Session
session
The Session object describes details about an authenticated session. e.g. Session Creation Time, Session Issuer.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Count | count |
Integer | The number of identical sessions spawned from the same source IP, destination IP, application, and content/threat type seen over a period of time. |
Created Time | created_time |
Timestamp | The time when the session was created. |
User Credential ID | credential_uid |
String |
Entity:USER_CREDENTIAL_ID The unique identifier of the user's credential. For example, AWS Access Key ID. |
Expiration Reason | expiration_reason |
String | The reason which triggered the session expiration. |
Expiration Time | expiration_time |
Timestamp | The session expiration time. |
Multi Factor Authentication | is_mfa |
Boolean | Indicates whether Multi Factor Authentication was used during authentication. |
Remote | is_remote |
Boolean | The indication of whether the session is remote. |
VPN Session | is_vpn |
Boolean | The indication of whether the session is a VPN session. |
Issuer Details | issuer |
String | The identifier of the session issuer. |
Raw Data | raw_data |
JSON |
Group:context The event data as received from the event source. |
Record ID | record_id |
String |
Group:primary Unique identifier for the object |
Terminal | terminal |
String | The Pseudo Terminal associated with the session. Ex: the tty or pts value. |
Unique ID | uid |
String | The unique identifier of the session. |
Alternate ID | uid_alt |
String |
The alternate unique identifier of the session. e.g. AWS ARN - arn:aws:sts::123344444444:assumed-role/Admin/example-session .
|
Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
UUID | uuid |
UUID | The universally unique identifier of the session. |
Relationships
Inbound Relationships
These objects and events reference Session in their attributes:
- Actor
- Authorize Session
- Linux Process
- Tunnel Activity
- Authentication
- User Session Query
- Network Connection Information
Outbound Relationships
Session references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 11 days ago