Policy

policy

The Policy object describes the policies that are applicable. Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.

Attributes

CaptionNameTypeDescription
DatadataJSONAdditional data about the policy such as the underlying JSON policy itself or other details.
DescriptiondescStringThe description of the policy.
GroupgroupGroup[]The policy group.
Appliedis_appliedBooleanA determination if the content of a policy was applied to a target or request, or not.
NamenameStringThe policy name. For example: AdministratorAccess Policy.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
TypetypeStringThe policy type. For example: Identity Policy, Resource Policy, Service Control Policy, etc./code>.
Unique IDuidStringA unique identifier of the policy instance.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
VersionversionStringThe policy version number.

Relationships

Policy shown in context

Inbound Relationships

These objects and events reference Policy in their attributes:

Outbound Relationships

Policy references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0