Resource Details
resource_details
The Resource Details object describes details about resources that were affected by the activity/event.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Agent List | agent_list |
Agent[] |
A list of agent objects associated with a device, endpoint, or resource.
|
API Details | api |
API[] |
Group:context Describes details about a typical API (Application Programming Interface) call. |
Cloud | cloud |
Cloud[] |
Group:primary Describes details about the Cloud environment where the event was originally created or logged. |
Cloud Partition | cloud_partition |
String | The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov). |
Criticality | criticality |
String | The criticality of the resource as defined by the event source. |
Data | data |
JSON | Additional data describing the resource. |
Data Classification | data_classification |
Data Classification[] |
Group:context The Data Classification object includes information about data classification levels and data category types.
|
Data Classification | data_classifications |
Data Classification[] |
Group:context A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier. |
Group | group |
Group[] | The name of the related resource group. |
Hostname | hostname |
Hostname |
Entity:HOSTNAME The fully qualified name of the resource. |
IP Address | ip |
IP Address |
Entity:IP_ADDRESS The IP address of the resource, in either IPv4 or IPv6 format. |
Back Ups Configured | is_backed_up |
Boolean |
Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
|
Labels | labels |
String[] | The list of labels associated to the resource. |
Name | name |
String |
Entity:RESOURCE_DETAILS_OBJECT_NAME The name of the resource. |
Namespace | namespace |
String | The namespace is useful when similar entities exist that you need to keep separate. |
Owner | owner |
User[] |
Entity:USER The identity of the service or user account that owns the resource. |
Raw Data | raw_data |
JSON |
Group:context The event data as received from the event source. |
Record ID | record_id |
String |
Group:primary Unique identifier for the object |
Region | region |
String | The cloud region of the resource. |
Tags | tags |
Key:Value object[] |
The list of tags; {key:value} pairs associated to the resource.
|
Type | type |
String | The resource type as defined by the event source. |
Unique ID | uid |
Resource UID |
Entity:RESOURCE_UID The unique identifier of the resource. |
Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Version | version |
String |
The version of the resource. For example 1.2.3 .
|
Relationships
Inbound Relationships
These objects and events reference Resource Details in their attributes:
- API Activity
- Vulnerability Finding
- Cloud Resources Inventory Info
- Detection Finding
- Evidence Artifacts
- Data Security Finding
- Group Management
- Compliance Finding
- User Access Management
Outbound Relationships
Resource Details references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 8 days ago