Guides

Reputation

Suggest Edits

reputation

The Reputation object describes the reputation/risk score of an entity (e.g. device, user, domain).

Attributes

CaptionNameTypeDescription
Reputation Score base_score Float The reputation score as reported by the event source.
Provider provider String The provider of the reputation information.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Reputation Score score String The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source.
Reputation Score ID score_id Integer The normalized reputation score identifier.
  • 0: Unknown (UNKNOWN)
  • 1: Very Safe (VERY_SAFE)
  • 10: Malicious (MALICIOUS)
  • 2: Safe (SAFE)
  • 3: Probably Safe (PROBABLY_SAFE)
  • 4: Leans Safe (LEANS_SAFE)
  • 5: May not be Safe (MAY_NOT_BE_SAFE)
  • 6: Exercise Caution (EXERCISE_CAUTION)
  • 7: Suspicious/Risky (SUSPICIOUS/RISKY)
  • 8: Possibly Malicious (POSSIBLY_MALICIOUS)
  • 9: Probably Malicious (PROBABLY_MALICIOUS)
  • 99: Other (OTHER)
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Reputation shown in context

Inbound Relationships

These objects and events reference Reputation in their attributes:

Outbound Relationships

Reputation references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 8 days ago