pub struct RdpActivity {Show 65 fields
pub action: Option<String>,
pub action_id: RdpActivityActionId,
pub activity_id: RdpActivityActivityId,
pub activity_name: Option<String>,
pub actor: Option<Actor>,
pub api: Option<Api>,
pub app_name: Option<String>,
pub attacks: Vec<Attack>,
pub authorizations: Vec<Authorization>,
pub capabilities: Vec<String>,
pub category_name: Option<String>,
pub category_uid: i64,
pub certificate_chain: Vec<String>,
pub class_name: Option<String>,
pub class_uid: i64,
pub cloud: Cloud,
pub connection_info: Option<NetworkConnectionInfo>,
pub count: Option<i64>,
pub device: Option<Device>,
pub disposition: Option<String>,
pub disposition_id: Option<RdpActivityDispositionId>,
pub dst_endpoint: NetworkEndpoint,
pub duration: Option<i64>,
pub end_time: Option<i64>,
pub end_time_dt: Option<String>,
pub enrichments: Vec<Enrichment>,
pub file: Option<File>,
pub firewall_rule: Option<FirewallRule>,
pub identifier_cookie: Option<String>,
pub ja4_fingerprint_list: Vec<Ja4Fingerprint>,
pub load_balancer: Option<LoadBalancer>,
pub malware: Vec<Malware>,
pub message: Option<String>,
pub metadata: Metadata,
pub observables: Vec<Observable>,
pub osint: Vec<Osint>,
pub protocol_ver: Option<String>,
pub proxy: Option<NetworkProxy>,
pub proxy_connection_info: Option<NetworkConnectionInfo>,
pub proxy_endpoint: Option<NetworkProxy>,
pub proxy_http_request: Option<HttpRequest>,
pub proxy_http_response: Option<HttpResponse>,
pub proxy_tls: Option<Tls>,
pub proxy_traffic: Option<NetworkTraffic>,
pub raw_data: Option<String>,
pub remote_display: Option<Display>,
pub request: Option<Request>,
pub response: Option<Response>,
pub severity: Option<String>,
pub severity_id: RdpActivitySeverityId,
pub src_endpoint: Option<NetworkEndpoint>,
pub start_time: Option<i64>,
pub start_time_dt: Option<String>,
pub status: Option<String>,
pub status_code: Option<String>,
pub status_detail: Option<String>,
pub status_id: Option<RdpActivityStatusId>,
pub time: i64,
pub time_dt: Option<String>,
pub timezone_offset: Option<i64>,
pub tls: Option<Tls>,
pub traffic: Option<NetworkTraffic>,
pub type_name: Option<String>,
pub type_uid: i64,
pub unmapped: Option<Object>,
}Expand description
RdpActivity
JSON schema
{
"$id": "https://schema.ocsf.io/schema/classes/rdp_activity",
"type": "object",
"required": [
"action_id",
"activity_id",
"category_uid",
"class_uid",
"cloud",
"dst_endpoint",
"metadata",
"osint",
"severity_id",
"time",
"type_uid"
],
"properties": {
"action": {
"type": "string"
},
"action_id": {
"type": "integer",
"enum": [
0,
1,
2,
99
]
},
"activity_id": {
"type": "integer",
"enum": [
3,
6,
0,
1,
2,
99,
4,
5
]
},
"activity_name": {
"type": "string"
},
"actor": {
"$ref": "#/$defs/actor"
},
"api": {
"$ref": "#/$defs/api"
},
"app_name": {
"type": "string"
},
"attacks": {
"type": "array",
"items": {
"$ref": "#/$defs/attack"
}
},
"authorizations": {
"type": "array",
"items": {
"$ref": "#/$defs/authorization"
}
},
"capabilities": {
"type": "array",
"items": {
"type": "string"
}
},
"category_name": {
"type": "string"
},
"category_uid": {
"type": "integer",
"const": 4
},
"certificate_chain": {
"type": "array",
"items": {
"type": "string"
}
},
"class_name": {
"type": "string"
},
"class_uid": {
"type": "integer",
"const": 4005
},
"cloud": {
"$ref": "#/$defs/cloud"
},
"connection_info": {
"$ref": "#/$defs/network_connection_info"
},
"count": {
"type": "integer"
},
"device": {
"$ref": "#/$defs/device"
},
"disposition": {
"type": "string"
},
"disposition_id": {
"type": "integer",
"enum": [
3,
6,
0,
1,
2,
99,
4,
5,
7,
8,
9,
10,
11,
14,
15,
16,
17,
18,
20,
21,
22,
23,
24,
25,
26,
27,
12,
13,
19
]
},
"dst_endpoint": {
"$ref": "#/$defs/network_endpoint"
},
"duration": {
"type": "integer"
},
"end_time": {
"type": "integer"
},
"end_time_dt": {
"type": "string"
},
"enrichments": {
"type": "array",
"items": {
"$ref": "#/$defs/enrichment"
}
},
"file": {
"$ref": "#/$defs/file"
},
"firewall_rule": {
"$ref": "#/$defs/firewall_rule"
},
"identifier_cookie": {
"type": "string"
},
"ja4_fingerprint_list": {
"type": "array",
"items": {
"$ref": "#/$defs/ja4_fingerprint"
}
},
"load_balancer": {
"$ref": "#/$defs/load_balancer"
},
"malware": {
"type": "array",
"items": {
"$ref": "#/$defs/malware"
}
},
"message": {
"type": "string"
},
"metadata": {
"$ref": "#/$defs/metadata"
},
"observables": {
"type": "array",
"items": {
"$ref": "#/$defs/observable"
}
},
"osint": {
"type": "array",
"items": {
"$ref": "#/$defs/osint"
}
},
"protocol_ver": {
"type": "string"
},
"proxy": {
"$ref": "#/$defs/network_proxy"
},
"proxy_connection_info": {
"$ref": "#/$defs/network_connection_info"
},
"proxy_endpoint": {
