Resource Details

resource_details

The Resource Details object describes details about resources that were affected by the activity/event.

Attributes

Caption	Name	Type	Description
Agent List	`agent_list`	Agent[]	A list of `agent` objects associated with a device, endpoint, or resource.
API Details	`api`	API[]	Group:`context` Describes details about a typical API (Application Programming Interface) call.
Cloud	`cloud`	Cloud[]	Group:`primary` Describes details about the Cloud environment where the event was originally created or logged.
Cloud Partition	`cloud_partition`	String	The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).
Criticality	`criticality`	String	The criticality of the resource as defined by the event source.
Data	`data`	JSON	Additional data describing the resource.
Data Classification	`data_classification`	Data Classification[]	Group:`context` The Data Classification object includes information about data classification levels and data category types. 🚧 WARNING: DEPRECATED Data Classification has been deprecated since 1.4.0. Use the attribute `data_classifications` instead
Data Classification	`data_classifications`	Data Classification[]	Group:`context` A list of Data Classification objects, that include information about data classification levels and data category types, indentified by a classifier.
Group	`group`	Group[]	The name of the related resource group.
Hostname	`hostname`	Hostname	Entity:`HOSTNAME` The fully qualified name of the resource.
IP Address	`ip`	IP Address	Entity:`IP_ADDRESS` The IP address of the resource, in either IPv4 or IPv6 format.
Back Ups Configured	`is_backed_up`	Boolean	Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the `cloudBackupEnabled` value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.
Labels	`labels`	String[]	The list of labels associated to the resource.
Name	`name`	String	Entity:`RESOURCE_DETAILS_OBJECT_NAME` The name of the resource.
Namespace	`namespace`	String	The namespace is useful when similar entities exist that you need to keep separate.
Owner	`owner`	User[]	Entity:`USER` The identity of the service or user account that owns the resource.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Region	`region`	String	The cloud region of the resource.
Tags	`tags`	Key:Value object[]	The list of tags; `{key:value}` pairs associated to the resource.
Type	`type`	String	The resource type as defined by the event source.
Unique ID	`uid`	Resource UID	Entity:`RESOURCE_UID` The unique identifier of the resource.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Version	`version`	String	The version of the resource. For example `1.2.3`.

Relationships

Inbound Relationships

These objects and events reference Resource Details in their attributes:

Outbound Relationships

Resource Details references the following objects and events in its attributes:

This page describes ocsf-1.4.0