diff --git a/README.md b/README.md index 80aff4c..8b3032b 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,11 @@ Unofficial OCSF data types for Rust based on OCSF JSON Schema. ## Getting started -TODO +Install with: + +``` +cargo add ocsf-schema-rs +``` ### Usage diff --git a/ocsf-schema-rs/.gitignore b/ocsf-schema-rs/.gitignore index 6ea5f99..c41cc9e 100644 --- a/ocsf-schema-rs/.gitignore +++ b/ocsf-schema-rs/.gitignore @@ -1,2 +1 @@ -/target -all.json \ No newline at end of file +/target \ No newline at end of file diff --git a/ocsf-schema-rs/Cargo.lock b/ocsf-schema-rs/Cargo.lock index 08a4267..3c0367a 100644 --- a/ocsf-schema-rs/Cargo.lock +++ b/ocsf-schema-rs/Cargo.lock @@ -68,7 +68,7 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "ocsf-schema-rs" -version = "0.1.0-alpha" +version = "0.1.1-alpha" dependencies = [ "serde", "serde_json", diff --git a/ocsf-schema-rs/Cargo.toml b/ocsf-schema-rs/Cargo.toml index 083923c..241cf0e 100644 --- a/ocsf-schema-rs/Cargo.toml +++ b/ocsf-schema-rs/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ocsf-schema-rs" -version = "0.1.0-alpha" +version = "0.1.1-alpha" edition = "2021" license = "Apache-2.0" description = "OCSF data types for Rust" diff --git a/ocsf-schema-rs/all.json b/ocsf-schema-rs/all.json new file mode 100644 index 0000000..b0344f3 --- /dev/null +++ b/ocsf-schema-rs/all.json @@ -0,0 +1 @@ +{"$defs": {"account": {"properties": {"labels": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "uid": {"type": "string"}}, "type": "object"}, "actor": {"properties": {"app_name": {"type": "string"}, "app_uid": {"type": "string"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "idp": {"$ref": "#/$defs/idp"}, "invoked_by": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "session": {"$ref": "#/$defs/session"}, "user": {"$ref": "#/$defs/user"}}, "type": "object"}, "affected_code": {"properties": {"end_line": {"type": "integer"}, "file": {"$ref": "#/$defs/file"}, "owner": {"$ref": "#/$defs/user"}, "remediation": {"$ref": "#/$defs/remediation"}, "start_line": {"type": "integer"}}, "required": ["file"], "type": "object"}, "affected_package": {"properties": {"architecture": {"type": "string"}, "cpe_name": {"type": "string"}, "epoch": {"type": "integer"}, "fixed_in_version": {"type": "string"}, "hash": {"$ref": "#/$defs/fingerprint"}, "license": {"type": "string"}, "name": {"type": "string"}, "package_manager": {"type": "string"}, "path": {"type": "string"}, "purl": {"type": "string"}, "release": {"type": "string"}, "remediation": {"$ref": "#/$defs/remediation"}, "type": {"type": "string"}, "type_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "vendor_name": {"type": "string"}, "version": {"type": "string"}}, "required": ["name", "version"], "type": "object"}, "agent": {"properties": {"name": {"type": "string"}, "policies": {"items": {"$ref": "#/$defs/policy"}, "type": "array"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9], "type": "integer"}, "uid": {"type": "string"}, "uid_alt": {"type": "string"}, "vendor_name": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "analytic": {"properties": {"category": {"type": "string"}, "desc": {"type": "string"}, "name": {"type": "string"}, "related_analytics": {"items": {"$ref": "#/$defs/analytic"}, "type": "array"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11], "type": "integer"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "api": {"properties": {"group": {"$ref": "#/$defs/group"}, "operation": {"type": "string"}, "request": {"$ref": "#/$defs/request"}, "response": {"$ref": "#/$defs/response"}, "service": {"$ref": "#/$defs/service"}, "version": {"type": "string"}}, "required": ["operation"], "type": "object"}, "attack": {"properties": {"sub_technique": {"$ref": "#/$defs/sub_technique"}, "tactic": {"$ref": "#/$defs/tactic"}, "tactics": {"items": {"$ref": "#/$defs/tactic"}, "type": "array"}, "technique": {"$ref": "#/$defs/technique"}, "version": {"type": "string"}}, "type": "object"}, "authorization": {"properties": {"decision": {"type": "string"}, "policy": {"$ref": "#/$defs/policy"}}, "type": "object"}, "auth_factor": {"properties": {"device": {"$ref": "#/$defs/device"}, "email_addr": {"type": "string"}, "factor_type": {"type": "string"}, "factor_type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11], "type": "integer"}, "is_hotp": {"type": "boolean"}, "is_totp": {"type": "boolean"}, "phone_number": {"type": "string"}, "provider": {"type": "string"}, "security_questions": {"items": {"type": "string"}, "type": "array"}}, "required": ["factor_type_id"], "type": "object"}, "autonomous_system": {"properties": {"name": {"type": "string"}, "number": {"type": "integer"}}, "type": "object"}, "certificate": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "expiration_time": {"type": "integer"}, "expiration_time_dt": {"type": "string"}, "fingerprints": {"items": {"$ref": "#/$defs/fingerprint"}, "type": "array"}, "is_self_signed": {"type": "boolean"}, "issuer": {"type": "string"}, "serial_number": {"type": "string"}, "subject": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "required": ["fingerprints", "issuer", "serial_number"], "type": "object"}, "cis_benchmark": {"properties": {"cis_controls": {"items": {"$ref": "#/$defs/cis_control"}, "type": "array"}, "desc": {"type": "string"}, "name": {"type": "string"}}, "required": ["name"], "type": "object"}, "cis_benchmark_result": {"properties": {"desc": {"type": "string"}, "name": {"type": "string"}, "remediation": {"$ref": "#/$defs/remediation"}, "rule": {"$ref": "#/$defs/rule"}}, "required": ["name"], "type": "object"}, "cis_control": {"properties": {"desc": {"type": "string"}, "name": {"type": "string"}, "version": {"type": "string"}}, "required": ["name"], "type": "object"}, "cis_csc": {"properties": {"control": {"type": "string"}, "version": {"type": "string"}}, "required": ["control"], "type": "object"}, "cloud": {"properties": {"account": {"$ref": "#/$defs/account"}, "org": {"$ref": "#/$defs/organization"}, "project_uid": {"type": "string"}, "provider": {"type": "string"}, "region": {"type": "string"}, "zone": {"type": "string"}}, "required": ["provider"], "type": "object"}, "compliance": {"properties": {"compliance_references": {"items": {"$ref": "#/$defs/kb_article"}, "type": "array"}, "compliance_standards": {"items": {"$ref": "#/$defs/kb_article"}, "type": "array"}, "control": {"type": "string"}, "requirements": {"items": {"type": "string"}, "type": "array"}, "standards": {"items": {"type": "string"}, "type": "array"}, "status": {"type": "string"}, "status_code": {"type": "string"}, "status_detail": {"type": "string"}, "status_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}}, "required": ["standards"], "type": "object"}, "container": {"properties": {"hash": {"$ref": "#/$defs/fingerprint"}, "image": {"$ref": "#/$defs/image"}, "name": {"type": "string"}, "network_driver": {"type": "string"}, "orchestrator": {"type": "string"}, "pod_uuid": {"type": "string"}, "runtime": {"type": "string"}, "size": {"type": "integer"}, "tag": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "cve": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "cvss": {"items": {"$ref": "#/$defs/cvss"}, "type": "array"}, "cwe": {"$ref": "#/$defs/cwe"}, "cwe_uid": {"type": "string"}, "cwe_url": {"type": "string"}, "desc": {"type": "string"}, "epss": {"$ref": "#/$defs/epss"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "product": {"$ref": "#/$defs/product"}, "references": {"items": {"type": "string"}, "type": "array"}, "title": {"type": "string"}, "type": {"type": "string"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "cvss": {"properties": {"base_score": {"type": "number"}, "depth": {"enum": ["Base", "Environmental", "Temporal"], "type": "string"}, "metrics": {"items": {"$ref": "#/$defs/metric"}, "type": "array"}, "overall_score": {"type": "number"}, "severity": {"type": "string"}, "vector_string": {"type": "string"}, "version": {"type": "string"}}, "required": ["base_score", "version"], "type": "object"}, "cwe": {"properties": {"caption": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "d3fend": {"properties": {"d3f_tactic": {"$ref": "#/$defs/d3f_tactic"}, "d3f_technique": {"$ref": "#/$defs/d3f_technique"}, "version": {"type": "string"}}, "type": "object"}, "d3f_tactic": {"properties": {"name": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "d3f_technique": {"properties": {"name": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "database": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "desc": {"type": "string"}, "groups": {"items": {"$ref": "#/$defs/group"}, "type": "array"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "name": {"type": "string"}, "size": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "uid": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "databucket": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "desc": {"type": "string"}, "file": {"$ref": "#/$defs/file"}, "groups": {"items": {"$ref": "#/$defs/group"}, "type": "array"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "name": {"type": "string"}, "size": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "uid": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "data_classification": {"properties": {"category": {"type": "string"}, "category_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "confidentiality": {"type": "string"}, "confidentiality_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "policy": {"$ref": "#/$defs/policy"}}, "type": "object"}, "data_security": {"properties": {"category": {"type": "string"}, "category_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "confidentiality": {"type": "string"}, "confidentiality_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "data_lifecycle_state": {"type": "string"}, "data_lifecycle_state_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "detection_pattern": {"type": "string"}, "detection_system": {"type": "string"}, "detection_system_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 12], "type": "integer"}, "pattern_match": {"type": "string"}, "policy": {"$ref": "#/$defs/policy"}}, "type": "object"}, "dce_rpc": {"properties": {"command": {"type": "string"}, "command_response": {"type": "string"}, "flags": {"items": {"type": "string"}, "type": "array"}, "opnum": {"type": "integer"}, "rpc_interface": {"$ref": "#/$defs/rpc_interface"}}, "required": ["flags", "rpc_interface"], "type": "object"}, "device": {"properties": {"region": {"type": "string"}, "last_seen_time_dt": {"type": "string"}, "interface_name": {"type": "string"}, "uid": {"type": "string"}, "interface_uid": {"type": "string"}, "modified_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "os": {"$ref": "#/$defs/os"}, "desc": {"type": "string"}, "hypervisor": {"type": "string"}, "type": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "instance_uid": {"type": "string"}, "first_seen_time": {"type": "integer"}, "mac": {"type": "string"}, "org": {"$ref": "#/$defs/organization"}, "risk_level": {"type": "string"}, "image": {"$ref": "#/$defs/image"}, "created_time": {"type": "integer"}, "subnet_uid": {"type": "string"}, "zone": {"type": "string"}, "groups": {"items": {"$ref": "#/$defs/group"}, "type": "array"}, "risk_score": {"type": "integer"}, "is_personal": {"type": "boolean"}, "name": {"type": "string"}, "first_seen_time_dt": {"type": "string"}, "hw_info": {"$ref": "#/$defs/device_hw_info"}, "namespace_pid": {"type": "integer"}, "uid_alt": {"type": "string"}, "boot_time_dt": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 12, 