Resource Details

resource_details

The Resource Details object describes details about resources that were affected by the activity/event.

Attributes

Caption	Name	Type	Description
Agent List	`agent_list`	Agent[]	A list of agent objects associated with a device, endpoint, or resource.
Cloud Partition	`cloud_partition`	String	The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).
Created Time	`created_time`	Timestamp	The time when the resource was created.
Criticality	`criticality`	String	The criticality of the resource as defined by the event source.
Data	`data`	JSON	Additional data describing the resource.
Data Classification	`data_classification`	Data Classification[]	Group:`context` The Data Classification object includes information about data classification levels and data category types. 🚧 WARNING: DEPRECATED Data Classification has been deprecated since 1.4.0. Use the attribute data_classifications instead
Data Classification	`data_classifications`	Data Classification[]	Group:`context` A list of Data Classification objects, that include information about data classification levels and data category types, identified by a classifier.
Group	`group`	Group[]	The name of the related resource group.
Hostname	`hostname`	Hostname	Entity:`HOSTNAME` The fully qualified name of the resource.
IP Address	`ip`	IP Address	Entity:`IP_ADDRESS` The IP address of the resource, in either IPv4 or IPv6 format.
Back Ups Configured	`is_backed_up`	Boolean	Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
Labels	`labels`	String[]	The list of labels associated to the resource.
Modified Time	`modified_time`	Timestamp	The time when the resource was last modified.
Name	`name`	String	Entity:`RESOURCE_DETAILS_OBJECT_NAME` The name of the resource.
Namespace	`namespace`	String	The namespace is useful when similar entities exist that you need to keep separate.
Owner	`owner`	User[]	Entity:`USER` The identity of the service or user account that owns the resource.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Region	`region`	String	The cloud region of the resource.
Resource Relationship	`resource_relationship`	Graph[]	A graph representation showing how this resource relates to and interacts with other entities in the environment. This can include parent/child relationships, dependencies, or other connections.
Role	`role`	String	The role of the resource in the context of the event or finding, normalized to the caption of the role_id value. In the case of 'Other', it is defined by the event source.
Role ID	`role_id`	Integer	The normalized identifier of the resource's role in the context of the event or finding. `1`: Target (`TARGET`) `2`: Actor (`ACTOR`) `3`: Affected (`AFFECTED`) `4`: Related (`RELATED`) `0`: Unknown (`UNKNOWN`) `99`: Other (`OTHER`)
Tags	`tags`	Key:Value object[]	The list of tags; key:value pairs associated to the resource.
Type	`type`	String	The resource type as defined by the event source.
Unique ID	`uid`	Resource UID	Entity:`RESOURCE_UID` The unique identifier of the resource.
Alternate ID	`uid_alt`	Resource UID	Entity:`RESOURCE_UID` The alternative unique identifier of the resource.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Version	`version`	String	The version of the resource. For example 1.2.3.
Cloud Availability Zone	`zone`	String	The specific availability zone within a cloud region where the resource is located.

Relationships

Inbound Relationships

These objects and events reference Resource Details in their attributes:

Outbound Relationships

Resource Details references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0