Reputation
The Reputation object describes the reputation/risk score of an entity (e.g. device, user, domain).
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Reputation Score | base_score |
Float | The reputation score as reported by the event source. |
Provider | provider |
String | The provider of the reputation information. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Reputation Score | raw_score |
Float |
The reputation score as reported by the event source.
|
Record ID | record_id |
String | Unique identifier for the object |
Reputation Score | score |
String | The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source. |
Reputation Score ID | score_id |
Integer |
The normalized reputation score identifier.
|
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Reputation in their attributes:
- Base Threat Intelligence
- Endpoint
- Threat Intelligence
- Network Proxy Endpoint
- File Threat Intelligence
- Network Endpoint
- URL Threat Intelligence
- Domain Threat Intelligence
- Network Interface
- IP Threat Intelligence
- Uniform Resource Locator
- Enrichment
- Device
- Observable
Outbound Relationships
Reputation references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago