Vendor Attributes
vendor_attributes
The Vendor Attributes object can be used to represent values of attributes populated by the Vendor/Finding Provider. It can help distinguish between the vendor-prodvided values and consumer-updated values, of key attributes like severity_id.
The original finding producer should not populate this object. It should be populated by consuming systems that support data mutability.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Severity | severity |
String |
The finding severity, as reported by the Vendor (Finding Provider). The value should be normalized to the caption of the severity_id value. In the case of 'Other', it is defined by the source.
|
| Severity ID | severity_id |
Integer |
The finding severity ID, as reported by the Vendor (Finding Provider).
|
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Vendor Attributes in their attributes:
- Vulnerability Finding
- Detection Finding
- Data Security Finding
- Compliance Finding
- Finding
- Incident Finding
Outbound Relationships
Vendor Attributes references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago