Policy

policy

The Policy object describes the policies that are applicable.

Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.

Attributes

CaptionNameTypeDescription
DatadataJSON

Additional data about the policy such as the underlying JSON policy itself or other details.

DescriptiondescString

The description of the policy.

GroupgroupGroup[]

The policy group.

Appliedis_appliedBoolean

A determination if the content of a policy was applied to a target or request, or not.

NamenameString

The policy name. For example: IAM Policy.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Unique IDuidString

A unique identifier of the policy instance.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

VersionversionString

The policy version number.

Relationships

Policy shown in context

Inbound Relationships

These objects and events reference Policy in their attributes:

Outbound Relationships

Policy references the following objects and events in its attributes:

This page describes ocsf-1.4.0