Unmapped
unmapped
The Unmapped object contains an unmapped datum along with a label and type.
Contents
Attributes
Caption | Name | Type | Is Array | Default | Description |
---|---|---|---|---|---|
Caption | caption | String | A short description or label for the unmapped attribute. | ||
Is Array | is_array | Boolean | If true, the value is understood to be an array. Otherwise it is assumed to be a scalar. | ||
Name | name | String | The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record. | ||
Type | type | String | The type of data that is unmapped. | ||
Value | value | JSON | The unmapped attribute value. |
References
Referenced By
- Security Finding
- Vulnerability Finding
- Detection Finding
- Data Security Finding
- Incident Finding
- Compliance Finding
- Finding
- Base Event
- Entity Management
- Authentication
- Authorize Session
- User Access Management
- Account Change
- Identity & Access Management
- Group Management
- Memory Activity
- Process Activity
- Kernel Activity
- File System Activity
- System Activity
- Scheduled Job Activity
- Event Log Activity
- Module Activity
- Kernel Extension Activity
- Web Resources Activity
- Web Resource Access Activity
- API Activity
- Datastore Activity
- File Hosting Activity
- Application Lifecycle
- Scan Activity
- Application Activity
- Network File Activity
- Tunnel Activity
- RDP Activity
- HTTP Activity
- Email File Activity
- Network Activity
- DHCP Activity
- FTP Activity
- SSH Activity
- SMB Activity
- DNS Activity
- Email Activity
- NTP Activity
- Email URL Activity
- Network
- User Query
- Discovery Result
- Device Inventory Info
- OSINT Inventory Info
- Software Inventory Info
- User Session Query
- Device Config State
- Discovery
- User Inventory Info
- Device Config State Change
- Peripheral Device Query
- Operating System Patch State
- Process Remediation Activity
- Network Remediation Activity
- Remediation Activity
- File Remediation Activity
- Windows Service Activity
- Windows Resource Activity
- Registry Key Query
- Registry Value Query
- Registry Key Activity
- Prefetch Query
- Registry Value Activity
- Digital Certificate
- Autonomous System
- Table
- RPC Interface
- Network Proxy Endpoint
- Scan
- Request Elements
- Linux Process
- Uniform Resource Locator
- DCE/RPC
- API
- Device Hardware Info
- Affected Software Package
- Subject Alternative Name
- CWE
- Finding Information
- JA4+ Fingerprint
- Network Endpoint
- Service
- Object
- Kernel Resource
- Reputation
- Transport Layer Security (TLS)
- Kernel Extension
- Malware
- CIS CSC
- Analytic
- Organization
- Firewall Rule
- HTTP Header
- Authorization Result
- CIS Benchmark Result
- Vulnerability Details
- Data Security
- Database
- User
- CVSS Score
- DNS Query
- DNS Answer
- Entity
- Related Event
- TLS Extension
- CVE
- Endpoint
- Authentication Factor
- LDAP Person
- Ticket
- EPSS
- Windows Evidence Artifacts
- KB Article
- HTTP Cookie
- Account
- Product
- Databucket
- Operating System (OS)
- Identity Provider
- Fingerprint
- Data Classification
- Affected Code
- MITRE ATT&CK® Technique
- Image
- Policy
- CIS Benchmark
- Network Connection Information
- File
- MITRE ATT&CK® Sub Technique
- Geo Location
- Peripheral Device
- Metadata
- Compliance
- Load Balancer
- Metric
- HTTP Response
- Feature
- Group
- Keyboard Information
- Managed Entity
- Email Authentication
- Resource
- Time Span
- Logger
- CIS Control
- HTTP Request
- OSINT
- MITRE DEFEND™ Technique
- Endpoint Connection
- Digital Signature
- Cloud
- Actor
- Remediation
- Session
- Security State
- Software Package
- DNS
- Display
- Query Information
- Response Elements
- Web Resource
- Device
- MITRE ATT&CK® Tactic
- HASSH
- Container
- Network Interface
- Kill Chain Phase
- Job
- Agent
- WHOIS
- MITRE D3FEND™ Tactic
- MITRE ATT&CK®
- Observable
- Domain Contact
- Resource Details
- Enrichment
- Module
- Schema Extension
- MITRE D3FEND™
- Finding
- Network Traffic
- Rule
- Windows Service
- Registry Key
- Windows Resource
- Registry Value
- URL Threat Intelligence
- File Threat Intelligence
- Threat Intelligence
- Domain Threat Intelligence
- Base Threat Intelligence
- IP Threat Intelligence
Context
JSON
{
"name": "unmapped",
"caption": "Unmapped",
"description": "The Unmapped object contains an unmapped datum along with a label and type.",
"attributes": {
"type": {
"requirement": "required",
"description": "The type of data that is unmapped.",
"caption": "Type",
"type": "string_t"
},
"name": {
"requirement": "required",
"description": "The name of the unmapped attribute. This usually corresponds to a field name in the data provider. If no caption is provided, name will be used as a caption. The name attribute must be unique across all unmapped attributes of a record.",
"caption": "Name",
"type": "string_t"
},
"value": {
"requirement": "required",
"description": "The unmapped attribute value.",
"type": "json_t",
"caption": "Value"
},
"caption": {
"requirement": "optional",
"description": "A short description or label for the unmapped attribute.",
"caption": "Caption",
"type": "string_t"
},
"is_array": {
"requirement": "optional",
"type": "boolean_t",
"caption": "Is Array",
"description": "If true, the value is understood to be an array. Otherwise it is assumed to be a scalar."
}
},
"extension": "query"
}