13], "type": "integer"}, "last_seen_time": {"type": "integer"}, "owner": {"$ref": "#/$defs/user"}, "boot_time": {"type": "integer"}, "is_managed": {"type": "boolean"}, "container": {"$ref": "#/$defs/container"}, "risk_level_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "modified_time_dt": {"type": "string"}, "is_trusted": {"type": "boolean"}, "network_interfaces": {"items": {"$ref": "#/$defs/network_interface"}, "type": "array"}, "autoscale_uid": {"type": "string"}, "vpc_uid": {"type": "string"}, "subnet": {"type": "string"}, "domain": {"type": "string"}, "imei": {"type": "string"}, "agent_list": {"items": {"$ref": "#/$defs/agent"}, "type": "array"}, "ip": {"type": "string"}, "hostname": {"type": "string"}, "vlan_uid": {"type": "string"}, "is_compliant": {"type": "boolean"}}, "required": ["type_id"], "type": "object"}, "device_hw_info": {"properties": {"bios_date": {"type": "string"}, "bios_manufacturer": {"type": "string"}, "bios_ver": {"type": "string"}, "chassis": {"type": "string"}, "cpu_bits": {"type": "integer"}, "cpu_cores": {"type": "integer"}, "cpu_count": {"type": "integer"}, "cpu_speed": {"type": "integer"}, "cpu_type": {"type": "string"}, "desktop_display": {"$ref": "#/$defs/display"}, "keyboard_info": {"$ref": "#/$defs/keyboard_info"}, "ram_size": {"type": "integer"}, "serial_number": {"type": "string"}}, "type": "object"}, "digital_signature": {"properties": {"algorithm": {"type": "string"}, "algorithm_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "certificate": {"$ref": "#/$defs/certificate"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "developer_uid": {"type": "string"}, "digest": {"$ref": "#/$defs/fingerprint"}, "state": {"type": "string"}, "state_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}}, "required": ["algorithm_id"], "type": "object"}, "display": {"properties": {"color_depth": {"type": "integer"}, "physical_height": {"type": "integer"}, "physical_orientation": {"type": "integer"}, "physical_width": {"type": "integer"}, "scale_factor": {"type": "integer"}}, "type": "object"}, "dns_answer": {"properties": {"class": {"type": "string"}, "flag_ids": {"items": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "type": "array"}, "flags": {"items": {"type": "string"}, "type": "array"}, "packet_uid": {"type": "integer"}, "rdata": {"type": "string"}, "ttl": {"type": "integer"}, "type": {"type": "string"}}, "required": ["rdata"], "type": "object"}, "dns_query": {"properties": {"class": {"type": "string"}, "hostname": {"type": "string"}, "opcode": {"type": "string"}, "opcode_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "packet_uid": {"type": "integer"}, "type": {"type": "string"}}, "required": ["hostname"], "type": "object"}, "domain_contact": {"properties": {"email_addr": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "name": {"type": "string"}, "phone_number": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "uid": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "email": {"properties": {"cc": {"items": {"type": "string"}, "type": "array"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "delivered_to": {"type": "string"}, "from": {"type": "string"}, "message_uid": {"type": "string"}, "raw_header": {"type": "string"}, "reply_to": {"type": "string"}, "size": {"type": "integer"}, "smtp_from": {"type": "string"}, "smtp_to": {"items": {"type": "string"}, "type": "array"}, "subject": {"type": "string"}, "to": {"items": {"type": "string"}, "type": "array"}, "uid": {"type": "string"}, "x_originating_ip": {"items": {"type": "string"}, "type": "array"}}, "required": ["from", "to"], "type": "object"}, "email_auth": {"properties": {"dkim": {"type": "string"}, "dkim_domain": {"type": "string"}, "dkim_signature": {"type": "string"}, "dmarc": {"type": "string"}, "dmarc_override": {"type": "string"}, "dmarc_policy": {"type": "string"}, "spf": {"type": "string"}}, "type": "object"}, "endpoint": {"properties": {"agent_list": {"items": {"$ref": "#/$defs/agent"}, "type": "array"}, "container": {"$ref": "#/$defs/container"}, "domain": {"type": "string"}, "hostname": {"type": "string"}, "hw_info": {"$ref": "#/$defs/device_hw_info"}, "instance_uid": {"type": "string"}, "interface_name": {"type": "string"}, "interface_uid": {"type": "string"}, "ip": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "mac": {"type": "string"}, "name": {"type": "string"}, "namespace_pid": {"type": "integer"}, "os": {"$ref": "#/$defs/os"}, "owner": {"$ref": "#/$defs/user"}, "subnet_uid": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 12, 13], "type": "integer"}, "uid": {"type": "string"}, "vlan_uid": {"type": "string"}, "vpc_uid": {"type": "string"}, "zone": {"type": "string"}}, "type": "object"}, "endpoint_connection": {"properties": {"code": {"type": "integer"}, "network_endpoint": {"$ref": "#/$defs/network_endpoint"}}, "type": "object"}, "enrichment": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "data": {}, "desc": {"type": "string"}, "name": {"type": "string"}, "provider": {"type": "string"}, "reputation": {"$ref": "#/$defs/reputation"}, "short_desc": {"type": "string"}, "src_url": {"type": "string"}, "type": {"type": "string"}, "value": {"type": "string"}}, "required": ["data", "name", "value"], "type": "object"}, "epss": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "percentile": {"type": "number"}, "score": {"type": "string"}, "version": {"type": "string"}}, "required": ["score"], "type": "object"}, "evidences": {"properties": {"actor": {"$ref": "#/$defs/actor"}, "api": {"$ref": "#/$defs/api"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}, "container": {"$ref": "#/$defs/container"}, "data": {}, "database": {"$ref": "#/$defs/database"}, "databucket": {"$ref": "#/$defs/databucket"}, "device": {"$ref": "#/$defs/device"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "email": {"$ref": "#/$defs/email"}, "file": {"$ref": "#/$defs/file"}, "job": {"$ref": "#/$defs/job"}, "process": {"$ref": "#/$defs/process"}, "query": {"$ref": "#/$defs/dns_query"}, "reg_key": {"$ref": "#/$defs/win_reg_key"}, "reg_value": {"$ref": "#/$defs/win_reg_value"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "url": {"$ref": "#/$defs/url"}, "user": {"$ref": "#/$defs/user"}, "win_service": {"$ref": "#/$defs/win_win_service"}}, "type": "object"}, "extension": {"properties": {"name": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "required": ["name", "uid", "version"], "type": "object"}, "feature": {"properties": {"name": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "file": {"properties": {"accessed_time": {"type": "integer"}, "accessed_time_dt": {"type": "string"}, "accessor": {"$ref": "#/$defs/user"}, "attributes": {"type": "integer"}, "company_name": {"type": "string"}, "confidentiality": {"type": "string"}, "confidentiality_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "creator": {"$ref": "#/$defs/user"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "desc": {"type": "string"}, "ext": {"type": "string"}, "hashes": {"items": {"$ref": "#/$defs/fingerprint"}, "type": "array"}, "is_system": {"type": "boolean"}, "mime_type": {"type": "string"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "modifier": {"$ref": "#/$defs/user"}, "name": {"type": "string"}, "owner": {"$ref": "#/$defs/user"}, "parent_folder": {"type": "string"}, "path": {"type": "string"}, "product": {"$ref": "#/$defs/product"}, "security_descriptor": {"type": "string"}, "signature": {"$ref": "#/$defs/digital_signature"}, "size": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "uid": {"type": "string"}, "version": {"type": "string"}, "xattributes": {"$ref": "#/$defs/object"}}, "required": ["name", "type_id"], "type": "object"}, "finding": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "desc": {"type": "string"}, "first_seen_time": {"type": "integer"}, "first_seen_time_dt": {"type": "string"}, "last_seen_time": {"type": "integer"}, "last_seen_time_dt": {"type": "string"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "product_uid": {"type": "string"}, "related_events": {"items": {"$ref": "#/$defs/related_event"}, "type": "array"}, "remediation": {"$ref": "#/$defs/remediation"}, "src_url": {"type": "string"}, "supporting_data": {}, "title": {"type": "string"}, "types": {"items": {"type": "string"}, "type": "array"}, "uid": {"type": "string"}}, "required": ["title", "uid"], "type": "object"}, "finding_info": {"properties": {"analytic": {"$ref": "#/$defs/analytic"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "data_sources": {"items": {"type": "string"}, "type": "array"}, "desc": {"type": "string"}, "first_seen_time": {"type": "integer"}, "first_seen_time_dt": {"type": "string"}, "kill_chain": {"items": {"$ref": "#/$defs/kill_chain_phase"}, "type": "array"}, "last_seen_time": {"type": "integer"}, "last_seen_time_dt": {"type": "string"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "product_uid": {"type": "string"}, "related_analytics": {"items": {"$ref": "#/$defs/analytic"}, "type": "array"}, "related_events": {"items": {"$ref": "#/$defs/related_event"}, "type": "array"}, "src_url": {"type": "string"}, "title": {"type": "string"}, "types": {"items": {"type": "string"}, "type": "array"}, "uid": {"type": "string"}}, "required": ["title", "uid"], "type": "object"}, "fingerprint": {"properties": {"algorithm": {"type": "string"}, "algorithm_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "value": {"type": "string"}}, "required": ["algorithm_id", "value"], "type": "object"}, "firewall_rule": {"properties": {"category": {"type": "string"}, "condition": {"type": "string"}, "desc": {"type": "string"}, "duration": {"type": "integer"}, "match_details": {"items": {"type": "string"}, "type": "array"}, "match_location": {"type": "string"}, "name": {"type": "string"}, "rate_limit": {"type": "integer"}, "sensitivity": {"type": "string"}, "type": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "group": {"properties": {"desc": {"type": "string"}, "domain": {"type": "string"}, "name": {"type": "string"}, "privileges": {"items": {"type": "string"}, "type": "array"}, "type": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "hassh": {"properties": {"algorithm": {"type": "string"}, "fingerprint": {"$ref": "#/$defs/fingerprint"}}, "required": ["fingerprint"], "type": "object"}, "http_cookie": {"properties": {"domain": {"type": "string"}, "expiration_time": {"type": "integer"}, "expiration_time_dt": {"type": "string"}, "http_only": {"type": "boolean"}, "is_http_only": {"type": "boolean"}, "is_secure": {"type": "boolean"}, "name": {"type": "string"}, "path": {"type": "string"}, "samesite": {"type": "string"}, "secure": {"type": "boolean"}, "value": {"type": "string"}}, "required": ["name", "value"], "type": "object"}, "http_header": {"properties": {"name": {"type": "string"}, "value": {"type": "string"}}, "required": ["name", "value"], "type": "object"}, "http_request": {"properties": {"args": {"type": "string"}, "http_headers": {"items": {"$ref": "#/$defs/http_header"}, "type": "array"}, "http_method": {"enum": ["OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "TRACE", "CONNECT"], "type": "string"}, "length": {"type": "integer"}, "referrer": {"type": "string"}, "uid": {"type": "string"}, "url": {"$ref": "#/$defs/url"}, "user_agent": {"type": "string"}, "version": {"type": "string"}, "x_forwarded_for": {"items": {"type": "string"}, "type": "array"}}, "type": "object"}, "http_response": {"properties": {"code": {"type": "integer"}, "content_type": {"type": "string"}, "http_headers": {"items": {"$ref": "#/$defs/http_header"}, "type": "array"}, "