forked from ocsf/ocsf-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
/
categories.json
37 lines (37 loc) · 1.41 KB
/
categories.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
"caption": "Categories",
"name": "category",
"description": "Initial working list of categories (work in progress).",
"attributes": {
"system": {
"caption": "System Activity",
"description": "System Activity events.",
"uid": 1
},
"findings": {
"caption": "Findings",
"description": "Findings events report findings, detections, and possible resolutions of malware, anomalies, or other actions performed by security products.",
"uid": 2
},
"access_control": {
"caption": "Access Control",
"description": "Access Control events relate to the supervision of the system's access control model. Examples of such events are the success or failure of authentication, granting of authority, password change, entity change, privileged use, system state change, and resource access.",
"uid": 3
},
"network": {
"caption": "Network Activity",
"description": "Network Activity events.",
"uid": 4
},
"discovery": {
"caption": "Discovery",
"description": "Discovery events report the existence and state of devices, files, configurations, processes, registry keys, and other objects.",
"uid": 5
},
"application": {
"caption": "Application Activity",
"description": "Application Activity events report detailed information about the behavior of applications and services.",
"uid": 6
}
}
}