Policy
The Policy object describes the policies that are applicable.
Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Description | desc |
String | The description of the policy. |
Effective Date | effective_time |
Timestamp |
The date and time that the specific policy and rule was applied and became operational.
|
Group | group |
Group[] | The policy group. |
Applied | is_applied |
Boolean | A determination if the content of a policy was applied to a target or request, or not. |
Label | label |
String |
The label set for the policy.
|
Name | name |
String |
The policy name. For example: IAM Policy .
|
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Rule | rule |
Rule[] |
The primary rule that triggered the policy event.
|
Rules | rules |
Rule[] |
Additional rules that triggered the policy event.
|
Type | type |
String |
The type of the policy.
|
Type ID | type_id |
Integer |
The policy type identifier; one of:
|
Unique ID | uid |
String | A unique identifier of the policy instance. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Version | version |
String | The policy version number. |
Relationships
Inbound Relationships
These objects and events reference Policy in their attributes:
- Account Change
- Agent
- Authorization Result
- Scan Activity
- Data Security
- Data Classification
- Managed Entity
Outbound Relationships
Policy references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago