3004 - Entity Management
OCSF Reference
CIM Data Models: All_Changes
OCSF Version: 1.0.0
| CIM Field |
Mapping |
| action |
case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name) |
| change_type |
coalesce('entity.type', "entity") |
| dest |
coalesce('device.hostname', 'device.ip', 'device.name') |
| dvc |
metadata.log_provider |
| object |
entity.name |
| object_category |
entity.type |
| object_id |
entity.uid |
| result_id |
status_id |
| user |
actor.user.name |
| user_type |
actor.user.type |
| vendor_product |
metadata.product.name |
OCSF Version: 1.1.0
| CIM Field |
Mapping |
| action |
case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name) |
| change_type |
coalesce('entity.type', "entity") |
| dest |
coalesce('device.hostname', 'device.ip', 'device.name') |
| dvc |
metadata.log_provider |
| object |
entity.name |
| object_category |
entity.type |
| object_id |
entity.uid |
| result_id |
status_id |
| user |
actor.user.name |
| user_type |
actor.user.type |
| vendor_product |
metadata.product.name |
OCSF Version: 1.2.0
| CIM Field |
Mapping |
| action |
case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name) |
| change_type |
coalesce('entity.type', "entity") |
| dest |
coalesce('device.hostname', 'device.ip', 'device.name') |
| dvc |
metadata.log_provider |
| object |
entity.name |
| object_category |
entity.type |
| object_id |
entity.uid |
| result_id |
status_id |
| user |
actor.user.name |
| user_type |
actor.user.type |
| vendor_product |
metadata.product.name |
OCSF Version: 1.0.0*
| CIM Field |
Mapping |
| action |
case(activity_id==1, "created", activity_id==2, "read", activity_id==3, "updated", activity_id==4, "deleted", activity_id==5, "renamed", true(), activity_name) |
| change_type |
coalesce('entity.type', "entity") |
| dest |
coalesce('device.hostname', 'device.ip', 'device.name') |
| dvc |
metadata.log_provider |
| object |
entity.name |
| object_category |
entity.type |
| object_id |
entity.uid |
| result_id |
status_id |
| user |
actor.user.name |
| user_type |
actor.user.type |
| vendor_product |
metadata.product.name |