Resource Details

resource_details

The Resource Details object describes details about resources that were affected by the activity/event.

Attributes

CaptionNameTypeDescription
Agent List agent_list Agent[] A list of agent objects associated with a device, endpoint, or resource.
API Details api API[] Group:context
Describes details about a typical API (Application Programming Interface) call.
Cloud cloud Cloud[] Group:primary
Describes details about the Cloud environment where the event was originally created or logged.
Cloud Partition cloud_partition String The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).
Criticality criticality String The criticality of the resource as defined by the event source.
Data data JSON Additional data describing the resource.
Data Classification data_classification Data Classification[] Group:context
The Data Classification object includes information about data classification levels and data category types.

🚧 WARNING: DEPRECATED

Data Classification has been deprecated since 1.4.0. Use the attribute data_classifications instead

Data Classification data_classifications Data Classification[] Group:context
A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
Group group Group[] The name of the related resource group.
Hostname hostname Hostname Entity:HOSTNAME
The fully qualified name of the resource.
IP Address ip IP Address Entity:IP_ADDRESS
The IP address of the resource, in either IPv4 or IPv6 format.
Back Ups Configured is_backed_up Boolean Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
Labels labels String[] The list of labels associated to the resource.
Name name String Entity:RESOURCE_DETAILS_OBJECT_NAME
The name of the resource.
Namespace namespace String The namespace is useful when similar entities exist that you need to keep separate.
Owner owner User[] Entity:USER
The identity of the service or user account that owns the resource.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Region region String The cloud region of the resource.
Tags tags Key:Value object[] The list of tags; {key:value} pairs associated to the resource.
Type type String The resource type as defined by the event source.
Unique ID uid Resource UID Entity:RESOURCE_UID
The unique identifier of the resource.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
Version version String The version of the resource. For example 1.2.3.

Relationships

Resource Details shown in context

Inbound Relationships

These objects and events reference Resource Details in their attributes:

Outbound Relationships

Resource Details references the following objects and events in its attributes:

This page describes ocsf-1.4.0