latency": {"type": "integer"}, "length": {"type": "integer"}, "message": {"type": "string"}, "status": {"type": "string"}}, "required": ["code"], "type": "object"}, "idp": {"properties": {"name": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "image": {"properties": {"labels": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "path": {"type": "string"}, "tag": {"type": "string"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "ja4_fingerprint": {"properties": {"section_a": {"type": "string"}, "section_b": {"type": "string"}, "section_c": {"type": "string"}, "section_d": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9], "type": "integer"}, "value": {"type": "string"}}, "required": ["type_id", "value"], "type": "object"}, "job": {"properties": {"cmd_line": {"type": "string"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "desc": {"type": "string"}, "file": {"$ref": "#/$defs/file"}, "last_run_time": {"type": "integer"}, "last_run_time_dt": {"type": "string"}, "name": {"type": "string"}, "next_run_time": {"type": "integer"}, "next_run_time_dt": {"type": "string"}, "run_state": {"type": "string"}, "run_state_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "user": {"$ref": "#/$defs/user"}}, "required": ["file", "name"], "type": "object"}, "kb_article": {"properties": {"avg_timespan": {"$ref": "#/$defs/timespan"}, "bulletin": {"type": "string"}, "classification": {"type": "string"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "install_state": {"type": "string"}, "install_state_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "is_superseded": {"type": "boolean"}, "os": {"$ref": "#/$defs/os"}, "product": {"$ref": "#/$defs/product"}, "severity": {"type": "string"}, "size": {"type": "integer"}, "src_url": {"type": "string"}, "title": {"type": "string"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "kernel": {"properties": {"is_system": {"type": "boolean"}, "name": {"type": "string"}, "path": {"type": "string"}, "system_call": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [0, 1, 2, 99], "type": "integer"}}, "required": ["name", "type_id"], "type": "object"}, "kernel_driver": {"properties": {"file": {"$ref": "#/$defs/file"}}, "required": ["file"], "type": "object"}, "keyboard_info": {"properties": {"function_keys": {"type": "integer"}, "ime": {"type": "string"}, "keyboard_layout": {"type": "string"}, "keyboard_subtype": {"type": "integer"}, "keyboard_type": {"type": "string"}}, "type": "object"}, "kill_chain_phase": {"properties": {"phase": {"type": "string"}, "phase_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}}, "required": ["phase_id"], "type": "object"}, "ldap_person": {"properties": {"cost_center": {"type": "string"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "deleted_time": {"type": "integer"}, "deleted_time_dt": {"type": "string"}, "email_addrs": {"items": {"type": "string"}, "type": "array"}, "employee_uid": {"type": "string"}, "given_name": {"type": "string"}, "hire_time": {"type": "integer"}, "hire_time_dt": {"type": "string"}, "job_title": {"type": "string"}, "labels": {"items": {"type": "string"}, "type": "array"}, "last_login_time": {"type": "integer"}, "last_login_time_dt": {"type": "string"}, "ldap_cn": {"type": "string"}, "ldap_dn": {"type": "string"}, "leave_time": {"type": "integer"}, "leave_time_dt": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "manager": {"$ref": "#/$defs/user"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "office_location": {"type": "string"}, "surname": {"type": "string"}}, "type": "object"}, "load_balancer": {"properties": {"classification": {"type": "string"}, "code": {"type": "integer"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "endpoint_connections": {"items": {"$ref": "#/$defs/endpoint_connection"}, "type": "array"}, "error_message": {"type": "string"}, "ip": {"type": "string"}, "message": {"type": "string"}, "metrics": {"items": {"$ref": "#/$defs/metric"}, "type": "array"}, "name": {"type": "string"}, "status_detail": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "location": {"properties": {"city": {"type": "string"}, "continent": {"type": "string"}, "coordinates": {"items": {"type": "number"}, "type": "array"}, "country": {"type": "string"}, "desc": {"type": "string"}, "geohash": {"type": "string"}, "is_on_premises": {"type": "boolean"}, "isp": {"type": "string"}, "lat": {"type": "number"}, "long": {"type": "number"}, "postal_code": {"type": "string"}, "provider": {"type": "string"}, "region": {"type": "string"}}, "type": "object"}, "logger": {"properties": {"device": {"$ref": "#/$defs/device"}, "log_level": {"type": "string"}, "log_name": {"type": "string"}, "log_provider": {"type": "string"}, "log_version": {"type": "string"}, "logged_time": {"type": "integer"}, "logged_time_dt": {"type": "string"}, "name": {"type": "string"}, "product": {"$ref": "#/$defs/product"}, "transmit_time": {"type": "integer"}, "transmit_time_dt": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "malware": {"properties": {"classification_ids": {"items": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 13, 19], "type": "integer"}, "type": "array"}, "classifications": {"items": {"type": "string"}, "type": "array"}, "cves": {"items": {"$ref": "#/$defs/cve"}, "type": "array"}, "name": {"type": "string"}, "path": {"type": "string"}, "provider": {"type": "string"}, "uid": {"type": "string"}}, "required": ["classification_ids"], "type": "object"}, "managed_entity": {"properties": {"data": {}, "device": {"$ref": "#/$defs/device"}, "email": {"$ref": "#/$defs/email"}, "group": {"$ref": "#/$defs/group"}, "name": {"type": "string"}, "org": {"$ref": "#/$defs/organization"}, "policy": {"$ref": "#/$defs/policy"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "uid": {"type": "string"}, "user": {"$ref": "#/$defs/user"}, "version": {"type": "string"}}, "type": "object"}, "metadata": {"properties": {"correlation_uid": {"type": "string"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "event_code": {"type": "string"}, "extension": {"$ref": "#/$defs/extension"}, "extensions": {"items": {"$ref": "#/$defs/extension"}, "type": "array"}, "labels": {"items": {"type": "string"}, "type": "array"}, "log_level": {"type": "string"}, "log_name": {"type": "string"}, "log_provider": {"type": "string"}, "log_version": {"type": "string"}, "logged_time": {"type": "integer"}, "logged_time_dt": {"type": "string"}, "loggers": {"items": {"$ref": "#/$defs/logger"}, "type": "array"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "original_time": {"type": "string"}, "processed_time": {"type": "integer"}, "processed_time_dt": {"type": "string"}, "product": {"$ref": "#/$defs/product"}, "profiles": {"items": {"type": "string"}, "type": "array"}, "sequence": {"type": "integer"}, "tenant_uid": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "required": ["product", "version"], "type": "object"}, "metric": {"properties": {"name": {"type": "string"}, "value": {"type": "string"}}, "required": ["name", "value"], "type": "object"}, "module": {"properties": {"base_address": {"type": "string"}, "file": {"$ref": "#/$defs/file"}, "function_name": {"type": "string"}, "load_type": {"type": "string"}, "load_type_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "start_address": {"type": "string"}, "type": {"type": "string"}}, "required": ["load_type_id"], "type": "object"}, "network_connection_info": {"properties": {"boundary": {"type": "string"}, "boundary_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11], "type": "integer"}, "direction": {"type": "string"}, "direction_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "protocol_name": {"type": "string"}, "protocol_num": {"type": "integer"}, "protocol_ver": {"type": "string"}, "protocol_ver_id": {"enum": [6, 0, 99, 4], "type": "integer"}, "session": {"$ref": "#/$defs/session"}, "tcp_flags": {"type": "integer"}, "uid": {"type": "string"}}, "required": ["direction_id"], "type": "object"}, "network_endpoint": {"properties": {"agent_list": {"items": {"$ref": "#/$defs/agent"}, "type": "array"}, "autonomous_system": {"$ref": "#/$defs/autonomous_system"}, "container": {"$ref": "#/$defs/container"}, "domain": {"type": "string"}, "hostname": {"type": "string"}, "hw_info": {"$ref": "#/$defs/device_hw_info"}, "instance_uid": {"type": "string"}, "interface_name": {"type": "string"}, "interface_uid": {"type": "string"}, "intermediate_ips": {"items": {"type": "string"}, "type": "array"}, "ip": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "mac": {"type": "string"}, "name": {"type": "string"}, "namespace_pid": {"type": "integer"}, "os": {"$ref": "#/$defs/os"}, "owner": {"$ref": "#/$defs/user"}, "port": {"type": "integer"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "subnet_uid": {"type": "string"}, "svc_name": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 12, 13], "type": "integer"}, "uid": {"type": "string"}, "vlan_uid": {"type": "string"}, "vpc_uid": {"type": "string"}, "zone": {"type": "string"}}, "type": "object"}, "network_interface": {"properties": {"hostname": {"type": "string"}, "ip": {"type": "string"}, "mac": {"type": "string"}, "name": {"type": "string"}, "namespace": {"type": "string"}, "subnet_prefix": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "uid": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "network_proxy": {"properties": {"agent_list": {"items": {"$ref": "#/$defs/agent"}, "type": "array"}, "autonomous_system": {"$ref": "#/$defs/autonomous_system"}, "container": {"$ref": "#/$defs/container"}, "domain": {"type": "string"}, "hostname": {"type": "string"}, "hw_info": {"$ref": "#/$defs/device_hw_info"}, "instance_uid": {"type": "string"}, "interface_name": {"type": "string"}, "interface_uid": {"type": "string"}, "intermediate_ips": {"items": {"type": "string"}, "type": "array"}, "ip": {"type": "string"}, "location": {"$ref": "#/$defs/location"}, "mac": {"type": "string"}, "name": {"type": "string"}, "namespace_pid": {"type": "integer"}, "os": {"$ref": "#/$defs/os"}, "owner": {"$ref": "#/$defs/user"}, "port": {"type": "integer"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "subnet_uid": {"type": "string"}, "svc_name": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 12, 13], "type": "integer"}, "uid": {"type": "string"}, "vlan_uid": {"type": "string"}, "vpc_uid": {"type": "string"}, "zone": {"type": "string"}}, "type": "object"}, "network_traffic": {"properties": {"bytes": {"type": "integer"}, "bytes_in": {"type": "integer"}, "bytes_out": {"type": "integer"}, "chunks": {"type": "integer"}, "chunks_in": {"type": "integer"}, "chunks_out": {"type": "integer"}, "packets": {"type": "integer"}, "packets_in": {"type": "integer"}, "packets_out": {"type": "integer"}}, "type": "object"}, "object": {"additionalProperties": true, "properties": {}, "type": "object"}, "observable": {"properties": {"name": {"type": "string"}, "reputation": {"$ref": "#/$defs/reputation"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 12, 13, 19, 28], "type": "integer"}, "value": {"type": "string"}}, "required": ["name", "type_id"], "type": "object"}, "organization": {"properties": {"name": {"type": "string"}, "ou_name": {"type": "string"}, "ou_uid": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "os": {"properties": {"build": {"type": "string"}, "country": {"type": "string"}, "cpe_name": {"type": "string"}, "cpu_bits": {"type": "integer"}, "edition": {"type": "string"}, "lang": {"type": "string"}, "name": {"type": "string"}, "sp_name": {"type": "string"}, "sp_ver": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [0, 