Unmapped
unmapped
The Unmapped object contains an unmapped datum along with a label and type.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Caption | caption | String | A short description or label for the unmapped attribute. |
| Is Array | is_array | Boolean | If true, the value is understood to be an array. Otherwise it is assumed to be a scalar. |
| Name | name | String | The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record. |
| Type | type | String | The type of data that is unmapped. |
| Value | value | JSON | The unmapped attribute value. |
Relationships
Inbound Relationships
These objects and events reference Unmapped in their attributes:
- Enrichment
- FTP Activity
- Trace
- Group
- Fingerprint
- Web Resource Access Activity
- Scan Activity
- Email File Activity
- File System Activity
- Schema Extension
- DNS Query
- Edge
- Job
- SSO
- Geo Location
- Network Connection Information
- Software Component
- Threat Intelligence
- Time Span
- Aircraft
- EPSS
- MITRE D3FEND™ Technique
- Device Config State Change
- User Inventory Info
- RPC Interface
- CVSS Score
- SCIM
- Domain Threat Intelligence
- Module Query
- Kernel Activity
- User
- Registry Value
- TLS Extension
- Observable
- IAM Analysis Finding
- Transformation Info
- Base Event
- SSH Activity
- Kernel Extension
- Group Management
- MITRE ATT&CK® & ATLAS™
- Ticket
- Remediation
- Module
- Graph
- Registry Value Query
- Data Security Finding
- Email Activity
- CWE
- CIS CSC
- File Remediation Activity
- Authentication Factor
- Module Activity
- Identity Provider
- Malware
- Baseline
- Organization
- Managed Entity
- Port Information
- Windows Service Activity
- Scan
- Vendor Attributes
- Device Inventory Info
- Check
- Network Proxy Endpoint
- Product
- File Hosting Activity
- Script
- Keyboard Information
- Assessment
- MITRE Technique
- Related Event/Finding
- Authorize Session
- Permission Analysis Result
- Registry Value Activity
- Application Lifecycle
- DNS Activity
- Policy
- Unmanned Aerial System
- Account Change
- Airborne Broadcast Activity
- Network Traffic
- Compliance
- Encryption Details
- Operating System Patch State
- DCE/RPC
- Session
- CVE
- Incident Finding
- Drone Flights Activity
- DHCP Activity
- Domain Contact
- File
- Unmanned System Operating Area
- Rule
- Programmatic Credential
- Container
- Device
- Metadata
- MITRE Mitigation
- Display
- Metric
- Agent
- Logger
- Transport Layer Security (TLS)
- Remediation Activity
- File Threat Intelligence
- Database
- Kernel Extension Activity
- User Session Query
- Vulnerability Details
- Additional Restriction
- Resource Details
- Cloud Resources Inventory Info
- Web Resources Activity
- MITRE D3FEND™
- Script Activity
- KB Article
- Network Endpoint
- File Query
- Linux Process
- Detection Finding
- Kernel Resource
- Image
- HTTP Header
- Finding Information
- Windows Evidence Artifacts
- Service
- Process Query
- CIS Benchmark
- Query Information
- CIS Benchmark Result
- CIS Control
- OSINT Inventory Info
- Compliance Finding
- Cloud
- Feature
- Windows Resource
- Digital Certificate
- Network Interface
- Classifier Details
- Network Activity
- Object
- MITRE D3FEND™ Tactic
- Endpoint
- Software Package
- Entity Management
- Autonomous System
- HTTP Response
- Vulnerability Finding
- Firewall Rule
- Admin Group Query
- Environment Variable
- RDP Activity
- Application
- Malware Scan Info
- Peripheral Device Query
- Network Connection Query
- Endpoint Connection
- Identity Activity Metrics
- Account
- Windows Resource Activity
- DNS Answer
- OSINT
- Application Security Posture Finding
- Peripheral Device
- Trait
- Live Evidence Info
- Authentication Token
- Authorization Result
- Registry Key Activity
- Authentication
- Affected Software Package
- Campaign
- HTTP Request
- Application Error
- Node
- Folder Query
- URL Threat Intelligence
- Datastore Activity
- Tunnel Activity
- Digital Signature
- Process Remediation Activity
- NTP Activity
- Event Log Activity
- Scheduled Job Activity
- Prefetch Query
- MITRE Tactic
- MITRE Sub-technique
- API
- WHOIS
- Request Elements
- Actor
- Process Activity
- Email Authentication
- Threat Actor
- Span
- Analytic
- Memory Activity
- Key:Value object
- Advisory
- HTTP Cookie
- Subject Alternative Name
- Startup Item Query
- Network File Activity
- Discovery Details
- Uniform Resource Locator
- Windows Service
- Registry Key
- Device Hardware Info
- Finding
- Process Entity
- Security Finding
- Registry Key Query
- Kernel Object Query
- Reputation
- User Access Management
- Affected Code
- Service Query
- Anomaly
- LDAP Person
- Job Query
- Occurrence Details
- API Activity
- HTTP Activity
- Long String
- Security State
- Data Classification
- Data Security
- Device Config State
- Load Balancer
- Email URL Activity
- Response Elements
- Software Bill of Materials
- Databucket
- Access Analysis Result
- Table
- Operating System (OS)
- Web Resource
- Network Remediation Activity
- Kill Chain Phase
- Networks Query
- Observation
- HASSH
- IP Threat Intelligence
- JA4+ Fingerprint
- Software Inventory Info
- User Query
- SMB Activity
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 13 days ago