Skip to content

1001 - File System Activity

OCSF Reference

CIM Data Models: All_Changes

OCSF Version: 1.0.0

CIM Field Mapping
action case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name)
change_type type_name
dest device.uid
dvc device.uid
object file.name
object_category file
object_id file.uid
object_attrs file.attributes
object_path file.path
result_id status_id
result status
src device.hostname
user actor.user.uid
user_name actor.user.name
user_type actor.user.type
vendor_product metadata.product.name

OCSF Version: 1.1.0

CIM Field Mapping
action case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name)
change_type type_name
dest device.uid
dvc device.uid
object file.name
object_category file
object_id file.uid
object_attrs file.attributes
object_path file.path
result_id status_id
result status
src device.hostname
user actor.user.uid
user_name actor.user.name
user_type actor.user.type
vendor_product metadata.product.name

OCSF Version: 1.2.0

CIM Field Mapping
action case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name)
change_type type_name
dest device.uid
dvc device.uid
object file.name
object_category file
object_id file.uid
object_attrs file.attributes
object_path file.path
result_id status_id
result status
src device.hostname
user actor.user.uid
user_name actor.user.name
user_type actor.user.type
vendor_product metadata.product.name

OCSF Version: 1.0.0*

CIM Field Mapping
action case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name)
change_type type_name
dest device.uid
dvc device.uid
object file.name
object_category file
object_id file.uid
object_attrs file.attributes
object_path file.path
result_id status_id
result status
src device.hostname
user actor.user.uid
user_name actor.user.name
user_type actor.user.type
vendor_product metadata.product.name