99, 101, 100, 200, 201, 300, 301, 302, 400, 401, 402], "type": "integer"}, "version": {"type": "string"}}, "required": ["name", "type_id"], "type": "object"}, "osint": {"properties": {"answers": {"items": {"$ref": "#/$defs/dns_answer"}, "type": "array"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "autonomous_system": {"$ref": "#/$defs/autonomous_system"}, "comment": {"type": "string"}, "confidence": {"type": "string"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "email": {"$ref": "#/$defs/email"}, "email_auth": {"$ref": "#/$defs/email_auth"}, "kill_chain": {"items": {"$ref": "#/$defs/kill_chain_phase"}, "type": "array"}, "location": {"$ref": "#/$defs/location"}, "name": {"type": "string"}, "signatures": {"items": {"$ref": "#/$defs/digital_signature"}, "type": "array"}, "src_url": {"type": "string"}, "subdomains": {"items": {"type": "string"}, "type": "array"}, "tlp": {"enum": ["RED", "AMBER", "AMBER STRICT", "GREEN", "CLEAR"], "type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "uid": {"type": "string"}, "value": {"type": "string"}, "vendor_name": {"type": "string"}, "vulnerabilities": {"items": {"$ref": "#/$defs/vulnerability"}, "type": "array"}, "whois": {"$ref": "#/$defs/whois"}}, "required": ["type_id", "value"], "type": "object"}, "package": {"properties": {"architecture": {"type": "string"}, "cpe_name": {"type": "string"}, "epoch": {"type": "integer"}, "hash": {"$ref": "#/$defs/fingerprint"}, "license": {"type": "string"}, "name": {"type": "string"}, "purl": {"type": "string"}, "release": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "vendor_name": {"type": "string"}, "version": {"type": "string"}}, "required": ["name", "version"], "type": "object"}, "peripheral_device": {"properties": {"class": {"type": "string"}, "model": {"type": "string"}, "name": {"type": "string"}, "serial_number": {"type": "string"}, "uid": {"type": "string"}, "vendor_name": {"type": "string"}}, "required": ["class", "name"], "type": "object"}, "policy": {"properties": {"desc": {"type": "string"}, "group": {"$ref": "#/$defs/group"}, "is_applied": {"type": "boolean"}, "name": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "process": {"properties": {"auid": {"type": "integer"}, "cmd_line": {"type": "string"}, "container": {"$ref": "#/$defs/container"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "egid": {"type": "integer"}, "euid": {"type": "integer"}, "file": {"$ref": "#/$defs/file"}, "group": {"$ref": "#/$defs/group"}, "integrity": {"type": "string"}, "integrity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "lineage": {"items": {"type": "string"}, "type": "array"}, "loaded_modules": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "namespace_pid": {"type": "integer"}, "parent_process": {"$ref": "#/$defs/process"}, "pid": {"type": "integer"}, "sandbox": {"type": "string"}, "session": {"$ref": "#/$defs/session"}, "terminated_time": {"type": "integer"}, "terminated_time_dt": {"type": "string"}, "tid": {"type": "integer"}, "uid": {"type": "string"}, "user": {"$ref": "#/$defs/user"}, "xattributes": {"$ref": "#/$defs/object"}}, "type": "object"}, "product": {"properties": {"cpe_name": {"type": "string"}, "data_classification": {"$ref": "#/$defs/data_classification"}, "feature": {"$ref": "#/$defs/feature"}, "lang": {"type": "string"}, "name": {"type": "string"}, "path": {"type": "string"}, "uid": {"type": "string"}, "url_string": {"type": "string"}, "vendor_name": {"type": "string"}, "version": {"type": "string"}}, "required": ["vendor_name"], "type": "object"}, "query_info": {"properties": {"bytes": {"type": "integer"}, "data": {}, "name": {"type": "string"}, "query_string": {"type": "string"}, "query_time": {"type": "integer"}, "query_time_dt": {"type": "string"}, "uid": {"type": "string"}}, "required": ["query_string"], "type": "object"}, "related_event": {"properties": {"attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "kill_chain": {"items": {"$ref": "#/$defs/kill_chain_phase"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "product_uid": {"type": "string"}, "type": {"type": "string"}, "type_name": {"type": "string"}, "type_uid": {"type": "integer"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "remediation": {"properties": {"desc": {"type": "string"}, "kb_article_list": {"items": {"$ref": "#/$defs/kb_article"}, "type": "array"}, "kb_articles": {"items": {"type": "string"}, "type": "array"}, "references": {"items": {"type": "string"}, "type": "array"}}, "required": ["desc"], "type": "object"}, "reputation": {"properties": {"base_score": {"type": "number"}, "provider": {"type": "string"}, "score": {"type": "string"}, "score_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}}, "required": ["base_score", "score_id"], "type": "object"}, "request": {"properties": {"containers": {"items": {"$ref": "#/$defs/container"}, "type": "array"}, "data": {}, "flags": {"items": {"type": "string"}, "type": "array"}, "uid": {"type": "string"}}, "required": ["uid"], "type": "object"}, "resource_details": {"properties": {"agent_list": {"items": {"$ref": "#/$defs/agent"}, "type": "array"}, "cloud_partition": {"type": "string"}, "criticality": {"type": "string"}, "data": {}, "data_classification": {"$ref": "#/$defs/data_classification"}, "group": {"$ref": "#/$defs/group"}, "labels": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "namespace": {"type": "string"}, "owner": {"$ref": "#/$defs/user"}, "region": {"type": "string"}, "type": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "response": {"properties": {"code": {"type": "integer"}, "containers": {"items": {"$ref": "#/$defs/container"}, "type": "array"}, "data": {}, "error": {"type": "string"}, "error_message": {"type": "string"}, "flags": {"items": {"type": "string"}, "type": "array"}, "message": {"type": "string"}}, "type": "object"}, "rpc_interface": {"properties": {"ack_reason": {"type": "integer"}, "ack_result": {"type": "integer"}, "uuid": {"type": "string"}, "version": {"type": "string"}}, "required": ["uuid", "version"], "type": "object"}, "rule": {"properties": {"category": {"type": "string"}, "desc": {"type": "string"}, "name": {"type": "string"}, "type": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "san": {"properties": {"name": {"type": "string"}, "type": {"type": "string"}}, "required": ["name", "type"], "type": "object"}, "scan": {"properties": {"name": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "uid": {"type": "string"}}, "required": ["type_id"], "type": "object"}, "security_state": {"properties": {"state": {"type": "string"}, "state_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 12, 13, 19], "type": "integer"}}, "type": "object"}, "service": {"properties": {"labels": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "uid": {"type": "string"}, "version": {"type": "string"}}, "type": "object"}, "session": {"properties": {"count": {"type": "integer"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "credential_uid": {"type": "string"}, "expiration_reason": {"type": "string"}, "expiration_time": {"type": "integer"}, "expiration_time_dt": {"type": "string"}, "is_mfa": {"type": "boolean"}, "is_remote": {"type": "boolean"}, "is_vpn": {"type": "boolean"}, "issuer": {"type": "string"}, "terminal": {"type": "string"}, "uid": {"type": "string"}, "uid_alt": {"type": "string"}, "uuid": {"type": "string"}}, "type": "object"}, "sub_technique": {"properties": {"name": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "table": {"properties": {"created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "desc": {"type": "string"}, "groups": {"items": {"$ref": "#/$defs/group"}, "type": "array"}, "modified_time": {"type": "integer"}, "modified_time_dt": {"type": "string"}, "name": {"type": "string"}, "size": {"type": "integer"}, "uid": {"type": "string"}}, "type": "object"}, "tactic": {"properties": {"name": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "technique": {"properties": {"name": {"type": "string"}, "src_url": {"type": "string"}, "uid": {"type": "string"}}, "type": "object"}, "ticket": {"properties": {"src_url": {"type": "string"}, "title": {"type": "string"}, "type": {"type": "string"}, "type_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "uid": {"type": "string"}}, "type": "object"}, "timespan": {"properties": {"duration": {"type": "integer"}, "duration_days": {"type": "integer"}, "duration_hours": {"type": "integer"}, "duration_mins": {"type": "integer"}, "duration_months": {"type": "integer"}, "duration_secs": {"type": "integer"}, "duration_weeks": {"type": "integer"}, "duration_years": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8], "type": "integer"}}, "type": "object"}, "tls": {"properties": {"alert": {"type": "integer"}, "certificate": {"$ref": "#/$defs/certificate"}, "certificate_chain": {"items": {"type": "string"}, "type": "array"}, "cipher": {"type": "string"}, "client_ciphers": {"items": {"type": "string"}, "type": "array"}, "extension_list": {"items": {"$ref": "#/$defs/tls_extension"}, "type": "array"}, "handshake_dur": {"type": "integer"}, "ja3_hash": {"$ref": "#/$defs/fingerprint"}, "ja3s_hash": {"$ref": "#/$defs/fingerprint"}, "key_length": {"type": "integer"}, "sans": {"items": {"$ref": "#/$defs/san"}, "type": "array"}, "server_ciphers": {"items": {"type": "string"}, "type": "array"}, "sni": {"type": "string"}, "tls_extension_list": {"items": {"$ref": "#/$defs/tls_extension"}, "type": "array"}, "version": {"type": "string"}}, "required": ["version"], "type": "object"}, "tls_extension": {"properties": {"data": {}, "type": {"type": "string"}, "type_id": {"enum": [0, 1, 99, 5, 10, 14, 15, 16, 18, 20, 21, 43, 44, 45, 47, 49, 50, 51, 13, 19, 41, 42, 48], "type": "integer"}}, "required": ["type_id"], "type": "object"}, "url": {"properties": {"categories": {"items": {"type": "string"}, "type": "array"}, "category_ids": {"items": {"enum": [57, 51, 5, 9, 53, 20, 23, 40, 71, 0, 27, 121, 56, 92, 55, 37, 32, 33, 102, 112, 34, 58, 87, 26, 30, 113, 31, 64, 54, 6, 96, 101, 7, 44, 60, 89, 11, 110, 93, 118, 25, 15, 24, 46, 21, 1, 108, 52, 4, 67, 99, 85, 29, 68, 16, 109, 86, 17, 95, 106, 50, 98, 35, 18, 38, 43, 90, 107, 83, 111, 103, 63, 22, 47, 66, 65, 61, 3, 59, 88, 14, 84, 49, 36, 45, 114, 