Account
account
The Account object contains details about the account that initiated or performed a specific activity within a system or application.
Contents
Attributes
Caption | Name | Type | Is Array | Default | Description |
---|---|---|---|---|---|
Labels | labels | String | The list of labels/tags associated to the account. | ||
Name | name | String | The name of the account (e.g. GCP Account Name). | ||
Raw Data | raw_data | JSON | The event data as received from the event source. | ||
Record ID | record_id | String | Unique identifier for the object | ||
Type | type | String | The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source. | ||
Type ID | type_id | Integer |
The normalized account type identifier.
|
||
Unique ID | uid | String | The unique identifier of the account (e.g. AWS Account ID). | ||
Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Context
JSON
{
"caption": "Account",
"description": "The Account object contains details about the account that initiated or performed a specific activity within a system or application.",
"name": "account",
"extends": "_entity",
"attributes": {
"name": {
"description": "The name of the account (e.g. GCP Account Name).",
"requirement": "recommended",
"caption": "Name",
"type": "string_t"
},
"type": {
"caption": "Type",
"description": "The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source.",
"requirement": "optional",
"type": "string_t"
},
"type_id": {
"caption": "Type ID",
"description": "The normalized account type identifier.",
"enum": {
"99": {
"caption": "Other",
"description": "The account type is not mapped."
},
"0": {
"caption": "Unknown",
"description": "The account type is unknown."
},
"1": {
"caption": "LDAP Account"
},
"2": {
"caption": "Windows Account"
},
"3": {
"caption": "AWS IAM User"
},
"4": {
"caption": "AWS IAM Role"
},
"5": {
"caption": "GCP Account"
},
"6": {
"caption": "Azure AD Account"
},
"7": {
"caption": "Mac OS Account"
},
"8": {
"caption": "Apple Account"
},
"9": {
"caption": "Linux Account"
},
"10": {
"caption": "AWS Account"
}
},
"requirement": "recommended",
"sibling": "type",
"type": "integer_t"
},
"uid": {
"description": "The unique identifier of the account (e.g. AWS Account ID).",
"requirement": "recommended",
"caption": "Unique ID",
"type": "string_t"
},
"labels": {
"caption": "Labels",
"description": "The list of labels/tags associated to the account.",
"requirement": "optional",
"is_array": true,
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"name",
"uid"
]
}
}