Unmapped
unmapped
The Unmapped object contains an unmapped datum along with a label and type.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Caption | caption | String | A short description or label for the unmapped attribute. |
| Is Array | is_array | Boolean | If true, the value is understood to be an array. Otherwise it is assumed to be a scalar. |
| Name | name | String | The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record. |
| Type | type | String | The type of data that is unmapped. |
| Value | value | JSON | The unmapped attribute value. |
Relationships
Inbound Relationships
These objects and events reference Unmapped in their attributes:
- Kernel Object Query
- Web Resource Access Activity
- Peripheral Device
- CIS Control
- DNS Query
- OSINT
- Email URL Activity
- DNS Answer
- Discovery
- Web Resources Activity
- Network Connection Query
- Unmanned Aerial System
- Kernel Activity
- CVE
- Memory Activity
- Script Activity
- TLS Extension
- Authentication
- Script
- Display
- Request Elements
- JA4+ Fingerprint
- Kernel Extension
- Unmanned System Operating Area
- MITRE D3FEND™ Tactic
- Occurrence Details
- Group Management
- Software Inventory Info
- Group
- Image
- Database
- Device Hardware Info
- Unmanned Systems
- NTP Activity
- CIS Benchmark
- Software Package
- Endpoint Connection
- Logger
- Discovery Details
- Query Information
- Job Query
- Registry Key Activity
- Digital Certificate
- Domain Contact
- Authorize Session
- Agent
- Detection Finding
- Fingerprint
- Service
- Account
- HTTP Request
- HTTP Header
- MITRE ATT&CK® Tactic
- Rule
- Software Component
- User Session Query
- Kill Chain Phase
- SCIM
- Module Query
- Scheduled Job Activity
- MITRE ATT&CK® Sub Technique
- HASSH
- Device Inventory Info
- Process Remediation Activity
- Remediation Activity
- Actor
- Registry Key
- Encryption Details
- Network Endpoint
- Vulnerability Details
- Observable
- CVSS Score
- Scan
- Metadata
- Digital Signature
- Network Interface
- Long String
- Network Remediation Activity
- User Access Management
- Advisory
- Job
- API Activity
- Container
- DHCP Activity
- Network Proxy Endpoint
- Device Config State Change
- Drone Flights Activity
- Admin Group Query
- Security Finding
- Process Entity
- MITRE D3FEND™
- Prefetch Query
- Email File Activity
- Windows Resource
- Malware
- Network Traffic
- Networks Query
- KB Article
- Network Activity
- Time Span
- MITRE ATT&CK®
- Network File Activity
- File System Activity
- Span
- HTTP Cookie
- Trace
- Event Log Activity
- Compliance Finding
- Assessment
- File Query
- MITRE ATT&CK® Technique
- User Inventory Info
- File Remediation Activity
- Finding Information
- Software Bill of Materials
- Metric
- Finding
- Remediation
- Application Activity
- HTTP Activity
- Module Activity
- Cloud
- Schema Extension
- Operating System (OS)
- Subject Alternative Name
- Threat Intelligence
- Application Lifecycle
- Datastore Activity
- RPC Interface
- Keyboard Information
- FTP Activity
- Analytic
- File Threat Intelligence
- Device
- Base Event
- Vulnerability Finding
- Cloud Resources Inventory Info
- Registry Value Query
- Firewall Rule
- Geo Location
- Data Classification
- WHOIS
- Tunnel Activity
- DCE/RPC
- Enrichment
- Authentication Factor
- User
- LDAP Person
- API
- URL Threat Intelligence
- Network
- Affected Software Package
- Web Resource
- Windows Resource Activity
- File
- Related Event/Finding
- Domain Threat Intelligence
- Feature
- Peripheral Device Query
- Ticket
- IP Threat Intelligence
- Airborne Broadcast Activity
- Process Activity
- Device Config State
- Compliance
- Kernel Extension Activity
- Windows Service
- User Query
- CIS CSC
- Databucket
- Affected Code
- Classifier Details
- HTTP Response
- System Activity
- Response Elements
- Email Activity
- Aircraft
- Uniform Resource Locator
- Key:Value object
- Operating System Patch State
- RDP Activity
- Base Threat Intelligence
- Load Balancer
- Kernel Resource
- Table
- Evidence Artifacts
- Application Error
- Startup Item Query
- Policy
- Registry Key Query
- Service Query
- CWE
- Entity Management
- EPSS
- Network Connection Information
- DNS Activity
- SSO
- Registry Value Activity
- Linux Process
- Process Query
- Data Security Finding
- File Hosting Activity
- Folder Query
- Identity Provider
- Product
- Environment Variable
- Entity
- Module
- Vendor Attributes
- Resource Details
- SMB Activity
- Finding
- Incident Finding
- Data Security
- Managed Entity
- Transport Layer Security (TLS)
- Windows Service Activity
- Session
- Autonomous System
- Authorization Result
- Email Authentication
- Registry Value
- MITRE DEFEND™ Technique
- DNS
- Scan Activity
- Reputation
- Organization
- Object
- SSH Activity
- Resource
- Security State
- Account Change
- Identity & Access Management
- CIS Benchmark Result
- Discovery Result
- OSINT Inventory Info
- Endpoint
This page describes ocsf-1.4.0
Updated 16 days ago