Related Event

The Related Event object describes an OCSF event related to a finding.

Attributes

CaptionNameTypeDescription
MITRE ATT&CK® Details attacks MITRE ATT&CK®[] An array of MITRE ATT&CK® objects describing the tactics, techniques & sub-techniques identified by a security control or finding.
Kill Chain kill_chain Kill Chain Phase[] The Cyber Kill Chain® provides a detailed description of each phase and its associated activities within the broader context of a cyber attack.
Observables observables Observable[] The observables associated with the event or a finding.
Product Identifier product_uid String The unique identifier of the product that reported the related event.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Type type String The type of the related event, as defined by type_uid.

For example: Process Activity: Launch.

🚧 WARNING: DEPRECATED

Type has been deprecated since 1.2.0. Use type_name attribute instead.

Type Name type_name String The type of the related OCSF event, as defined by type_uid.

For example: Process Activity: Launch.

Type ID type_uid Long The unique identifier of the related OCSF event type.

For example: 100701.

Unique ID uid String The unique identifier of the related OCSF event. This value must be equal to metadata.uid in the corresponding related event.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Related Event shown in context

Inbound Relationships

These objects and events reference Related Event in their attributes:

Outbound Relationships

Related Event references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0