97], "type": "integer"}, "type": "array"}, "domain": {"type": "string"}, "hostname": {"type": "string"}, "path": {"type": "string"}, "port": {"type": "integer"}, "query_string": {"type": "string"}, "resource_type": {"type": "string"}, "scheme": {"type": "string"}, "subdomain": {"type": "string"}, "url_string": {"type": "string"}}, "type": "object"}, "user": {"properties": {"account": {"$ref": "#/$defs/account"}, "credential_uid": {"type": "string"}, "domain": {"type": "string"}, "email_addr": {"type": "string"}, "full_name": {"type": "string"}, "groups": {"items": {"$ref": "#/$defs/group"}, "type": "array"}, "ldap_person": {"$ref": "#/$defs/ldap_person"}, "name": {"type": "string"}, "org": {"$ref": "#/$defs/organization"}, "risk_level": {"type": "string"}, "risk_level_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "risk_score": {"type": "integer"}, "type": {"type": "string"}, "type_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "uid": {"type": "string"}, "uid_alt": {"type": "string"}}, "type": "object"}, "vulnerability": {"properties": {"affected_code": {"items": {"$ref": "#/$defs/affected_code"}, "type": "array"}, "affected_packages": {"items": {"$ref": "#/$defs/affected_package"}, "type": "array"}, "cve": {"$ref": "#/$defs/cve"}, "cwe": {"$ref": "#/$defs/cwe"}, "desc": {"type": "string"}, "first_seen_time": {"type": "integer"}, "first_seen_time_dt": {"type": "string"}, "fix_available": {"type": "boolean"}, "is_exploit_available": {"type": "boolean"}, "is_fix_available": {"type": "boolean"}, "kb_article_list": {"items": {"$ref": "#/$defs/kb_article"}, "type": "array"}, "kb_articles": {"items": {"type": "string"}, "type": "array"}, "last_seen_time": {"type": "integer"}, "last_seen_time_dt": {"type": "string"}, "packages": {"items": {"$ref": "#/$defs/package"}, "type": "array"}, "references": {"items": {"type": "string"}, "type": "array"}, "related_vulnerabilities": {"items": {"type": "string"}, "type": "array"}, "remediation": {"$ref": "#/$defs/remediation"}, "severity": {"type": "string"}, "title": {"type": "string"}, "vendor_name": {"type": "string"}}, "type": "object"}, "web_resource": {"properties": {"data": {}, "data_classification": {"$ref": "#/$defs/data_classification"}, "desc": {"type": "string"}, "labels": {"items": {"type": "string"}, "type": "array"}, "name": {"type": "string"}, "type": {"type": "string"}, "uid": {"type": "string"}, "url_string": {"type": "string"}}, "type": "object"}, "whois": {"properties": {"autonomous_system": {"$ref": "#/$defs/autonomous_system"}, "created_time": {"type": "integer"}, "created_time_dt": {"type": "string"}, "dnssec_status": {"type": "string"}, "dnssec_status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "domain": {"type": "string"}, "domain_contacts": {"items": {"$ref": "#/$defs/domain_contact"}, "type": "array"}, "email_addr": {"type": "string"}, "last_seen_time": {"type": "integer"}, "last_seen_time_dt": {"type": "string"}, "name_servers": {"items": {"type": "string"}, "type": "array"}, "phone_number": {"type": "string"}, "registrar": {"type": "string"}, "status": {"type": "string"}, "subdomains": {"items": {"type": "string"}, "type": "array"}, "subnet": {"type": "string"}}, "type": "object"}, "win_reg_key": {"error": "Object win_reg_key not found"}, "win_reg_value": {"error": "Object win_reg_value not found"}, "win_win_resource": {"error": "Object win_win_resource not found"}, "win_win_service": {"error": "Object win_win_service not found"}, "account_change": {"$id": "https://schema.ocsf.io/schema/classes/account_change", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 3, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "user_result": {"$ref": "#/$defs/user"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3001, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "policy": {"$ref": "#/$defs/policy"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid", "user"], "type": "object"}, "admin_group_query": {"$id": "https://schema.ocsf.io/schema/classes/admin_group_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "users": {"items": {"$ref": "#/$defs/user"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5009, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "group": {"$ref": "#/$defs/group"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "group", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "api_activity": {"$id": "https://schema.ocsf.io/schema/classes/api_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 6, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "actor", "api", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "src_endpoint", "time", "type_uid"], "type": "object"}, "application_lifecycle": {"$id": "https://schema.ocsf.io/schema/classes/application_lifecycle", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 6, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "app": {"$ref": "#/$defs/product"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6002, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "app", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "authentication": {"$id": "https://schema.ocsf.io/schema/classes/authentication", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 3, "type": "integer"}, "is_remote": {"type": "boolean"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "certificate": {"$ref": "#/$defs/certificate"}, "is_new_logon": {"type": "boolean"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "session": {"$ref": "#/$defs/session"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "logon_type": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "is_mfa": {"type": "boolean"}, "logon_type_id": {"enum": [3, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 12, 13], "type": "integer"}, "auth_factors": {"items": {"$ref": "#/$defs/auth_factor"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3002, "type": "integer"}, "logon_process": {"$ref": "#/$defs/process"}, "activity_name": {"type": "string"}, "service": {"$ref": "#/$defs/service"}, "auth_protocol_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "auth_protocol": {"type": "string"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "is_cleartext": {"type": "boolean"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid", "user"], "type": "object"}, "authorize_session": {"$id": "https://schema.ocsf.io/schema/classes/authorize_session", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "privileges": {"items": {"type": "string"}, "type": "array"}, "category_uid": {"const": 3, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "session": {"$ref": "#/$defs/session"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "group": {"$ref": "#/$defs/group"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid", "user"], "type": "object"}, "base_event": {"$id": "https://schema.ocsf.io/schema/classes/base_event", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"activity_id": {"enum": [0, 99], "type": "integer"}, "activity_name": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "category_name": {"type": "string"}, "category_uid": {"const": 0, "type": "integer"}, "class_name": {"type": "string"}, "class_uid": {"const": 0, "type": "integer"}, "cloud": {"$ref": "#/$defs/cloud"}, "count": {"type": "integer"}, "duration": {"type": "integer"}, "end_time": {"type": "integer"}, "end_time_dt": {"type": "string"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "message": {"type": "string"}, "metadata": {"$ref": "#/$defs/metadata"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "raw_data": {"type": "string"}, "severity": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "start_time": {"type": "integer"}, "start_time_dt": {"type": "string"}, "status": {"type": "string"}, "status_code": {"type": "string"}, "status_detail": {"type": "string"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "time": {"type": "integer"}, "time_dt": {"type": "string"}, "timezone_offset": {"type": "integer"}, "type_name": {"type": "string"}, "type_uid": {"type": "integer"}, "unmapped": {"$ref": "#/$defs/object"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "compliance_finding": {"$id": "https://schema.ocsf.io/schema/classes/compliance_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "resource": {"$ref": "#/$defs/resource_details"}, "category_uid": {"const": 2, "type": "integer"}, "confidence": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "finding_info": {"$ref": "#/$defs/finding_info"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "comment": {"type": "string"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "compliance": {"$ref": "#/$defs/compliance"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "compliance", "finding_info", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "config_state": {"$id": "https://schema.ocsf.io/schema/classes/config_state", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5002, "type": "integer"}, "cis_benchmark_result": {"$ref": "#/$defs/cis_benchmark_result"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "datastore_activity": {"$id": "https://schema.ocsf.io/schema/classes/datastore_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 6, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "type": {"type": "string"}, "databucket": {"$ref": "#/$defs/databucket"}, "table": {"$ref": "#/$defs/table"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "database": {"$ref": "#/$defs/database"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6005, "type": "integer"}, "type_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "src_endpoint", "time", "type_uid"], "type": "object"}, "data_security_finding": {"$id": "https://schema.ocsf.io/schema/classes/data_security_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 2, "type": "integer"}, "action": {"type": "string"}, "confidence": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "finding_info": {"$ref": "#/$defs/finding_info"}, "databucket": {"$ref": "#/$defs/databucket"}, "table": {"$ref": "#/$defs/table"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "database": {"$ref": "#/$defs/database"}, "comment": {"type": "string"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "risk_level": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "impact_score": {"type": "integer"}, "data_security": {"$ref": "#/$defs/data_security"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "risk_score": {"type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2006, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "impact": {"type": "string"}, "risk_level_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "impact_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "finding_info", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "detection_finding": {"$id": "https://schema.ocsf.io/schema/classes/detection_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 2, "type": "integer"}, "action": {"type": "string"}, "confidence": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "finding_info": {"$ref": "#/$defs/finding_info"}, "end_time_dt": {"type": "string"}, "risk_details": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "comment": {"type": "string"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "risk_level": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "impact_score": {"type": "integer"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "risk_score": {"type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2004, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "impact": {"type": "string"}, "risk_level_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "impact_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "evidences": {"items": {"$ref": "#/$defs/evidences"}, "type": "array"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "vulnerabilities": {"items": {"$ref": "#/$defs/vulnerability"}, "type": "array"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "finding_info", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "device_config_state_change": {"$id": "https://schema.ocsf.io/schema/classes/device_config_state_change", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "security_states": {"items": {"$ref": "#/$defs/security_state"}, "type": "array"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "security_level": {"type": "string"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5019, "type": "integer"}, "prev_security_states": {"items": {"$ref": "#/$defs/security_state"}, "type": "array"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "state": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "prev_security_level": {"type": "string"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "state_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "prev_security_level_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "security_level_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "dhcp_activity": {"$id": "https://schema.ocsf.io/schema/classes/dhcp_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "lease_dur": {"type": "integer"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "transaction_uid": {"type": "string"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4004, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "relay": {"$ref": "#/$defs/network_interface"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}, "is_renewal": {"type": "boolean"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "dns_activity": {"$id": "https://schema.ocsf.io/schema/classes/dns_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"query_time_dt": {"type": "string"}, "traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "query": {"$ref": "#/$defs/dns_query"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "response_time": {"type": "integer"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "response_time_dt": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "rcode_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 