ocsf_schema_rs

Struct UserQuery

Source 
pub struct UserQuery {
Show 38 fields
    pub activity_id: UserQueryActivityId,
    pub activity_name: Option<String>,
    pub actor: Option<Actor>,
    pub api: Option<Api>,
    pub category_name: Option<String>,
    pub category_uid: i64,
    pub class_name: Option<String>,
    pub class_uid: i64,
    pub cloud: Cloud,
    pub count: Option<i64>,
    pub device: Option<Device>,
    pub duration: Option<i64>,
    pub end_time: Option<i64>,
    pub end_time_dt: Option<String>,
    pub enrichments: Vec<Enrichment>,
    pub message: Option<String>,
    pub metadata: Metadata,
    pub observables: Vec<Observable>,
    pub osint: Vec<Osint>,
    pub query_info: Option<QueryInfo>,
    pub query_result: Option<String>,
    pub query_result_id: UserQueryQueryResultId,
    pub raw_data: Option<String>,
    pub severity: Option<String>,
    pub severity_id: UserQuerySeverityId,
    pub start_time: Option<i64>,
    pub start_time_dt: Option<String>,
    pub status: Option<String>,
    pub status_code: Option<String>,
    pub status_detail: Option<String>,
    pub status_id: Option<UserQueryStatusId>,
    pub time: i64,
    pub time_dt: Option<String>,
    pub timezone_offset: Option<i64>,
    pub type_name: Option<String>,
    pub type_uid: i64,
    pub unmapped: Option<Object>,
    pub user: User,

}
Expand description

UserQuery

JSON schema 
{
 "$id": "https://schema.ocsf.io/schema/classes/user_query",
 "type": "object",
 "required": [
   "activity_id",
   "category_uid",
   "class_uid",
   "cloud",
   "metadata",
   "osint",
   "query_result_id",
   "severity_id",
   "time",
   "type_uid",
   "user"
 ],
 "properties": {
   "activity_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       99
     ]
   },
   "activity_name": {
     "type": "string"
   },
   "actor": {
     "$ref": "#/$defs/actor"
   },
   "api": {
     "$ref": "#/$defs/api"
   },
   "category_name": {
     "type": "string"
   },
   "category_uid": {
     "type": "integer",
     "const": 5
   },
   "class_name": {
     "type": "string"
   },
   "class_uid": {
     "type": "integer",
     "const": 5018
   },
   "cloud": {
     "$ref": "#/$defs/cloud"
   },
   "count": {
     "type": "integer"
   },
   "device": {
     "$ref": "#/$defs/device"
   },
   "duration": {
     "type": "integer"
   },
   "end_time": {
     "type": "integer"
   },
   "end_time_dt": {
     "type": "string"
   },
   "enrichments": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/enrichment"
     }
   },
   "message": {
     "type": "string"
   },
   "metadata": {
     "$ref": "#/$defs/metadata"
   },
   "observables": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/observable"
     }
   },
   "osint": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/osint"
     }
   },
   "query_info": {
     "$ref": "#/$defs/query_info"
   },
   "query_result": {
     "type": "string"
   },
   "query_result_id": {
     "type": "integer",
     "enum": [
       3,
       0,
       1,
       2,
       99,
       4,
       5
     ]
   },
   "raw_data": {
     "type": "string"
   },
   "severity": {
     "type": "string"
   },
   "severity_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5
     ]
   },
   "start_time": {
     "type": "integer"
   },
   "start_time_dt": {
     "type": "string"
   },
   "status": {
     "type": "string"
   },
   "status_code": {
     "type": "string"
   },
   "status_detail": {
     "type": "string"
   },
   "status_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "time": {
     "type": "integer"
   },
   "time_dt": {
     "type": "string"
   },
   "timezone_offset": {
     "type": "integer"
   },
   "type_name": {
     "type": "string"
   },
   "type_uid": {
     "type": "integer"
   },
   "unmapped": {
     "$ref": "#/$defs/object"
   },
   "user": {
     "$ref": "#/$defs/user"
   }
 },
 "$schema": "http://json-schema.org/draft-07/schema#"
}

Fields§

§activity_id: UserQueryActivityId§activity_name: Option<String>§actor: Option<Actor>§api: Option<Api>§category_name: Option<String>§category_uid: i64§class_name: Option<String>§class_uid: i64§cloud: Cloud§count: Option<i64>§device: Option<Device>§duration: Option<i64>§end_time: Option<i64>§end_time_dt: Option<String>§enrichments: Vec<Enrichment>§message: Option<String>§metadata: Metadata§observables: Vec<Observable>§osint: Vec<Osint>§query_info: Option<QueryInfo>§query_result: Option<String>§query_result_id: UserQueryQueryResultId§raw_data: Option<String>§severity: Option<String>§severity_id: UserQuerySeverityId§start_time: Option<i64>§start_time_dt: Option<String>§status: Option<String>§status_code: Option<String>§status_detail: Option<String>§status_id: Option<UserQueryStatusId>§time: i64§time_dt: Option<String>§timezone_offset: Option<i64>§type_name: Option<String>§type_uid: i64§unmapped: Option<Object>§user: User

Implementations§

Trait Implementations§

Source§

impl Clone for UserQuery

Source§

fn clone(&self) -> UserQuery

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for UserQuery

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for UserQuery

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl From<&UserQuery> for UserQuery

Source§

fn from(value: &UserQuery) -> Self

Converts to this type from the input type.
Source§

impl From<UserQuery> for UserQuery

Source§

fn from(value: UserQuery) -> Self

Converts to this type from the input type.
Source§

impl Serialize for UserQuery

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl TryFrom<UserQuery> for UserQuery

Source§

type Error = ConversionError

The type returned in the event of a conversion error.
Source§

fn try_from(value: UserQuery) -> Result<Self, ConversionError>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,