Guides

Security State

Suggest Edits

The Security State object describes the security related state of a managed entity.

Attributes

CaptionNameTypeDescription
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Security State state String The security state, normalized to the caption of the state_id value. In the case of 'Other', it is defined by the source.
Security State ID state_id Integer The security state of the managed entity.
  • 0: Unknown (UNKNOWN)
  • 1: Missing or outdated content (MISSING_OR_OUTDATED_CONTENT)
  • 10: Content is locked (CONTENT_IS_LOCKED)
  • 11: Not installed (NOT_INSTALLED)
  • 12: Writable system partition (WRITABLE_SYSTEM_PARTITION)
  • 13: SafetyNet failure (SAFETYNET_FAILURE)
  • 14: Failed boot verify (FAILED_BOOT_VERIFY)
  • 15: Modified execution environment (MODIFIED_EXECUTION_ENVIRONMENT)
  • 16: SELinux disabled (SELINUX_DISABLED)
  • 17: Elevated privilege shell (ELEVATED_PRIVILEGE_SHELL)
  • 18: iOS file system altered (IOS_FILE_SYSTEM_ALTERED)
  • 19: Open remote access (OPEN_REMOTE_ACCESS)
  • 2: Policy mismatch (POLICY_MISMATCH)
  • 20: OTA updates disabled (OTA_UPDATES_DISABLED)
  • 21: Rooted (ROOTED)
  • 22: Android partition modified (ANDROID_PARTITION_MODIFIED)
  • 23: Compliance failure (COMPLIANCE_FAILURE)
  • 3: In network quarantine (IN_NETWORK_QUARANTINE)
  • 4: Protection off (PROTECTION_OFF)
  • 5: Protection malfunction (PROTECTION_MALFUNCTION)
  • 6: Protection not licensed (PROTECTION_NOT_LICENSED)
  • 7: Unremediated threat (UNREMEDIATED_THREAT)
  • 8: Suspicious reputation (SUSPICIOUS_REPUTATION)
  • 9: Reboot pending (REBOOT_PENDING)
  • 99: Other (OTHER)
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Security State shown in context

Inbound Relationships

These objects and events reference Security State in their attributes:

Outbound Relationships

Security State references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 1 month ago