16, 17, 18, 20, 21, 22, 23, 24, 25, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "rcode": {"type": "string"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [6, 0, 1, 2, 99], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4003, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "answers": {"items": {"$ref": "#/$defs/dns_answer"}, "type": "array"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "query_time": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "email_activity": {"$id": "https://schema.ocsf.io/schema/classes/email_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"email_auth": {"$ref": "#/$defs/email_auth"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "banner": {"type": "string"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "direction": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "email": {"$ref": "#/$defs/email"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4009, "type": "integer"}, "activity_name": {"type": "string"}, "attempt": {"type": "integer"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "smtp_hello": {"type": "string"}, "direction_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "category_uid", "class_uid", "cloud", "direction_id", "email", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "email_file_activity": {"$id": "https://schema.ocsf.io/schema/classes/email_file_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"email_uid": {"type": "string"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4011, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "category_uid", "class_uid", "cloud", "email_uid", "file", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "email_url_activity": {"$id": "https://schema.ocsf.io/schema/classes/email_url_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"email_uid": {"type": "string"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4012, "type": "integer"}, "url": {"$ref": "#/$defs/url"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "category_uid", "class_uid", "cloud", "email_uid", "metadata", "osint", "severity_id", "time", "type_uid", "url"], "type": "object"}, "entity_management": {"$id": "https://schema.ocsf.io/schema/classes/entity_management", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 3, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "comment": {"type": "string"}, "access_list": {"items": {"type": "string"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 12, 13], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "entity": {"$ref": "#/$defs/managed_entity"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3004, "type": "integer"}, "activity_name": {"type": "string"}, "entity_result": {"$ref": "#/$defs/managed_entity"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "access_mask": {"type": "integer"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "entity", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "event_log": {"$id": "https://schema.ocsf.io/schema/classes/event_log", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "log_name": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "log_provider": {"type": "string"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1008, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "log_type_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "log_type": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "file_activity": {"$id": "https://schema.ocsf.io/schema/classes/file_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"component": {"type": "string"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "file_result": {"$ref": "#/$defs/file"}, "create_mask": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 12, 13], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "connection_uid": {"type": "string"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1001, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "file_diff": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "access_mask": {"type": "integer"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "file", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "file_hosting": {"$id": "https://schema.ocsf.io/schema/classes/file_hosting", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "expiration_time_dt": {"type": "string"}, "category_uid": {"const": 6, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "expiration_time": {"type": "integer"}, "status_detail": {"type": "string"}, "file_result": {"$ref": "#/$defs/file"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 12, 13], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6006, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["activity_id", "actor", "category_uid", "class_uid", "cloud", "file", "metadata", "osint", "severity_id", "src_endpoint", "time", "type_uid"], "type": "object"}, "file_query": {"$id": "https://schema.ocsf.io/schema/classes/file_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5007, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "file", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "file_remediation_activity": {"$id": "https://schema.ocsf.io/schema/classes/file_remediation_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 7, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "command_uid": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "countermeasures": {"items": {"$ref": "#/$defs/d3fend"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 7002, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "scan": {"$ref": "#/$defs/scan"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "command_uid", "file", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "folder_query": {"$id": "https://schema.ocsf.io/schema/classes/folder_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "folder": {"$ref": "#/$defs/file"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5008, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "folder", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "ftp_activity": {"$id": "https://schema.ocsf.io/schema/classes/ftp_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "port": {"type": "integer"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "command": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "type": {"type": "string"}, "command_responses": {"items": {"type": "string"}, "type": "array"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "name": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4008, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "codes": {"items": {"type": "integer"}, "type": "array"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "group_management": {"$id": "https://schema.ocsf.io/schema/classes/group_management", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "resource": {"$ref": "#/$defs/resource_details"}, "privileges": {"items": {"type": "string"}, "type": "array"}, "category_uid": {"const": 3, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3006, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "group": {"$ref": "#/$defs/group"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "group", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "http_activity": {"$id": "https://schema.ocsf.io/schema/classes/http_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "http_response": {"$ref": "#/$defs/http_response"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4002, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "http_status": {"type": "integer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "http_cookies": {"items": {"$ref": "#/$defs/http_cookie"}, "type": "array"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "http_request", "http_response", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "incident_finding": {"$id": "https://schema.ocsf.io/schema/classes/incident_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 2, "type": "integer"}, "assignee": {"$ref": "#/$defs/user"}, "desc": {"type": "string"}, "confidence": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "finding_info_list": {"items": {"$ref": "#/$defs/finding_info"}, "type": "array"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "comment": {"type": "string"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "is_suspected_breach": {"type": "boolean"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "priority_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "impact_score": {"type": "integer"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "priority": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "assignee_group": {"$ref": "#/$defs/group"}, "ticket": {"$ref": "#/$defs/ticket"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2005, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "impact": {"type": "string"}, "impact_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "verdict": {"type": "string"}, "severity": {"type": "string"}, "src_url": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "verdict_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "finding_info_list", "metadata", "osint", "severity_id", "status_id", "time", "type_uid"], "type": "object"}, "inventory_info": {"$id": "https://schema.ocsf.io/schema/classes/inventory_info", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5001, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "job_query": {"$id": "https://schema.ocsf.io/schema/classes/job_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "job": {"$ref": "#/$defs/job"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5010, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "job", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "kernel_activity": {"$id": "https://schema.ocsf.io/schema/classes/kernel_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "kernel": {"$ref": "#/$defs/kernel"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "kernel", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "kernel_extension": {"$id": "https://schema.ocsf.io/schema/classes/kernel_extension", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "driver": {"$ref": "#/$defs/kernel_driver"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1002, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "driver", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "kernel_object_query": {"$id": "https://schema.ocsf.io/schema/classes/kernel_object_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "kernel": {"$ref": "#/$defs/kernel"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5006, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "kernel", