package: "https://ocsf.io/im/0.20.0"
Type: Authorization (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | assign_privileges | Assign Privileges: Assign special privileges to a new logon. |
| 2 | assign_groups | Assign Groups: Assign special groups to a new logon. |
Type: Cloud_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | login | Login: The event pertains to login activity. |
| 2 | iam | IAM: The event pertains to Identity and Access Management (IAM) activity (e.g. policy updates, user creations, etc.). |
| 3 | operational | Operational: The event pertains to cloud resource operations activity (e.g. data downloads, launched virtual machines, etc.). |
Type: Dns_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | resolved | Resolved: The DNS request was successfully resolved. |
| 2 | unresolved | Unresolved: The DNS request was unresolved. |
| 3 | query | Query: The DNS query request. |
Type: File_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | create | Create: |
| 2 | read | Read: |
| 3 | update | Update: |
| 4 | delete | Delete: |
| 5 | rename | Rename: |
| 6 | set_attributes | Set Attributes: |
| 7 | set_security | Set Security: |
| 8 | get_attributes | Get Attributes: |
| 9 | get_security | Get Security: |
| 10 | encrypt | Encrypt: |
| 11 | decrypt | Decrypt: |
Type: Kernel_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | create | Create: |
| 2 | read | Read: |
| 3 | delete | Delete: |
| 4 | invoke | Invoke: |
Type: Memory_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | allocate_page | Allocate Page: |
| 2 | modify_page | Modify Page: |
| 3 | delete_page | Delete Page: |
| 4 | buffer_overflow | Buffer Overflow: |
| 5 | disabled_dep | Disabled DEP: Data Execution Permission |
| 6 | enabled_dep | Enabled DEP: Data Execution Permission |
Type: Module_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | load | Load: |
| 2 | unload | Unload: |
Type: Network_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | established | Established: A new network connection was established. |
| 2 | closed | Closed: The network connection was closed. |
| 3 | reset | Reset: The network connection was abnormally terminated or closed by a middle device like firewalls. |
| 4 | failed | Failed: The network connection failed. For example a connection timeout or no route to host. |
| 5 | refused | Refused: The network connection was refused. For example an attempt to connect to a server port which is not open. |
| 6 | traffic | Traffic: Network traffic report. |
Type: Peripheral_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | read | Read: |
| 2 | write | Write: |
| 3 | delete | Delete: |
| 4 | device_mount | Device Mount: |
| 5 | execute | Execute: |
Type: Registry_key_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | create | Create: |
| 2 | read | Read: |
| 3 | modify | Modify: |
| 4 | delete | Delete: |
| 5 | rename | Rename: |
| 6 | set_security | Set Security: |
| 7 | restore | Restore: |
Type: Registry_value_activity (Enumerated)
| ID | Item | Description |
|---|---|---|
| -1 | other | Other: |
| 0 | unknown | Unknown: |
| 1 | get | Get: |
| 2 | set | Set: |
| 3 | modify | Modify: |
| 4 | delete | Delete: |