package: "https://ocsf.io/im/0.20.0"
Type: Authorization (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | assign_privileges | Assign Privileges: Assign special privileges to a new logon. |
2 | assign_groups | Assign Groups: Assign special groups to a new logon. |
Type: Cloud_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | login | Login: The event pertains to login activity. |
2 | iam | IAM: The event pertains to Identity and Access Management (IAM) activity (e.g. policy updates, user creations, etc.). |
3 | operational | Operational: The event pertains to cloud resource operations activity (e.g. data downloads, launched virtual machines, etc.). |
Type: Dns_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | resolved | Resolved: The DNS request was successfully resolved. |
2 | unresolved | Unresolved: The DNS request was unresolved. |
3 | query | Query: The DNS query request. |
Type: File_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | create | Create: |
2 | read | Read: |
3 | update | Update: |
4 | delete | Delete: |
5 | rename | Rename: |
6 | set_attributes | Set Attributes: |
7 | set_security | Set Security: |
8 | get_attributes | Get Attributes: |
9 | get_security | Get Security: |
10 | encrypt | Encrypt: |
11 | decrypt | Decrypt: |
Type: Kernel_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | create | Create: |
2 | read | Read: |
3 | delete | Delete: |
4 | invoke | Invoke: |
Type: Memory_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | allocate_page | Allocate Page: |
2 | modify_page | Modify Page: |
3 | delete_page | Delete Page: |
4 | buffer_overflow | Buffer Overflow: |
5 | disabled_dep | Disabled DEP: Data Execution Permission |
6 | enabled_dep | Enabled DEP: Data Execution Permission |
Type: Module_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | load | Load: |
2 | unload | Unload: |
Type: Network_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | established | Established: A new network connection was established. |
2 | closed | Closed: The network connection was closed. |
3 | reset | Reset: The network connection was abnormally terminated or closed by a middle device like firewalls. |
4 | failed | Failed: The network connection failed. For example a connection timeout or no route to host. |
5 | refused | Refused: The network connection was refused. For example an attempt to connect to a server port which is not open. |
6 | traffic | Traffic: Network traffic report. |
Type: Peripheral_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | read | Read: |
2 | write | Write: |
3 | delete | Delete: |
4 | device_mount | Device Mount: |
5 | execute | Execute: |
Type: Registry_key_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | create | Create: |
2 | read | Read: |
3 | modify | Modify: |
4 | delete | Delete: |
5 | rename | Rename: |
6 | set_security | Set Security: |
7 | restore | Restore: |
Type: Registry_value_activity (Enumerated)
ID | Item | Description |
---|---|---|
-1 | other | Other: |
0 | unknown | Unknown: |
1 | get | Get: |
2 | set | Set: |
3 | modify | Modify: |
4 | delete | Delete: |