forked from ocsf/ocsf-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
/
categories.json
37 lines (37 loc) · 1.45 KB
/
categories.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
"caption": "Categories",
"name": "category",
"description": "The OCSF categories organize event classes, each aligned with a specific domain or area of focus.",
"attributes": {
"system": {
"caption": "System Activity",
"description": "System Activity events.",
"uid": 1
},
"findings": {
"caption": "Findings",
"description": "Findings events report findings, detections, and possible resolutions of malware, anomalies, or other actions performed by security products.",
"uid": 2
},
"iam": {
"caption": "Identity & Access Management",
"description": "Identity & Access Management (IAM) events relate to the supervision of the system's authentication and access control model. Examples of such events are the success or failure of authentication, granting of authority, password change, entity change, privileged use etc.",
"uid": 3
},
"network": {
"caption": "Network Activity",
"description": "Network Activity events.",
"uid": 4
},
"discovery": {
"caption": "Discovery",
"description": "Discovery events report the existence and state of devices, files, configurations, processes, registry keys, and other objects.",
"uid": 5
},
"application": {
"caption": "Application Activity",
"description": "Application Activity events report detailed information about the behavior of applications and services.",
"uid": 6
}
}
}