Unmapped
unmapped
The Unmapped object contains an unmapped datum along with a label and type.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Caption | caption | String | A short description or label for the unmapped attribute. |
| Is Array | is_array | Boolean | If true, the value is understood to be an array. Otherwise it is assumed to be a scalar. |
| Name | name | String | The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record. |
| Type | type | String | The type of data that is unmapped. |
| Value | value | JSON | The unmapped attribute value. |
Relationships
Inbound Relationships
These objects and events reference Unmapped in their attributes:
- Email Authentication
- RDP Activity
- Baseline
- Device Config State
- Finding Information
- HTTP Header
- WHOIS
- Unmanned Aerial System
- SSO
- Campaign
- Digital Signature
- Reputation
- Endpoint Connection
- File Hosting Activity
- Kernel Extension
- SCIM
- Email File Activity
- Software Inventory Info
- Key:Value object
- Device Inventory Info
- Kernel Object Query
- Identity Activity Metrics
- Network Activity
- MITRE Mitigation
- Check
- File Query
- Registry Key Query
- KB Article
- Product
- Module
- MITRE Sub-technique
- Event Log Activity
- Uniform Resource Locator
- Registry Value Query
- User Inventory Info
- Permission Analysis Result
- Registry Key
- Programmatic Credential
- SSH Activity
- Metric
- Agent
- Observation
- Environment Variable
- Malware
- Service Query
- Table
- Trait
- Drone Flights Activity
- Cloud Resources Inventory Info
- Security Finding
- Entity Management
- HTTP Cookie
- CIS Control
- Query Information
- Service
- Unmanned System Operating Area
- Process Query
- Startup Item Query
- Data Security
- MITRE Technique
- Detection Finding
- Software Bill of Materials
- CIS Benchmark Result
- OSINT
- NTP Activity
- Data Classification
- CIS CSC
- DHCP Activity
- Network File Activity
- Web Resources Activity
- Remediation Activity
- Schema Extension
- Account
- Observable
- CIS Benchmark
- Compliance Finding
- Vulnerability Finding
- Authentication
- Script Activity
- Vendor Attributes
- Scan Activity
- Peripheral Device
- Web Resource
- Authentication Factor
- Windows Evidence Artifacts
- File Remediation Activity
- Process Activity
- Malware Scan Info
- Networks Query
- Group Management
- Load Balancer
- Network Interface
- IP Threat Intelligence
- Encryption Details
- Network Connection Information
- RPC Interface
- Linux Process
- Network Traffic
- Fingerprint
- Analytic
- Aircraft
- Related Event/Finding
- Remediation
- Resource Details
- Transformation Info
- TLS Extension
- Registry Key Activity
- Scheduled Job Activity
- User Query
- Graph
- Image
- Anomaly
- Module Query
- CWE
- DNS Activity
- Object
- File
- Keyboard Information
- Module Activity
- Incident Finding
- Airborne Broadcast Activity
- Email URL Activity
- Domain Contact
- HASSH
- JA4+ Fingerprint
- Access Analysis Result
- Port Information
- User Access Management
- User
- Vulnerability Details
- Registry Value
- Network Remediation Activity
- HTTP Request
- Additional Restriction
- Tunnel Activity
- User Session Query
- Discovery Details
- Response Elements
- Finding
- Kernel Resource
- Application Error
- SMB Activity
- Software Component
- Network Connection Query
- Peripheral Device Query
- Long String
- Occurrence Details
- CVSS Score
- Operating System (OS)
- Databucket
- Device Hardware Info
- Authorization Result
- Windows Resource Activity
- MITRE D3FEND™
- Policy
- Process Remediation Activity
- File Threat Intelligence
- Threat Actor
- Edge
- Display
- Windows Service Activity
- Operating System Patch State
- Endpoint
- Trace
- Authentication Token
- Data Security Finding
- Compliance
- Process Entity
- Job Query
- Network Endpoint
- URL Threat Intelligence
- Actor
- Feature
- Scan
- Folder Query
- Prefetch Query
- Security State
- Admin Group Query
- DNS Query
- Affected Code
- Identity Provider
- Device
- Request Elements
- Device Config State Change
- MITRE D3FEND™ Technique
- EPSS
- Datastore Activity
- MITRE Tactic
- Email Activity
- Registry Value Activity
- IAM Analysis Finding
- Application Lifecycle
- Geo Location
- Subject Alternative Name
- Domain Threat Intelligence
- Threat Intelligence
- Group
- Rule
- Authorize Session
- Kernel Activity
- Network Proxy Endpoint
- Classifier Details
- Application Security Posture Finding
- File System Activity
- Time Span
- Advisory
- Session
- FTP Activity
- API
- Ticket
- Software Package
- API Activity
- Kernel Extension Activity
- Web Resource Access Activity
- Windows Resource
- Database
- Windows Service
- MITRE ATT&CK® & ATLAS™
- HTTP Response
- Job
- Affected Software Package
- Logger
- Digital Certificate
- Metadata
- Cloud
- Enrichment
- Firewall Rule
- Organization
- Script
- DCE/RPC
- Autonomous System
- Transport Layer Security (TLS)
- Live Evidence Info
- Account Change
- Application
- Container
- Memory Activity
- DNS Answer
- Node
- LDAP Person
- CVE
- Span
- HTTP Activity
- Kill Chain Phase
- Assessment
- MITRE D3FEND™ Tactic
- Managed Entity
- OSINT Inventory Info
- Base Event
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 15 days ago