Group
group
The Group object represents a collection or association of entities, such as users, policies, or devices. It serves as a logical grouping mechanism to organize and manage entities with similar characteristics or permissions within a system or organization.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Description | desc | String | The group description. | ||
| Domain | domain | String | The domain where the group is defined. For example: the LDAP or Active Directory domain. | ||
| Name | name | String | The group name. | ||
| Privileges | privileges | String | The group privileges. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Account Type | type | String | The type of the group or account. | ||
| Unique ID | uid | String | The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Context
JSON
{
"caption": "Group",
"description": "The Group object represents a collection or association of entities, such as users, policies, or devices. It serves as a logical grouping mechanism to organize and manage entities with similar characteristics or permissions within a system or organization.",
"name": "group",
"extends": "_entity",
"attributes": {
"desc": {
"description": "The group description.",
"requirement": "optional",
"caption": "Description",
"type": "string_t"
},
"domain": {
"description": "The domain where the group is defined. For example: the LDAP or Active Directory domain.",
"requirement": "optional",
"caption": "Domain",
"type": "string_t"
},
"name": {
"description": "The group name.",
"observable": 32,
"requirement": "recommended",
"caption": "Name",
"type": "string_t"
},
"privileges": {
"description": "The group privileges.",
"requirement": "optional",
"caption": "Privileges",
"type": "string_t",
"is_array": true
},
"type": {
"description": "The type of the group or account.",
"caption": "Account Type",
"requirement": "optional",
"type": "string_t"
},
"uid": {
"description": "The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group.",
"observable": 33,
"requirement": "recommended",
"caption": "Unique ID",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"name",
"uid"
]
}
}