AppleAccount.

AWSAccount.

AWSIAMRole.

AWSIAMUser.

AzureADAccount.

GCPAccount.

LDAPAccount.

LinuxAccount.

MacOSAccount.

Other.

Unknown.

WindowsAccount.

Collect.

Log.

Other.

Unknown.

Discovery.

DeviceSoftwareInfo.

Critical.

High.

Info.

Low.

Medium.

Browser.

CNC.

DCS.

Desktop.

EnergyMonitoringSystem.

Firewall.

Hub.

ImagingEquipment.

IOT.

Laptop.

LightingControls.

MedicalDevice.

Mobile.

Other.

PLC.

SCADA.

ScientificEquipment.

Server.

Switch.

Tablet.

TransportationDevice.

Unknown.

Virtual.

CTPH.

MD5.

Other.

quickXorHash.

SHA_1.

SHA_256.

SHA_512.

TLSH.

Unknown.

Mobile.

Other.

Tunnel.

Unknown.

Wired.

Wireless.

Container.

Email.

EmailAddress.

Endpoint.

File.

FileName.

Fingerprint.

GeoLocation.

Hash.

Hostname.

IPAddress.

MACAddress.

Other.

Process.

ProcessName.

ResourceUID.

UniformResourceLocator.

Unknown.

URLString.

User.

UserName.

AIX.

Android.

HP_UX.

iOS.

iPadOS.

Linux.

macOS.

Other.

Solaris.

Unknown.

Windows.

WindowsMobile.

ExerciseCaution.

LeansSafe.

Malicious.

MaynotbeSafe.

Other.

PossiblyMalicious.

ProbablyMalicious.

ProbablySafe.

Safe.

Suspicious_Risky.

Unknown.

VerySafe.

Critical.

Fatal.

High.

Informational.

Low.

Medium.

Other.

Unknown.

Failure.

Other.

Success.

Unknown.

DeviceSoftwareInfo_Collect.

DeviceSoftwareInfo_Log.

DeviceSoftwareInfo_Other.

DeviceSoftwareInfo_Unknown.

The Account object contains details about the account that initiated or performed a specific activity within a system or application.

The API, or Application Programming Interface, object represents information pertaining to an API request and response.

The Cloud object contains information about a cloud account such as AWS Account ID, regions, etc.

The Container object describes an instance of a specific container.

The Device object represents an addressable computer system or host, which is typically connected to a computer network and participates in the transmission or processing of data within the computer network.

The Device Hardware Information object contains details and specifications of the physical components that make up a device.

The Display object contains information about the physical or virtual display connected to a computer system.

The Enrichment object provides inline enrichment data for specific attributes of interest within an event.

The OCSF Schema Extension object provides detailed information about the schema extension used to construct the event.

The Feature object provides information about the software product feature that generated a specific event.

The Fingerprint object provides detailed information about a digital fingerprint, which is a compact representation of data used to identify a longer piece of information, such as a public key or file content.

The Group object represents a collection or association of entities, such as users, policies, or devices.

The Image object provides a description of a specific Virtual Machine (VM) or Container image.

The Keyboard Information object contains details and attributes related to a computer or device keyboard.

The Geo Location object describes a geographical location, usually associated with an IP address.

The Logger object represents the device and product where events are stored with times for receipt and transmission.

The Metadata object describes the metadata associated with the event.

The Network Interface object describes the type and associated attributes of a network interface.

The observable object is a pivot element that contains related information found in many places in the event.

The Organization object describes characteristics of an organization or company and its division if any.

The Operating System (OS) object describes characteristics of an OS, such as Linux or Windows.

The Product object describes characteristics of a software product.

The Reputation object describes the reputation/risk score of an entity (e.g.

The Request Elements object describes characteristics of an API request.

The Response Elements object describes characteristics of an API response.

The Service object describes characteristics of a service, <code> e.g.

Device Software Info events report device software data that is either logged or proactively collected.

AccountTypeId is an enum, and the following values are allowed.

ActivityId is an enum, and the following values are allowed.

CategoryUid is an enum, and the following values are allowed.

ClassUid is an enum, and the following values are allowed.

DeviceRiskLevelId is an enum, and the following values are allowed.

DeviceTypeId is an enum, and the following values are allowed.

Email address.

File name.

FingerprintAlgorithmId is an enum, and the following values are allowed.

Hash.

Unique name assigned to a device connected to a computer network.

Internet Protocol address (IP address), in either IPv4 or IPv6 format.

Media Access Control (MAC) address.

NetworkInterfaceTypeId is an enum, and the following values are allowed.

An unordered collection of attributes.

ObservableTypeId is an enum, and the following values are allowed.

OsTypeId is an enum, and the following values are allowed.

The TCP/UDP port number.

Process name.

ReputationScoreId is an enum, and the following values are allowed.

Resource unique identifier.

SeverityId is an enum, and the following values are allowed.

StatusId is an enum, and the following values are allowed.

The subnet represented in a CIDR notation, using the format network_address/prefix_length.

The timestamp format is the number of milliseconds since the Epoch 01/01/1970 00:00:00 UTC.

TypeUid is an enum, and the following values are allowed.

Uniform Resource Locator (URL) string.

User name.