier of the policy instance. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The policy version number. |
Relationships
Inbound Relationships
These objects and events reference Policy in their attributes:
- Kernel Object Query
- Web Resource Access Activity
- Email URL Activity
- Discovery
- Web Resources Activity
- Network Connection Query
- Kernel Activity
- Memory Activity
- Script Activity
- Authentication
- Group Management
- Software Inventory Info
- Unmanned Systems
- NTP Activity
- Job Query
- Registry Key Activity
- Authorize Session
- Agent
- Detection Finding
- User Session Query
- Module Query
- Scheduled Job Activity
- Device Inventory Info
- Process Remediation Activity
- Remediation Activity
- Network Remediation Activity
- User Access Management
- API Activity
- DHCP Activity
- Device Config State Change
- Drone Flights Activity
- Admin Group Query
- Security Finding
- Prefetch Query
- Email File Activity
- Networks Query
- Network Activity
- Network File Activity
- File System Activity
- Event Log Activity
- Compliance Finding
- Assessment
- File Query
- User Inventory Info
- File Remediation Activity
- Application Activity
- HTTP Activity
- Module Activity
- Application Lifecycle
- Datastore Activity
- FTP Activity
- Base Event
- Vulnerability Finding
- Cloud Resources Inventory Info
- Registry Value Query
- Data Classification
- Tunnel Activity
- Network
- Windows Resource Activity
- Peripheral Device Query
- Airborne Broadcast Activity
- Process Activity
- Device Config State
- Kernel Extension Activity
- User Query
- System Activity
- Email Activity
- Operating System Patch State
- RDP Activity
- Application Error
- Startup Item Query
- Registry Key Query
- Service Query
- Entity Management
- DNS Activity
- Registry Value Activity
- Process Query
- Data Security Finding
- File Hosting Activity
- Folder Query
- SMB Activity
- Finding
- Incident Finding
- Data Security
- Managed Entity
- Windows Service Activity
- Authorization Result
- Scan Activity
- SSH Activity
- Account Change
- Identity & Access Management
- Discovery Result
- OSINT Inventory Info
Outbound Relationships
Policy references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 16 days ago