ocsf_schema_rs

Struct EventLog

Source 
pub struct EventLog {
Show 49 fields
    pub action: Option<String>,
    pub action_id: EventLogActionId,
    pub activity_id: EventLogActivityId,
    pub activity_name: Option<String>,
    pub actor: Option<Actor>,
    pub api: Option<Api>,
    pub attacks: Vec<Attack>,
    pub authorizations: Vec<Authorization>,
    pub category_name: Option<String>,
    pub category_uid: i64,
    pub class_name: Option<String>,
    pub class_uid: i64,
    pub cloud: Cloud,
    pub count: Option<i64>,
    pub device: Option<Device>,
    pub disposition: Option<String>,
    pub disposition_id: Option<EventLogDispositionId>,
    pub dst_endpoint: Option<NetworkEndpoint>,
    pub duration: Option<i64>,
    pub end_time: Option<i64>,
    pub end_time_dt: Option<String>,
    pub enrichments: Vec<Enrichment>,
    pub file: Option<File>,
    pub firewall_rule: Option<FirewallRule>,
    pub log_name: Option<String>,
    pub log_provider: Option<String>,
    pub log_type: Option<String>,
    pub log_type_id: Option<EventLogLogTypeId>,
    pub malware: Vec<Malware>,
    pub message: Option<String>,
    pub metadata: Metadata,
    pub observables: Vec<Observable>,
    pub osint: Vec<Osint>,
    pub raw_data: Option<String>,
    pub severity: Option<String>,
    pub severity_id: EventLogSeverityId,
    pub src_endpoint: Option<NetworkEndpoint>,
    pub start_time: Option<i64>,
    pub start_time_dt: Option<String>,
    pub status: Option<String>,
    pub status_code: Option<String>,
    pub status_detail: Option<String>,
    pub status_id: Option<EventLogStatusId>,
    pub time: i64,
    pub time_dt: Option<String>,
    pub timezone_offset: Option<i64>,
    pub type_name: Option<String>,
    pub type_uid: i64,
    pub unmapped: Option<Object>,

}
Expand description

EventLog

JSON schema 
{
 "$id": "https://schema.ocsf.io/schema/classes/event_log",
 "type": "object",
 "required": [
   "action_id",
   "activity_id",
   "category_uid",
   "class_uid",
   "cloud",
   "metadata",
   "osint",
   "severity_id",
   "time",
   "type_uid"
 ],
 "properties": {
   "action": {
     "type": "string"
   },
   "action_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "activity_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5,
       7,
       8,
       9,
       10
     ]
   },
   "activity_name": {
     "type": "string"
   },
   "actor": {
     "$ref": "#/$defs/actor"
   },
   "api": {
     "$ref": "#/$defs/api"
   },
   "attacks": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/attack"
     }
   },
   "authorizations": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/authorization"
     }
   },
   "category_name": {
     "type": "string"
   },
   "category_uid": {
     "type": "integer",
     "const": 1
   },
   "class_name": {
     "type": "string"
   },
   "class_uid": {
     "type": "integer",
     "const": 1008
   },
   "cloud": {
     "$ref": "#/$defs/cloud"
   },
   "count": {
     "type": "integer"
   },
   "device": {
     "$ref": "#/$defs/device"
   },
   "disposition": {
     "type": "string"
   },
   "disposition_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5,
       7,
       8,
       9,
       10,
       11,
       14,
       15,
       16,
       17,
       18,
       20,
       21,
       22,
       23,
       24,
       25,
       26,
       27,
       12,
       13,
       19
     ]
   },
   "dst_endpoint": {
     "$ref": "#/$defs/network_endpoint"
   },
   "duration": {
     "type": "integer"
   },
   "end_time": {
     "type": "integer"
   },
   "end_time_dt": {
     "type": "string"
   },
   "enrichments": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/enrichment"
     }
   },
   "file": {
     "$ref": "#/$defs/file"
   },
   "firewall_rule": {
     "$ref": "#/$defs/firewall_rule"
   },
   "log_name": {
     "type": "string"
   },
   "log_provider": {
     "type": "string"
   },
   "log_type": {
     "type": "string"
   },
   "log_type_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "malware": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/malware"
     }
   },
   "message": {
     "type": "string"
   },
   "metadata": {
     "$ref": "#/$defs/metadata"
   },
   "observables": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/observable"
     }
   },
   "osint": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/osint"
     }
   },
   "raw_data": {
     "type": "string"
   },
   "severity": {
     "type": "string"
   },
   "severity_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5
     ]
   },
   "src_endpoint": {
     "$ref": "#/$defs/network_endpoint"
   },
   "start_time": {
     "type": "integer"
   },
   "start_time_dt": {
     "type": "string"
   },
   "status": {
     "type": "string"
   },
   "status_code": {
     "type": "string"
   },
   "status_detail": {
     "type": "string"
   },
   "status_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "time": {
     "type": "integer"
   },
   "time_dt": {
     "type": "string"
   },
   "timezone_offset": {
     "type": "integer"
   },
   "type_name": {
     "type": "string"
   },
   "type_uid": {
     "type": "integer"
   },
   "unmapped": {
     "$ref": "#/$defs/object"
   }
 },
 "$schema": "http://json-schema.org/draft-07/schema#"
}

Fields§

§action: Option<String>§action_id: EventLogActionId§activity_id: EventLogActivityId§activity_name: Option<String>§actor: Option<Actor>§api: Option<Api>§attacks: Vec<Attack>§authorizations: Vec<Authorization>§category_name: Option<String>§category_uid: i64§class_name: Option<String>§class_uid: i64§cloud: Cloud§count: Option<i64>§device: Option<Device>§disposition: Option<String>§disposition_id: Option<EventLogDispositionId>§dst_endpoint: Option<NetworkEndpoint>§duration: Option<i64>§end_time: Option<i64>§end_time_dt: Option<String>§enrichments: Vec<Enrichment>§file: Option<File>§firewall_rule: Option<FirewallRule>§log_name: Option<String>§log_provider: Option<String>§log_type: Option<String>§log_type_id: Option<EventLogLogTypeId>§malware: Vec<Malware>§message: Option<String>§metadata: Metadata§observables: Vec<Observable>§osint: Vec<Osint>§raw_data: Option<String>§severity: Option<String>§severity_id: EventLogSeverityId§src_endpoint: Option<NetworkEndpoint>§start_time: Option<i64>§start_time_dt: Option<String>§status: Option<String>§status_code: Option<String>§status_detail: Option<String>§status_id: Option<EventLogStatusId>§time: i64§time_dt: Option<String>§timezone_offset: Option<i64>§type_name: Option<String>§type_uid: i64§unmapped: Option<Object>

Implementations§

Trait Implementations§

Source§

impl Clone for EventLog

Source§

fn clone(&self) -> EventLog

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for EventLog

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for EventLog

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl From<&EventLog> for EventLog

Source§

fn from(value: &EventLog) -> Self

Converts to this type from the input type.
Source§

impl From<EventLog> for EventLog

Source§

fn from(value: EventLog) -> Self

Converts to this type from the input type.
Source§

impl Serialize for EventLog

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl TryFrom<EventLog> for EventLog

Source§

type Error = ConversionError

The type returned in the event of a conversion error.
Source§

fn try_from(value: EventLog) -> Result<Self, ConversionError>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,