Reputation

The Reputation object describes the reputation/risk score of an entity (e.g. device, user, domain).

Attributes

Caption	Name	Type	Description
Reputation Score	`base_score`	Float	The reputation score as reported by the event source.
Provider	`provider`	String	The provider of the reputation information.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Reputation Score	`raw_score`	Float	The reputation score as reported by the event source. 🚧 WARNING: DEPRECATED Reputation Score has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Record ID	`record_id`	String	Unique identifier for the object
Reputation Score	`score`	String	The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source.
Reputation Score ID	`score_id`	Integer	The normalized reputation score identifier. `0`: Unknown (`UNKNOWN`) `1`: Very Safe (`VERY_SAFE`) `10`: Malicious (`MALICIOUS`) `2`: Safe (`SAFE`) `3`: Probably Safe (`PROBABLY_SAFE`) `4`: Leans Safe (`LEANS_SAFE`) `5`: May not be Safe (`MAY_NOT_BE_SAFE`) `6`: Exercise Caution (`EXERCISE_CAUTION`) `7`: Suspicious/Risky (`SUSPICIOUS/RISKY`) `8`: Possibly Malicious (`POSSIBLY_MALICIOUS`) `9`: Probably Malicious (`PROBABLY_MALICIOUS`) `99`: Other (`OTHER`)
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

These objects and events reference Reputation in their attributes:

Reputation references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0