Vendor Attributes

vendor_attributes

The Vendor Attributes object can be used to represent values of attributes populated by the Vendor/Finding Provider.
It can help distinguish between the vendor-provided values and consumer-updated values of key attributes like severity_id.

The original finding producer should not populate this object.
It should be populated by consuming systems that support data mutability.

Attributes

Caption	Name	Type	Description
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Severity	`severity`	String	The finding severity, as reported by the Vendor (Finding Provider). The value should be normalized to the caption of the `severity_id` value. In the case of 'Other', it is defined by the source.
Severity ID	`severity_id`	Integer	The finding severity ID, as reported by the Vendor (Finding Provider). `0`: Unknown (`UNKNOWN`) `1`: Informational (`INFORMATIONAL`) `2`: Low (`LOW`) `3`: Medium (`MEDIUM`) `4`: High (`HIGH`) `5`: Critical (`CRITICAL`) `6`: Fatal (`FATAL`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Vendor Attributes in their attributes:

Outbound Relationships

Vendor Attributes references the following objects and events in its attributes:

Unmapped

This page describes ocsf-1.4.0

Updated 6 days ago