6004 - Web Resource Access Activity
OCSF Reference
CIM Data Models: Data_Access
OCSF Version: 1.0.0
| CIM Field |
Mapping |
| action |
case(activity_id==0, "unknown", activity_id==1, "access_grant", activity_id==2, "access_deny", activity_id==3, "access_revoke", activity_id==4, "access_error", true(), "other") |
| app |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
| email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| object |
web_resources{}.name |
| src |
coalesce('device.name' , 'device.uid') |
| user |
coalesce('actor.user.name' , 'actor.user.uid') |
| user_agent |
http_request.user_agent |
| user_email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| user_type |
coalesce('actor.user.type' , 'actor.user.type_id') |
| vendor_product |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
OCSF Version: 1.1.0
| CIM Field |
Mapping |
| action |
case(activity_id==0, "unknown", activity_id==1, "access_grant", activity_id==2, "access_deny", activity_id==3, "access_revoke", activity_id==4, "access_error", true(), "other") |
| app |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
| email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| object |
web_resources{}.name |
| src |
coalesce('device.name' , 'device.uid') |
| user |
coalesce('actor.user.name' , 'actor.user.uid') |
| user_agent |
http_request.user_agent |
| user_email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| user_type |
coalesce('actor.user.type' , 'actor.user.type_id') |
| vendor_product |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
OCSF Version: 1.2.0
| CIM Field |
Mapping |
| action |
case(activity_id==0, "unknown", activity_id==1, "access_grant", activity_id==2, "access_deny", activity_id==3, "access_revoke", activity_id==4, "access_error", true(), "other") |
| app |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
| email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| object |
web_resources{}.name |
| src |
coalesce('device.name' , 'device.uid') |
| user |
coalesce('actor.user.name' , 'actor.user.uid') |
| user_agent |
http_request.user_agent |
| user_email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| user_type |
coalesce('actor.user.type' , 'actor.user.type_id') |
| vendor_product |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
OCSF Version: 1.0.0*
| CIM Field |
Mapping |
| action |
case(activity_id==0, "unknown", activity_id==1, "access_grant", activity_id==2, "access_deny", activity_id==3, "access_revoke", activity_id==4, "access_error", true(), "other") |
| app |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |
| email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| object |
web_resources{}.name |
| src |
coalesce('device.name' , 'device.uid') |
| user |
coalesce('actor.user.name' , 'actor.user.uid') |
| user_agent |
http_request.user_agent |
| user_email |
coalesce('actor.user.email_addr', 'actor.process.user.email_addr') |
| user_type |
coalesce('actor.user.type' , 'actor.user.type_id') |
| vendor_product |
coalesce('metadata.product.name' , 'metadata.product.vendor_name') |