Reputation

reputation

The Reputation object describes the reputation/risk score of an entity (e.g. device, user, domain).

Attributes

Caption	Name	Type	Description
Reputation Score	`base_score`	Float	The reputation score as reported by the event source.
Provider	`provider`	String	The provider of the reputation information.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Reputation Score	`score`	String	The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source.
Reputation Score ID	`score_id`	Integer	The normalized reputation score identifier. `0`: Unknown (`UNKNOWN`) `1`: Very Safe (`VERY_SAFE`) `10`: Malicious (`MALICIOUS`) `2`: Safe (`SAFE`) `3`: Probably Safe (`PROBABLY_SAFE`) `4`: Leans Safe (`LEANS_SAFE`) `5`: May not be Safe (`MAY_NOT_BE_SAFE`) `6`: Exercise Caution (`EXERCISE_CAUTION`) `7`: Suspicious/Risky (`SUSPICIOUS/RISKY`) `8`: Possibly Malicious (`POSSIBLY_MALICIOUS`) `9`: Probably Malicious (`PROBABLY_MALICIOUS`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Reputation in their attributes:

Reputation references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 15 days ago