Policy
policy
The Policy object describes the policies that are applicable. Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Data | data | JSON | Additional data about the policy such as the underlying JSON policy itself or other details. |
| Description | desc | String | The description of the policy. |
| Group | group | Group[] | The policy group. |
| Applied | is_applied | Boolean | A determination if the content of a policy was applied to a target or request, or not. |
| Name | name | String | The policy name. For example: AdministratorAccess Policy. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Type | type | String | The policy type. For example: Identity Policy, Resource Policy, Service Control Policy, etc./code>. |
| Unique ID | uid | String | A unique identifier of the policy instance. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The policy version number. |
Relationships
Inbound Relationships
These objects and events reference Policy in their attributes:
- FTP Activity
- Web Resource Access Activity
- Scan Activity
- Email File Activity
- File System Activity
- Device Config State Change
- User Inventory Info
- Module Query
- Kernel Activity
- IAM Analysis Finding
- Base Event
- SSH Activity
- Group Management
- Registry Value Query
- Data Security Finding
- Email Activity
- File Remediation Activity
- Module Activity
- Managed Entity
- Windows Service Activity
- Device Inventory Info
- File Hosting Activity
- Assessment
- Permission Analysis Result
- Authorize Session
- Registry Value Activity
- Application Lifecycle
- DNS Activity
- Account Change
- Airborne Broadcast Activity
- Operating System Patch State
- Incident Finding
- Drone Flights Activity
- DHCP Activity
- Agent
- Remediation Activity
- Kernel Extension Activity
- User Session Query
- Additional Restriction
- Cloud Resources Inventory Info
- Web Resources Activity
- Script Activity
- File Query
- Detection Finding
- Process Query
- OSINT Inventory Info
- Compliance Finding
- Network Activity
- Entity Management
- Vulnerability Finding
- Admin Group Query
- RDP Activity
- Peripheral Device Query
- Network Connection Query
- Windows Resource Activity
- Application Security Posture Finding
- Live Evidence Info
- Authorization Result
- Registry Key Activity
- Authentication
- Application Error
- Folder Query
- Datastore Activity
- Tunnel Activity
- Process Remediation Activity
- NTP Activity
- Event Log Activity
- Scheduled Job Activity
- Prefetch Query
- Process Activity
- Memory Activity
- Startup Item Query
- Network File Activity
- Security Finding
- Registry Key Query
- Kernel Object Query
- User Access Management
- Service Query
- Job Query
- API Activity
- HTTP Activity
- Data Classification
- Data Security
- Device Config State
- Email URL Activity
- Network Remediation Activity
- Networks Query
- Software Inventory Info
- User Query
- SMB Activity
Outbound Relationships
Policy references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 22 days ago