security_state
The Security State object describes the security related state of a managed entity.
| Caption | Name | Type | Description |
|---|
| Raw Data | raw_data | JSON | Group:context
The event data as received from the event source. |
| Record ID | record_id | String | Group:primary
Unique identifier for the object |
| Security State | state | String | The security state, normalized to the caption of the state_id value. In the case of 'Other', it is defined by the source. |
| Security State ID | state_id | Integer | The security state of the managed entity. 0: Unknown (UNKNOWN)1: Missing or outdated content (MISSING_OR_OUTDATED_CONTENT)10: Content is locked (CONTENT_IS_LOCKED)11: Not installed (NOT_INSTALLED)12: Writable system partition (WRITABLE_SYSTEM_PARTITION)13: SafetyNet failure (SAFETYNET_FAILURE)14: Failed boot verify (FAILED_BOOT_VERIFY)15: Modified execution environment (MODIFIED_EXECUTION_ENVIRONMENT)16: SELinux disabled (SELINUX_DISABLED)17: Elevated privilege shell (ELEVATED_PRIVILEGE_SHELL)18: iOS file system altered (IOS_FILE_SYSTEM_ALTERED)19: Open remote access (OPEN_REMOTE_ACCESS)2: Policy mismatch (POLICY_MISMATCH)20: OTA updates disabled (OTA_UPDATES_DISABLED)21: Rooted (ROOTED)22: Android partition modified (ANDROID_PARTITION_MODIFIED)23: Compliance failure (COMPLIANCE_FAILURE)3: In network quarantine (IN_NETWORK_QUARANTINE)4: Protection off (PROTECTION_OFF)5: Protection malfunction (PROTECTION_MALFUNCTION)6: Protection not licensed (PROTECTION_NOT_LICENSED)7: Unremediated threat (UNREMEDIATED_THREAT)8: Suspicious reputation (SUSPICIOUS_REPUTATION)9: Reboot pending (REBOOT_PENDING)99: Other (OTHER)
|
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
These objects and events reference Security State in their attributes:
Security State references the following objects and events in its attributes:
This page describes ocsf-1.4.0
