Unmapped
unmapped
The Unmapped object contains an unmapped datum along with a label and type.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Caption | caption | String | A short description or label for the unmapped attribute. |
| Is Array | is_array | Boolean | If true, the value is understood to be an array. Otherwise it is assumed to be a scalar. |
| Name | name | String | The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record. |
| Type | type | String | The type of data that is unmapped. |
| Value | value | JSON | The unmapped attribute value. |
Relationships
Inbound Relationships
These objects and events reference Unmapped in their attributes:
- KB Article
- IP Threat Intelligence
- CIS Control
- OSINT
- Observation
- User Session Query
- Object
- API
- Finding
- SMB Activity
- Remediation Activity
- Base Event
- Datastore Activity
- Additional Restriction
- Service
- Permission Analysis Result
- Response Elements
- Kernel Object Query
- Account Change
- Network Activity
- Digital Signature
- Vendor Attributes
- Enrichment
- HASSH
- Software Inventory Info
- Networks Query
- Discovery Details
- Email File Activity
- Compliance
- Policy
- Schema Extension
- Request Elements
- Module Query
- Vulnerability Finding
- Process Entity
- Live Evidence Info
- CIS CSC
- Tunnel Activity
- Startup Item Query
- File Remediation Activity
- Product
- Node
- MITRE D3FEND™ Technique
- Admin Group Query
- Email Authentication
- CIS Benchmark
- JA4+ Fingerprint
- Actor
- Job Query
- DHCP Activity
- Module Activity
- Aircraft
- MITRE D3FEND™
- Kernel Resource
- Session
- Process Query
- MITRE Mitigation
- Memory Activity
- Entity Management
- Process Activity
- Kernel Extension
- Managed Entity
- Resource Details
- User
- Advisory
- Network Traffic
- Process Remediation Activity
- Campaign
- Container
- Registry Key Activity
- Finding Information
- Network Proxy Endpoint
- Long String
- Unmanned System Operating Area
- Data Classification
- CVSS Score
- Registry Value Query
- Device Inventory Info
- Application Lifecycle
- Endpoint Connection
- HTTP Response
- Event Log Activity
- MITRE Technique
- Registry Value Activity
- Kernel Activity
- OSINT Inventory Info
- Script
- File Query
- MITRE ATT&CK® & ATLAS™
- Unmanned Aerial System
- NTP Activity
- File Threat Intelligence
- Query Information
- Uniform Resource Locator
- HTTP Activity
- Job
- Firewall Rule
- Registry Value
- Domain Contact
- Ticket
- HTTP Request
- Peripheral Device
- User Query
- Authorize Session
- Prefetch Query
- File System Activity
- CWE
- MITRE D3FEND™ Tactic
- Subject Alternative Name
- Reputation
- Vulnerability Details
- Affected Code
- HTTP Header
- Software Bill of Materials
- MITRE Sub-technique
- Windows Resource
- Identity Provider
- User Access Management
- Application Error
- Application
- Device Config State Change
- Data Security Finding
- Security Finding
- FTP Activity
- Device
- DNS Answer
- Time Span
- Registry Key Query
- Cloud
- Operating System (OS)
- Span
- User Inventory Info
- Windows Service
- Trace
- Application Security Posture Finding
- Trait
- Transport Layer Security (TLS)
- API Activity
- Device Hardware Info
- CVE
- EPSS
- Account
- Assessment
- SSH Activity
- Authentication Token
- Web Resource
- Observable
- LDAP Person
- Domain Threat Intelligence
- Geo Location
- Linux Process
- Network Endpoint
- Agent
- Software Package
- Fingerprint
- Detection Finding
- Image
- WHOIS
- Table
- Identity Activity Metrics
- Keyboard Information
- Peripheral Device Query
- Programmatic Credential
- Windows Service Activity
- Access Analysis Result
- Anomaly
- Group
- Web Resources Activity
- Check
- RPC Interface
- Authentication
- Autonomous System
- Baseline
- Module
- Network File Activity
- Affected Software Package
- MITRE Tactic
- Scan
- Group Management
- Occurrence Details
- Network Connection Query
- IAM Analysis Finding
- Related Event/Finding
- HTTP Cookie
- Email URL Activity
- Environment Variable
- File
- Display
- Malware
- Kill Chain Phase
- Threat Actor
- Remediation
- Incident Finding
- Drone Flights Activity
- Transformation Info
- Windows Evidence Artifacts
- Network Interface
- Registry Key
- Databucket
- Network Remediation Activity
- Load Balancer
- URL Threat Intelligence
- SCIM
- Operating System Patch State
- DCE/RPC
- Scan Activity
- Rule
- Threat Intelligence
- Feature
- Kernel Extension Activity
- CIS Benchmark Result
- Port Information
- Security State
- Graph
- Device Config State
- Network Connection Information
- Metric
- Digital Certificate
- Cloud Resources Inventory Info
- Folder Query
- Airborne Broadcast Activity
- Endpoint
- DNS Activity
- Authorization Result
- Windows Resource Activity
- Key:Value object
- Email Activity
- Encryption Details
- Metadata
- TLS Extension
- Malware Scan Info
- File Hosting Activity
- Scheduled Job Activity
- RDP Activity
- DNS Query
- Software Component
- Compliance Finding
- Web Resource Access Activity
- Authentication Factor
- Data Security
- Organization
- Script Activity
- Database
- Logger
- Classifier Details
- Service Query
- Analytic
- SSO
- Edge
This page describes qdm-1.5.1+ocsf-1.6.0