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "memory_activity": {"$id": "https://schema.ocsf.io/schema/classes/memory_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "requested_permissions": {"type": "integer"}, "base_address": {"type": "string"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1004, "type": "integer"}, "activity_name": {"type": "string"}, "size": {"type": "integer"}, "start_time": {"type": "integer"}, "actual_permissions": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "process", "severity_id", "time", "type_uid"], "type": "object"}, "module_activity": {"$id": "https://schema.ocsf.io/schema/classes/module_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "module": {"$ref": "#/$defs/module"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1005, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "metadata", "module", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "module_query": {"$id": "https://schema.ocsf.io/schema/classes/module_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "module": {"$ref": "#/$defs/module"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5011, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "module", "osint", "process", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "networks_query": {"$id": "https://schema.ocsf.io/schema/classes/networks_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5013, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "network_interfaces": {"items": {"$ref": "#/$defs/network_interface"}, "type": "array"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "network_interfaces", "osint", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "network_activity": {"$id": "https://schema.ocsf.io/schema/classes/network_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4001, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "url": {"$ref": "#/$defs/url"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "network_connection_query": {"$id": "https://schema.ocsf.io/schema/classes/network_connection_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5012, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "state": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "state_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11], "type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "connection_info", "metadata", "osint", "process", "query_result_id", "severity_id", "state_id", "time", "type_uid"], "type": "object"}, "network_file_activity": {"$id": "https://schema.ocsf.io/schema/classes/network_file_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "expiration_time_dt": {"type": "string"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "expiration_time": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 12, 13], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4010, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "file", "metadata", "osint", "severity_id", "src_endpoint", "time", "type_uid"], "type": "object"}, "network_remediation_activity": {"$id": "https://schema.ocsf.io/schema/classes/network_remediation_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 7, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "command_uid": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "countermeasures": {"items": {"$ref": "#/$defs/d3fend"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 7004, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "scan": {"$ref": "#/$defs/scan"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "command_uid", "connection_info", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "ntp_activity": {"$id": "https://schema.ocsf.io/schema/classes/ntp_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "stratum": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4013, "type": "integer"}, "delay": {"type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "precision": {"type": "integer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "dispersion": {"type": "integer"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "stratum_id": {"enum": [0, 1, 2, 99, 16, 17], "type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}, "version": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid", "version"], "type": "object"}, "patch_state": {"$id": "https://schema.ocsf.io/schema/classes/patch_state", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "kb_article_list": {"items": {"$ref": "#/$defs/kb_article"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5004, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "peripheral_device_query": {"$id": "https://schema.ocsf.io/schema/classes/peripheral_device_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "peripheral_device": {"$ref": "#/$defs/peripheral_device"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5014, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "peripheral_device", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "process_activity": {"$id": "https://schema.ocsf.io/schema/classes/process_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "module": {"$ref": "#/$defs/module"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "injection_type_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "requested_permissions": {"type": "integer"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1007, "type": "integer"}, "injection_type": {"type": "string"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "actual_permissions": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "exit_code": {"type": "integer"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "actor", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "process", "severity_id", "time", "type_uid"], "type": "object"}, "process_query": {"$id": "https://schema.ocsf.io/schema/classes/process_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5015, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "process", "query_result_id", "severity_id", "time", "type_uid"], "type": "object"}, "process_remediation_activity": {"$id": "https://schema.ocsf.io/schema/classes/process_remediation_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 7, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "command_uid": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "countermeasures": {"items": {"$ref": "#/$defs/d3fend"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 7003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "scan": {"$ref": "#/$defs/scan"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "command_uid", "metadata", "osint", "process", "severity_id", "time", "type_uid"], "type": "object"}, "rdp_activity": {"$id": "https://schema.ocsf.io/schema/classes/rdp_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "certificate_chain": {"items": {"type": "string"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4005, "type": "integer"}, "response": {"$ref": "#/$defs/response"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "capabilities": {"items": {"type": "string"}, "type": "array"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "request": {"$ref": "#/$defs/request"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "identifier_cookie": {"type": "string"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "remote_display": {"$ref": "#/$defs/display"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}, "protocol_ver": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "remediation_activity": {"$id": "https://schema.ocsf.io/schema/classes/remediation_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 7, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "command_uid": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "countermeasures": {"items": {"$ref": "#/$defs/d3fend"}, "type": "array"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "remediation": {"$ref": "#/$defs/remediation"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 7001, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "scan": {"$ref": "#/$defs/scan"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "command_uid", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "scan_activity": {"$id": "https://schema.ocsf.io/schema/classes/scan_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"num_detections": {"type": "integer"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "num_registry_items": {"type": "integer"}, "num_folders": {"type": "integer"}, "category_uid": {"const": 6, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "command_uid": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10], "type": "integer"}, "num_skipped_items": {"type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "num_files": {"type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "num_trusted_items": {"type": "integer"}, "num_processes": {"type": "integer"}, "class_uid": {"const": 6007, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "scan": {"$ref": "#/$defs/scan"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "total": {"type": "integer"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "num_network_items": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "schedule_uid": {"type": "string"}, "num_resolutions": {"type": "integer"}, "policy": {"$ref": "#/$defs/policy"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "scan", "severity_id", "time", "type_uid"], "type": "object"}, "scheduled_job_activity": {"$id": "https://schema.ocsf.io/schema/classes/scheduled_job_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "disposition": {"type": "string"}, "category_uid": {"const": 1, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "job": {"$ref": "#/$defs/job"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 1006, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "device", "job", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "security_finding": {"$id": "https://schema.ocsf.io/schema/classes/security_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"cis_csc": {"items": {"$ref": "#/$defs/cis_csc"}, "type": "array"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 