Resource Details
resource_details
The Resource Details object describes details about resources that were affected by the activity/event.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Agent List | agent_list |
Agent[] |
A list of agent objects associated with a device, endpoint, or resource.
|
| API Details | api |
API[] |
Group:contextDescribes details about a typical API (Application Programming Interface) call. |
| Cloud | cloud |
Cloud[] |
Group:primaryDescribes details about the Cloud environment where the event was originally created or logged. |
| Cloud Partition | cloud_partition |
String | The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov). |
| Criticality | criticality |
String | The criticality of the resource as defined by the event source. |
| Data | data |
JSON | Additional data describing the resource. |
| Data Classification | data_classification |
Data Classification[] |
Group:contextThe Data Classification object includes information about data classification levels and data category types.
|
| Data Classification | data_classifications |
Data Classification[] |
Group:contextA list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier. |
| Group | group |
Group[] | The name of the related resource group. |
| Hostname | hostname |
Hostname |
Entity:HOSTNAMEThe fully qualified name of the resource. |
| IP Address | ip |
IP Address |
Entity:IP_ADDRESSThe IP address of the resource, in either IPv4 or IPv6 format. |
| Back Ups Configured | is_backed_up |
Boolean |
Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
|
| Labels | labels |
String[] | The list of labels associated to the resource. |
| Name | name |
String |
Entity:RESOURCE_DETAILS_OBJECT_NAMEThe name of the resource. |
| Namespace | namespace |
String | The namespace is useful when similar entities exist that you need to keep separate. |
| Owner | owner |
User[] |
Entity:USERThe identity of the service or user account that owns the resource. |
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Region | region |
String | The cloud region of the resource. |
| Tags | tags |
Key:Value object[] |
The list of tags; {key:value} pairs associated to the resource.
|
| Type | type |
String | The resource type as defined by the event source. |
| Unique ID | uid |
Resource UID |
Entity:RESOURCE_UIDThe unique identifier of the resource. |
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version |
String |
The version of the resource. For example 1.2.3.
|
Relationships
Inbound Relationships
These objects and events reference Resource Details in their attributes:
- API Activity
- Vulnerability Finding
- Cloud Resources Inventory Info
- Detection Finding
- Evidence Artifacts
- Data Security Finding
- Group Management
- Compliance Finding
- User Access Management
Outbound Relationships
Resource Details references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 8 days ago