Guides

Vendor Attributes

Suggest Edits

vendor_attributes

The Vendor Attributes object can be used to represent values of attributes populated by the Vendor/Finding Provider. It can help distinguish between the vendor-prodvided values and consumer-updated values, of key attributes like severity_id.
The original finding producer should not populate this object. It should be populated by consuming systems that support data mutability.

Attributes

CaptionNameTypeDescription
Raw Data raw_data String The raw event/finding data as received from the source.
Record ID record_id String Unique identifier for the object
Severity severity String The finding severity, as reported by the Vendor (Finding Provider). The value should be normalized to the caption of the severity_id value. In the case of 'Other', it is defined by the source.
Severity ID severity_id Integer The finding severity ID, as reported by the Vendor (Finding Provider).
  • 0: Unknown (UNKNOWN)
  • 1: Informational (INFORMATIONAL)
  • 2: Low (LOW)
  • 3: Medium (MEDIUM)
  • 4: High (HIGH)
  • 5: Critical (CRITICAL)
  • 6: Fatal (FATAL)
  • 99: Other (OTHER)
Unmapped Data unmapped Object[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Vendor Attributes shown in context

Inbound Relationships

These objects and events reference Vendor Attributes in their attributes:

Outbound Relationships

Vendor Attributes references the following objects and events in its attributes:

This page describes qdm-1.4.0+ocsf-1.4.0

Updated 5 days ago