policy

The Policy object describes the policies that are applicable.

Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.

Attributes

CaptionNameTypeDescription
Data data JSON Additional data about the policy such as the underlying JSON policy itself or other details.
Description desc String The description of the policy.
Group group Group[] The policy group.
Applied is_applied Boolean A determination if the content of a policy was applied to a target or request, or not.
Name name String The policy name. For example: IAM Policy.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Unique ID uid String A unique identifier of the policy instance.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Version version String The policy version number.

Relationships

Policy shown in context

Inbound Relationships

These objects and events reference Policy in their attributes:

Outbound Relationships

Policy references the following objects and events in its attributes:

This page describes ocsf-1.4.0