Resource Details
resource_details
The Resource Details object describes details about resources that were affected by the activity/event.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Agent List | agent_list | Agent |
A list of agent objects associated with a device, endpoint, or resource.
|
||
| API Details | api | API | Describes details about a typical API (Application Programming Interface) call. | ||
| Cloud | cloud | Cloud | Describes details about the Cloud environment where the event was originally created or logged. | ||
| Cloud Partition | cloud_partition | String | The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov). | ||
| Criticality | criticality | String | The criticality of the resource as defined by the event source. | ||
| Data | data | JSON | Additional data describing the resource. | ||
| Data Classification | data_classification | Data Classification | The Data Classification object includes information about data classification levels and data category types. | ||
| Group | group | Group | The name of the related resource group. | ||
| Labels | labels | String | The list of labels/tags associated to a resource. | ||
| Name | name | String | The name of the resource. | ||
| Namespace | namespace | String | The namespace is useful when similar entities exist that you need to keep separate. | ||
| Owner | owner | User | The identity of the service or user account that owns the resource. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Region | region | String | The cloud region of the resource. | ||
| Type | type | String | The resource type as defined by the event source. | ||
| Unique ID | uid | String | The unique identifier of the resource. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| Version | version | String |
The version of the resource. For example 1.2.3.
|
Context
JSON
{
"caption": "Resource Details",
"description": "The Resource Details object describes details about resources that were affected by the activity/event.",
"extends": "_resource",
"name": "resource_details",
"profiles": [
"cloud"
],
"attributes": {
"agent_list": {
"requirement": "optional",
"caption": "Agent List",
"description": "A list of <code>agent</code> objects associated with a device, endpoint, or resource.",
"type": "agent",
"is_array": true
},
"cloud_partition": {
"profile": "cloud",
"requirement": "optional",
"caption": "Cloud Partition",
"description": "The canonical cloud partition name to which the region is assigned (e.g. AWS Partitions: aws, aws-cn, aws-us-gov).",
"type": "string_t"
},
"criticality": {
"description": "The criticality of the resource as defined by the event source.",
"requirement": "optional",
"caption": "Criticality",
"type": "string_t"
},
"group": {
"description": "The name of the related resource group.",
"requirement": "optional",
"caption": "Group",
"type": "group"
},
"namespace": {
"description": "The namespace is useful when similar entities exist that you need to keep separate.",
"requirement": "optional",
"caption": "Namespace",
"type": "string_t"
},
"owner": {
"description": "The identity of the service or user account that owns the resource.",
"requirement": "recommended",
"caption": "Owner",
"type": "user"
},
"region": {
"description": "The cloud region of the resource.",
"profile": "cloud",
"requirement": "optional",
"caption": "Region",
"type": "string_t"
},
"version": {
"description": "The version of the resource. For example <code>1.2.3</code>.",
"requirement": "optional",
"caption": "Version",
"type": "string_t"
},
"cloud": {
"requirement": "required",
"group": "primary",
"caption": "Cloud",
"description": "Describes details about the Cloud environment where the event was originally created or logged.",
"type": "cloud"
},
"api": {
"requirement": "optional",
"group": "context",
"caption": "API Details",
"description": "Describes details about a typical API (Application Programming Interface) call.",
"type": "api"
},
"$include": [
"profiles/data_classification.json"
],
"data": {
"description": "Additional data describing the resource.",
"requirement": "optional",
"caption": "Data",
"type": "json_t"
},
"labels": {
"description": "The list of labels/tags associated to a resource.",
"requirement": "optional",
"caption": "Labels",
"type": "string_t",
"is_array": true
},
"name": {
"description": "The name of the resource.",
"requirement": "recommended",
"caption": "Name",
"type": "string_t"
},
"type": {
"description": "The resource type as defined by the event source.",
"requirement": "optional",
"caption": "Type",
"type": "string_t"
},
"uid": {
"description": "The unique identifier of the resource.",
"requirement": "recommended",
"caption": "Unique ID",
"type": "string_t"
},
"data_classification": {
"group": "context",
"requirement": "recommended",
"caption": "Data Classification",
"description": "The Data Classification object includes information about data classification levels and data category types.",
"type": "data_classification"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"name",
"uid"
]
}
}