Cloud

cloud

The Cloud object contains information about a cloud account such as AWS Account ID, regions, etc.

Contents

Attributes

Caption Name Type Is Array Default Description
Account account Account The account object describes details about the account that was the source or target of the activity.
Account Type account_type String The user account type, as defined by the event source.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Account Type ID account_type_id Integer The normalized user account type identifier.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

-1
Other
0
Unknown
1
LDAP Account
2
Windows Account
3
AWS IAM Account
4
GCP Account
5
Azure AD Account
Account UID account_uid String The unique identifier of the account(e.g. AWS Account ID).

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Organization org Organization Organization and org unit relevant to the event or object.
Org ID org_uid String The unique identifier of the organization to which the user belongs. For example, Active Directory or AWS Org ID.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Project ID project_uid String The unique identifier of a Cloud project.
Provider provider String The unique name of the Cloud services provider, such as AWS, MS Azure, GCP, etc.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Region region String The name of the cloud region, as defined by the cloud provider.
Resource ID resource_uid Resource UID The unique identifier of a cloud resource. For example, S3 Bucket name, EC2 Instance Id.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Network Zone zone String The availability zone in the cloud region, as defined by the cloud provider.

Context

Cloud

JSON

            
{
  "caption": "Cloud",
  "description": "The Cloud object contains information about a cloud account such as AWS Account ID, regions, etc.",
  "extends": "object",
  "name": "cloud",
  "attributes": {
    "account": {
      "requirement": "optional",
      "caption": "Account",
      "description": "The account object describes details about the account that was the source or target of the activity.",
      "type": "account"
    },
    "org": {
      "requirement": "optional",
      "caption": "Organization",
      "description": "Organization and org unit relevant to the event or object.",
      "type": "organization"
    },
    "project_uid": {
      "requirement": "optional",
      "caption": "Project ID",
      "description": "The unique identifier of a Cloud project.",
      "type": "string_t"
    },
    "provider": {
      "description": "The unique name of the Cloud services provider, such as AWS, MS Azure, GCP, etc.",
      "requirement": "required",
      "caption": "Provider",
      "type": "string_t"
    },
    "region": {
      "description": "The name of the cloud region, as defined by the cloud provider.",
      "requirement": "recommended",
      "caption": "Region",
      "type": "string_t"
    },
    "zone": {
      "description": "The availability zone in the cloud region, as defined by the cloud provider.",
      "requirement": "optional",
      "caption": "Network Zone",
      "type": "string_t"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    },
    "account_uid": {
      "requirement": "recommended",
      "caption": "Account UID",
      "description": "The unique identifier of the account(e.g. AWS Account ID).",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "org_uid": {
      "requirement": "optional",
      "caption": "Org ID",
      "description": "The unique identifier of the organization to which the user belongs. For example, Active Directory or AWS Org ID.",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "account_type": {
      "requirement": "optional",
      "caption": "Account Type",
      "description": "The user account type, as defined by the event source.",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "account_type_id": {
      "requirement": "optional",
      "caption": "Account Type ID",
      "description": "The normalized user account type identifier.",
      "enum": {
        "-1": {
          "caption": "Other",
          "description": "The user account type is not mapped."
        },
        "0": {
          "caption": "Unknown",
          "description": "The user account type is unknown."
        },
        "1": {
          "caption": "LDAP Account"
        },
        "2": {
          "caption": "Windows Account"
        },
        "3": {
          "caption": "AWS IAM Account"
        },
        "4": {
          "caption": "GCP Account"
        },
        "5": {
          "caption": "Azure AD Account"
        }
      },
      "sibling": "account_type",
      "type": "integer_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "resource_uid": {
      "requirement": "optional",
      "caption": "Resource ID",
      "description": "The unique identifier of a cloud resource. For example, S3 Bucket name, EC2 Instance Id.",
      "type": "resource_uid_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    }
  }
}