FindingInfo

ocsf_types::ocsf_generated

Struct FindingInfo 

Source 
#[non_exhaustive]
pub struct FindingInfo {
Show 26 fields
    pub analytic: Option<Box<Analytic>>,
    pub attack_graph: Option<Box<Graph>>,
    pub attacks: Option<Vec<Attack>>,
    pub created_time: Option<i64>,
    pub created_time_dt: Option<String>,
    pub data_sources: Option<Vec<String>>,
    pub desc: Option<String>,
    pub first_seen_time: Option<i64>,
    pub first_seen_time_dt: Option<String>,
    pub kill_chain: Option<Vec<KillChainPhase>>,
    pub last_seen_time: Option<i64>,
    pub last_seen_time_dt: Option<String>,
    pub modified_time: Option<i64>,
    pub modified_time_dt: Option<String>,
    pub product: Option<Box<Product>>,
    pub product_uid: Option<String>,
    pub related_analytics: Option<Vec<Analytic>>,
    pub related_events: Option<Vec<RelatedEvent>>,
    pub related_events_count: Option<i64>,
    pub src_url: Option<String>,
    pub tags: Option<Vec<KeyValueObject>>,
    pub title: Option<String>,
    pub traits: Option<Vec<Trait>>,
    pub types: Option<Vec<String>>,
    pub uid: Option<String>,
    pub uid_alt: Option<String>,

}
Expand description

Finding Information

The Finding Information object describes metadata related to a security finding generated by a security tool or system.

[] Category: | Name: finding_info

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§analytic: Option<Box<Analytic>>

Analytic

The analytic technique used to analyze and derive insights from the data or information that led to the finding or conclusion.

recommended

§attack_graph: Option<Box<Graph>>

Attack Graph

An Attack Graph describes possible routes an attacker could take through an environment. It describes relationships between resources and their findings, such as malware detections, vulnerabilities, misconfigurations, and other security actions.

optional

§attacks: Option<Vec<Attack>>

MITRE ATT&CK® and ATLAS™ Details

The MITRE ATT&CK® technique and associated tactics related to the finding.

optional

§created_time: Option<i64>

Created Time

The time when the finding was created.

optional

§created_time_dt: Option<String>

Created Time

The time when the finding was created.

optional

§data_sources: Option<Vec<String>>

Data Sources

A list of data sources utilized in generation of the finding.

optional

§desc: Option<String>

Description

The description of the reported finding.

optional

§first_seen_time: Option<i64>

First Seen

The time when the finding was first observed. e.g. The time when a vulnerability was first observed.

It can differ from the created_time timestamp, which reflects the time this finding was created.

optional

§first_seen_time_dt: Option<String>

First Seen

The time when the finding was first observed. e.g. The time when a vulnerability was first observed.

It can differ from the created_time timestamp, which reflects the time this finding was created.

optional

§kill_chain: Option<Vec<KillChainPhase>>

Kill Chain

The Cyber Kill Chain® provides a detailed description of each phase and its associated activities within the broader context of a cyber attack.

optional

§last_seen_time: Option<i64>

Last Seen

The time when the finding was most recently observed. e.g. The time when a vulnerability was most recently observed.

It can differ from the modified_time timestamp, which reflects the time this finding was last modified.

optional

§last_seen_time_dt: Option<String>

Last Seen

The time when the finding was most recently observed. e.g. The time when a vulnerability was most recently observed.

It can differ from the modified_time timestamp, which reflects the time this finding was last modified.

optional

§modified_time: Option<i64>

Modified Time

The time when the finding was last modified.

optional

§modified_time_dt: Option<String>

Modified Time

The time when the finding was last modified.

optional

§product: Option<Box<Product>>

Product

Details about the product that reported the finding.

optional

§product_uid: Option<String>

Product Identifier

The unique identifier of the product that reported the finding.

optional

§related_analytics: Option<Vec<Analytic>>

Related Analytics

Other analytics related to this finding.

optional

§related_events: Option<Vec<RelatedEvent>>

Related Events/Findings

Describes events and/or other findings related to the finding as identified by the security product. Note that these events may or may not be in OCSF.

optional

§related_events_count: Option<i64>

Related Events/Findings Count

Number of related events or findings.

optional

§src_url: Option<String>

Source URL

The URL pointing to the source of the finding.

optional

§tags: Option<Vec<KeyValueObject>>

Tags

The list of tags; {key:value} pairs associated with the finding.

optional

§title: Option<String>

Title

A title or a brief phrase summarizing the reported finding.

recommended

§traits: Option<Vec<Trait>>

Traits

The list of key traits or characteristics extracted from the finding.

optional

§types: Option<Vec<String>>

Types

One or more types of the reported finding.

optional

§uid: Option<String>

Unique ID

The unique identifier of the reported finding.

required

§uid_alt: Option<String>

Alternate ID

The alternative unique identifier of the reported finding.

optional

Trait Implementations§

Source§

impl Clone for FindingInfo

Source§

fn clone(&self) -> FindingInfo

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for FindingInfo

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for FindingInfo

Source§

fn default() -> FindingInfo

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for FindingInfo
where FindingInfo: Default,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for FindingInfo

Source§

fn eq(&self, other: &FindingInfo) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for FindingInfo

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for FindingInfo

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,