Reputation

reputation

The Reputation object describes the reputation/risk score of an entity (e.g. device, user, domain).

Attributes

CaptionNameTypeDescription
Reputation Scorebase_scoreFloat

The reputation score as reported by the event source.

ProviderproviderString

The provider of the reputation information.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Reputation ScorescoreString

The reputation score, normalized to the caption of the score_id value. In the case of 'Other', it is defined by the event source.

Reputation Score IDscore_idInteger

The normalized reputation score identifier.

  • 0: Unknown (UNKNOWN)
  • 1: Very Safe (VERY_SAFE)
  • 10: Malicious (MALICIOUS)
  • 2: Safe (SAFE)
  • 3: Probably Safe (PROBABLY_SAFE)
  • 4: Leans Safe (LEANS_SAFE)
  • 5: May not be Safe (MAY_NOT_BE_SAFE)
  • 6: Exercise Caution (EXERCISE_CAUTION)
  • 7: Suspicious/Risky (SUSPICIOUS/RISKY)
  • 8: Possibly Malicious (POSSIBLY_MALICIOUS)
  • 9: Probably Malicious (PROBABLY_MALICIOUS)
  • 99: Other (OTHER)
UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Reputation shown in context

Inbound Relationships

These objects and events reference Reputation in their attributes:

Outbound Relationships

Reputation references the following objects and events in its attributes:

This page describes ocsf-1.4.0