Vendor Attributes

vendor_attributes

The Vendor Attributes object can be used to represent values of attributes populated by the Vendor/Finding Provider. It can help distinguish between the vendor-prodvided values and consumer-updated values, of key attributes like severity_id.
The original finding producer should not populate this object. It should be populated by consuming systems that support data mutability.

Attributes

CaptionNameTypeDescription
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Severity severity String The finding severity, as reported by the Vendor (Finding Provider). The value should be normalized to the caption of the severity_id value. In the case of 'Other', it is defined by the source.
Severity ID severity_id Integer The finding severity ID, as reported by the Vendor (Finding Provider).
  • 0: Unknown (UNKNOWN)
  • 1: Informational (INFORMATIONAL)
  • 2: Low (LOW)
  • 3: Medium (MEDIUM)
  • 4: High (HIGH)
  • 5: Critical (CRITICAL)
  • 6: Fatal (FATAL)
  • 99: Other (OTHER)
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Vendor Attributes shown in context

Inbound Relationships

These objects and events reference Vendor Attributes in their attributes:

Outbound Relationships

Vendor Attributes references the following objects and events in its attributes:

This page describes ocsf-1.4.0