"$ref": "#/$defs/network_proxy"
},
"proxy_http_request": {
"$ref": "#/$defs/http_request"
},
"proxy_http_response": {
"$ref": "#/$defs/http_response"
},
"proxy_tls": {
"$ref": "#/$defs/tls"
},
"proxy_traffic": {
"$ref": "#/$defs/network_traffic"
},
"raw_data": {
"type": "string"
},
"remote_display": {
"$ref": "#/$defs/display"
},
"request": {
"$ref": "#/$defs/request"
},
"response": {
"$ref": "#/$defs/response"
},
"severity": {
"type": "string"
},
"severity_id": {
"type": "integer",
"enum": [
3,
6,
0,
1,
2,
99,
4,
5
]
},
"src_endpoint": {
"$ref": "#/$defs/network_endpoint"
},
"start_time": {
"type": "integer"
},
"start_time_dt": {
"type": "string"
},
"status": {
"type": "string"
},
"status_code": {
"type": "string"
},
"status_detail": {
"type": "string"
},
"status_id": {
"type": "integer",
"enum": [
0,
1,
2,
99
]
},
"time": {
"type": "integer"
},
"time_dt": {
"type": "string"
},
"timezone_offset": {
"type": "integer"
},
"tls": {
"$ref": "#/$defs/tls"
},
"traffic": {
"$ref": "#/$defs/network_traffic"
},
"type_name": {
"type": "string"
},
"type_uid": {
"type": "integer"
},
"unmapped": {
"$ref": "#/$defs/object"
}
},
"$schema": "http://json-schema.org/draft-07/schema#"
}Fields§
§action: Option<String>§action_id: RdpActivityActionId§activity_id: RdpActivityActivityId§activity_name: Option<String>§actor: Option<Actor>§api: Option<Api>§app_name: Option<String>§attacks: Vec<Attack>§capabilities: Vec<String>§category_name: Option<String>§category_uid: i64§certificate_chain: Vec<String>§class_name: Option<String>§class_uid: i64§cloud: Cloud§connection_info: Option<NetworkConnectionInfo>§count: Option<i64>§device: Option<Device>§disposition: Option<String>§disposition_id: Option<RdpActivityDispositionId>§dst_endpoint: NetworkEndpoint§duration: Option<i64>§end_time: Option<i64>§end_time_dt: Option<String>§enrichments: Vec<Enrichment>§file: Option<File>§firewall_rule: Option<FirewallRule>§ja4_fingerprint_list: Vec<Ja4Fingerprint>§load_balancer: Option<LoadBalancer>§malware: Vec<Malware>§message: Option<String>§metadata: Metadata§observables: Vec<Observable>§osint: Vec<Osint>§protocol_ver: Option<String>§proxy: Option<NetworkProxy>§proxy_connection_info: Option<NetworkConnectionInfo>§proxy_endpoint: Option<NetworkProxy>§proxy_http_request: Option<HttpRequest>§proxy_http_response: Option<HttpResponse>§proxy_tls: Option<Tls>§proxy_traffic: Option<NetworkTraffic>§raw_data: Option<String>§remote_display: Option<Display>§request: Option<Request>§response: Option<Response>§severity: Option<String>§severity_id: RdpActivitySeverityId§src_endpoint: Option<NetworkEndpoint>§start_time: Option<i64>§start_time_dt: Option<String>§status: Option<String>§status_code: Option<String>§status_detail: Option<String>§status_id: Option<RdpActivityStatusId>§time: i64§time_dt: Option<String>§timezone_offset: Option<i64>§tls: Option<Tls>§traffic: Option<NetworkTraffic>§type_name: Option<String>§type_uid: i64§unmapped: Option<Object>Implementations§
Source§impl RdpActivity
impl RdpActivity
pub fn builder() -> RdpActivity
Trait Implementations§
Source§impl Clone for RdpActivity
impl Clone for RdpActivity
Source§fn clone(&self) -> RdpActivity
fn clone(&self) -> RdpActivity
Returns a duplicate of the value. Read more
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moreSource§impl Debug for RdpActivity
impl Debug for RdpActivity
Source§impl<'de> Deserialize<'de> for RdpActivity
impl<'de> Deserialize<'de> for RdpActivity
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Source§impl From<&RdpActivity> for RdpActivity
impl From<&RdpActivity> for RdpActivity
Source§fn from(value: &RdpActivity) -> Self
fn from(value: &RdpActivity) -> Self
Converts to this type from the input type.
Source§impl From<RdpActivity> for RdpActivity
impl From<RdpActivity> for RdpActivity
Source§fn from(value: RdpActivity) -> Self
fn from(value: RdpActivity) -> Self
Converts to this type from the input type.
Source§impl Serialize for RdpActivity
impl Serialize for RdpActivity
Source§impl TryFrom<RdpActivity> for RdpActivity
impl TryFrom<RdpActivity> for RdpActivity
Source§type Error = ConversionError
type Error = ConversionError
The type returned in the event of a conversion error.
Source§fn try_from(value: RdpActivity) -> Result<Self, ConversionError>
fn try_from(value: RdpActivity) -> Result<Self, ConversionError>
Performs the conversion.
Auto Trait Implementations§
impl Freeze for RdpActivity
impl RefUnwindSafe for RdpActivity
impl Send for RdpActivity
impl Sync for RdpActivity
impl Unpin for RdpActivity
impl UnwindSafe for RdpActivity
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more