2, "type": "integer"}, "confidence": {"type": "string"}, "finding": {"$ref": "#/$defs/finding"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "process": {"$ref": "#/$defs/process"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "data_sources": {"items": {"type": "string"}, "type": "array"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "risk_level": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "analytic": {"$ref": "#/$defs/analytic"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "cloud": {"$ref": "#/$defs/cloud"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "impact_score": {"type": "integer"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "risk_score": {"type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "kill_chain": {"items": {"$ref": "#/$defs/kill_chain_phase"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2001, "type": "integer"}, "activity_name": {"type": "string"}, "nist": {"items": {"type": "string"}, "type": "array"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "impact": {"type": "string"}, "risk_level_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "impact_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "compliance": {"$ref": "#/$defs/compliance"}, "severity": {"type": "string"}, "evidence": {}, "category_name": {"type": "string"}, "state": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "state_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "vulnerabilities": {"items": {"$ref": "#/$defs/vulnerability"}, "type": "array"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "finding", "metadata", "osint", "severity_id", "state_id", "time", "type_uid"], "type": "object"}, "service_query": {"$id": "https://schema.ocsf.io/schema/classes/service_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5016, "type": "integer"}, "activity_name": {"type": "string"}, "service": {"$ref": "#/$defs/service"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "query_result_id", "service", "severity_id", "time", "type_uid"], "type": "object"}, "session_query": {"$id": "https://schema.ocsf.io/schema/classes/session_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "session": {"$ref": "#/$defs/session"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5017, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "query_result_id", "session", "severity_id", "time", "type_uid"], "type": "object"}, "smb_activity": {"$id": "https://schema.ocsf.io/schema/classes/smb_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "open_type": {"type": "string"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "command": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "share": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "dce_rpc": {"$ref": "#/$defs/dce_rpc"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "tree_uid": {"type": "string"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4006, "type": "integer"}, "response": {"$ref": "#/$defs/response"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "share_type_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "activity_name": {"type": "string"}, "share_type": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "client_dialects": {"items": {"type": "string"}, "type": "array"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "dialect": {"type": "string"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "software_info": {"$id": "https://schema.ocsf.io/schema/classes/software_info", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "package": {"$ref": "#/$defs/package"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5020, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "product": {"$ref": "#/$defs/product"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "device", "metadata", "osint", "package", "severity_id", "time", "type_uid"], "type": "object"}, "ssh_activity": {"$id": "https://schema.ocsf.io/schema/classes/ssh_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "client_hassh": {"$ref": "#/$defs/hassh"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "auth_type_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7], "type": "integer"}, "file": {"$ref": "#/$defs/file"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "auth_type": {"type": "string"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4007, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "server_hassh": {"$ref": "#/$defs/hassh"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}, "protocol_ver": {"type": "string"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "dst_endpoint", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "tunnel_activity": {"$id": "https://schema.ocsf.io/schema/classes/tunnel_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"traffic": {"$ref": "#/$defs/network_traffic"}, "unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "app_name": {"type": "string"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 4, "type": "integer"}, "action": {"type": "string"}, "ja4_fingerprint_list": {"items": {"$ref": "#/$defs/ja4_fingerprint"}, "type": "array"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "tunnel_type_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "session": {"$ref": "#/$defs/session"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "protocol_name": {"type": "string"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "tunnel_interface": {"$ref": "#/$defs/network_interface"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "tunnel_type": {"type": "string"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 4014, "type": "integer"}, "load_balancer": {"$ref": "#/$defs/load_balancer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}, "connection_info": {"$ref": "#/$defs/network_connection_info"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid"], "type": "object"}, "user_access": {"$id": "https://schema.ocsf.io/schema/classes/user_access", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "resource": {"$ref": "#/$defs/resource_details"}, "privileges": {"items": {"type": "string"}, "type": "array"}, "category_uid": {"const": 3, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 3005, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "privileges", "severity_id", "time", "type_uid", "user"], "type": "object"}, "user_inventory": {"$id": "https://schema.ocsf.io/schema/classes/user_inventory", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5003, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid", "user"], "type": "object"}, "user_query": {"$id": "https://schema.ocsf.io/schema/classes/user_query", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "query_info": {"$ref": "#/$defs/query_info"}, "category_uid": {"const": 5, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "query_result_id": {"enum": [3, 0, 1, 2, 99, 4, 5], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [0, 1, 99], "type": "integer"}, "query_result": {"type": "string"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "user": {"$ref": "#/$defs/user"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 5018, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "query_result_id", "severity_id", "time", "type_uid", "user"], "type": "object"}, "vulnerability_finding": {"$id": "https://schema.ocsf.io/schema/classes/vulnerability_finding", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "resource": {"$ref": "#/$defs/resource_details"}, "category_uid": {"const": 2, "type": "integer"}, "confidence": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "finding_info": {"$ref": "#/$defs/finding_info"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "comment": {"type": "string"}, "confidence_score": {"type": "integer"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "status": {"type": "string"}, "activity_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "resources": {"items": {"$ref": "#/$defs/resource_details"}, "type": "array"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "confidence_id": {"enum": [3, 0, 1, 2, 99], "type": "integer"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 2002, "type": "integer"}, "activity_name": {"type": "string"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "vulnerabilities": {"items": {"$ref": "#/$defs/vulnerability"}, "type": "array"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "finding_info", "metadata", "osint", "severity_id", "time", "type_uid", "vulnerabilities"], "type": "object"}, "web_resources_activity": {"$id": "https://schema.ocsf.io/schema/classes/web_resources_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "http_response": {"$ref": "#/$defs/http_response"}, "disposition": {"type": "string"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 6, "type": "integer"}, "action": {"type": "string"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "disposition_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 12, 13, 19], "type": "integer"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "web_resources_result": {"items": {"$ref": "#/$defs/web_resource"}, "type": "array"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "attacks": {"items": {"$ref": "#/$defs/attack"}, "type": "array"}, "status": {"type": "string"}, "web_resources": {"items": {"$ref": "#/$defs/web_resource"}, "type": "array"}, "activity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5, 7, 8], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "authorizations": {"items": {"$ref": "#/$defs/authorization"}, "type": "array"}, "action_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "firewall_rule": {"$ref": "#/$defs/firewall_rule"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6001, "type": "integer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "malware": {"items": {"$ref": "#/$defs/malware"}, "type": "array"}, "dst_endpoint": {"$ref": "#/$defs/network_endpoint"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}}, "required": ["action_id", "activity_id", "category_uid", "class_uid", "cloud", "metadata", "osint", "severity_id", "time", "type_uid", "web_resources"], "type": "object"}, "web_resource_access_activity": {"$id": "https://schema.ocsf.io/schema/classes/web_resource_access_activity", "$schema": "http://json-schema.org/draft-07/schema#", "properties": {"unmapped": {"$ref": "#/$defs/object"}, "message": {"type": "string"}, "http_response": {"$ref": "#/$defs/http_response"}, "proxy_http_request": {"$ref": "#/$defs/http_request"}, "proxy_connection_info": {"$ref": "#/$defs/network_connection_info"}, "category_uid": {"const": 6, "type": "integer"}, "api": {"$ref": "#/$defs/api"}, "end_time_dt": {"type": "string"}, "duration": {"type": "integer"}, "status_detail": {"type": "string"}, "proxy_tls": {"$ref": "#/$defs/tls"}, "status_code": {"type": "string"}, "type_name": {"type": "string"}, "raw_data": {"type": "string"}, "time": {"type": "integer"}, "status_id": {"enum": [0, 1, 2, 99], "type": "integer"}, "actor": {"$ref": "#/$defs/actor"}, "cloud": {"$ref": "#/$defs/cloud"}, "proxy_http_response": {"$ref": "#/$defs/http_response"}, "status": {"type": "string"}, "web_resources": {"items": {"$ref": "#/$defs/web_resource"}, "type": "array"}, "activity_id": {"enum": [3, 0, 1, 2, 99, 4], "type": "integer"}, "proxy_traffic": {"$ref": "#/$defs/network_traffic"}, "observables": {"items": {"$ref": "#/$defs/observable"}, "type": "array"}, "enrichments": {"items": {"$ref": "#/$defs/enrichment"}, "type": "array"}, "http_request": {"$ref": "#/$defs/http_request"}, "osint": {"items": {"$ref": "#/$defs/osint"}, "type": "array"}, "proxy": {"$ref": "#/$defs/network_proxy"}, "start_time_dt": {"type": "string"}, "class_uid": {"const": 6004, "type": "integer"}, "activity_name": {"type": "string"}, "tls": {"$ref": "#/$defs/tls"}, "start_time": {"type": "integer"}, "class_name": {"type": "string"}, "timezone_offset": {"type": "integer"}, "device": {"$ref": "#/$defs/device"}, "severity": {"type": "string"}, "category_name": {"type": "string"}, "severity_id": {"enum": [3, 6, 0, 1, 2, 99, 4, 5], "type": "integer"}, "count": {"type": "integer"}, "end_time": {"type": "integer"}, "type_uid": {"type": "integer"}, "src_endpoint": {"$ref": "#/$defs/network_endpoint"}, "metadata": {"$ref": "#/$defs/metadata"}, "time_dt": {"type": "string"}, "proxy_endpoint": {"$ref": "#/$defs/network_proxy"}}, "required": ["activity_id", "category_uid", "class_uid", "cloud", "http_request", "metadata", "osint", "severity_id", "time", "type_uid", "web_resources"], "type": "object"}, "win_prefetch_query": {"error": "Event class win_prefetch_query not found"}, "win_registry_key_activity": {"error": "Event class win_registry_key_activity not found"}, "win_registry_key_query": {"error": "Event class win_registry_key_query not found"}, "win_registry_value_activity": {"error": "Event class win_registry_value_activity not found"}, "win_registry_value_query": {"error": "Event class win_registry_value_query not found"}, "win_resource_activity": {"error": "Event class win_resource_activity not found"}, "win_win_service_activity": {"error": "Event class win_win_service_activity not found"}}} \ No newline at end of file