Resource Details

resource_details

The Resource Details object describes details about resources that were affected by the activity/event.

Attributes

CaptionNameTypeDescription
Agent Listagent_listAgent[]

A list of agent objects associated with a device, endpoint, or resource.

API DetailsapiAPI[]

Group:context
Describes details about a typical API (Application Programming Interface) call.

CloudcloudCloud[]

Group:primary
Describes details about the Cloud environment where the event was originally created or logged.

Cloud Partitioncloud_partitionString

The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).

CriticalitycriticalityString

The criticality of the resource as defined by the event source.

DatadataJSON

Additional data describing the resource.

Data Classificationdata_classificationData Classification[]

Group:context
The Data Classification object includes information about data classification levels and data category types.

🚧 WARNING: DEPRECATED

Data Classification has been deprecated since 1.4.0. Use the attribute data_classifications instead

Data Classificationdata_classificationsData Classification[]

Group:context
A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.

GroupgroupGroup[]

The name of the related resource group.

HostnamehostnameHostname

Entity:HOSTNAME
The fully qualified name of the resource.

IP AddressipIP Address

Entity:IP_ADDRESS
The IP address of the resource, in either IPv4 or IPv6 format.

Back Ups Configuredis_backed_upBoolean

Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.

LabelslabelsString[]

The list of labels associated to the resource.

NamenameString

Entity:RESOURCE_DETAILS_OBJECT_NAME
The name of the resource.

NamespacenamespaceString

The namespace is useful when similar entities exist that you need to keep separate.

OwnerownerUser[]

Entity:USER
The identity of the service or user account that owns the resource.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

RegionregionString

The cloud region of the resource.

TagstagsKey:Value object[]

The list of tags; {key:value} pairs associated to the resource.

TypetypeString

The resource type as defined by the event source.

Unique IDuidResource UID

Entity:RESOURCE_UID
The unique identifier of the resource.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

VersionversionString

The version of the resource. For example 1.2.3.

Relationships

Resource Details shown in context

Inbound Relationships

These objects and events reference Resource Details in their attributes:

Outbound Relationships

Resource Details references the following objects and events in its attributes:

This page describes ocsf-1.4.0