Policy
policy
The Policy object describes the policies that are applicable. Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Data | data | JSON | Additional data about the policy such as the underlying JSON policy itself or other details. |
| Description | desc | String | The description of the policy. |
| Group | group | Group[] | The policy group. |
| Applied | is_applied | Boolean | A determination if the content of a policy was applied to a target or request, or not. |
| Name | name | String | The policy name. For example: AdministratorAccess Policy. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Type | type | String | The policy type. For example: Identity Policy, Resource Policy, Service Control Policy, etc./code>. |
| Unique ID | uid | String | A unique identifier of the policy instance. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The policy version number. |
Relationships
Inbound Relationships
These objects and events reference Policy in their attributes:
- User Session Query
- SMB Activity
- Remediation Activity
- Base Event
- Datastore Activity
- Additional Restriction
- Permission Analysis Result
- Kernel Object Query
- Account Change
- Network Activity
- Software Inventory Info
- Networks Query
- Email File Activity
- Module Query
- Vulnerability Finding
- Live Evidence Info
- Tunnel Activity
- Startup Item Query
- File Remediation Activity
- Admin Group Query
- Job Query
- DHCP Activity
- Module Activity
- Process Query
- Memory Activity
- Entity Management
- Process Activity
- Managed Entity
- Process Remediation Activity
- Registry Key Activity
- Data Classification
- Registry Value Query
- Device Inventory Info
- Application Lifecycle
- Event Log Activity
- Registry Value Activity
- Kernel Activity
- OSINT Inventory Info
- File Query
- NTP Activity
- HTTP Activity
- User Query
- Authorize Session
- Prefetch Query
- File System Activity
- User Access Management
- Application Error
- Device Config State Change
- Data Security Finding
- Security Finding
- FTP Activity
- Registry Key Query
- User Inventory Info
- Application Security Posture Finding
- API Activity
- Assessment
- SSH Activity
- Agent
- Detection Finding
- Peripheral Device Query
- Windows Service Activity
- Web Resources Activity
- Authentication
- Network File Activity
- Group Management
- Network Connection Query
- IAM Analysis Finding
- Email URL Activity
- Incident Finding
- Drone Flights Activity
- Network Remediation Activity
- Operating System Patch State
- Scan Activity
- Kernel Extension Activity
- Device Config State
- Cloud Resources Inventory Info
- Folder Query
- Airborne Broadcast Activity
- DNS Activity
- Authorization Result
- Windows Resource Activity
- Email Activity
- File Hosting Activity
- Scheduled Job Activity
- RDP Activity
- Compliance Finding
- Web Resource Access Activity
- Data Security
- Script Activity
- Service Query
Outbound Relationships
Policy references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0