RelatedEvent

ocsf_types::ocsf_generated

Struct RelatedEvent 

Source 
#[non_exhaustive]
pub struct RelatedEvent {
Show 25 fields
    pub attacks: Option<Vec<Attack>>,
    pub count: Option<i64>,
    pub created_time: Option<i64>,
    pub created_time_dt: Option<String>,
    pub desc: Option<String>,
    pub first_seen_time: Option<i64>,
    pub first_seen_time_dt: Option<String>,
    pub kill_chain: Option<Vec<KillChainPhase>>,
    pub last_seen_time: Option<i64>,
    pub last_seen_time_dt: Option<String>,
    pub modified_time: Option<i64>,
    pub modified_time_dt: Option<String>,
    pub observables: Option<Vec<Observable>>,
    pub product: Option<Box<Product>>,
    pub product_uid: Option<String>,
    pub severity: Option<String>,
    pub severity_id: Option<i64>,
    pub status: Option<String>,
    pub tags: Option<Vec<KeyValueObject>>,
    pub title: Option<String>,
    pub traits: Option<Vec<Trait>>,
    pub type: Option<String>,
    pub type_name: Option<String>,
    pub type_uid: Option<i64>,
    pub uid: Option<String>,

}
Expand description

Related Event/Finding

The Related Event object describes an event or another finding related to a finding. It may or may not be an OCSF event.

[] Category: | Name: related_event

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§attacks: Option<Vec<Attack>>

MITRE ATT&CK® and ATLAS™ Details

An array of MITRE ATT&CK® objects describing identified tactics, techniques & sub-techniques. The objects are compatible with MITRE ATLAS™ tactics, techniques & sub-techniques.

optional

§count: Option<i64>

Count

The number of times that activity in the same logical group occurred, as reported by the related Finding.

optional

§created_time: Option<i64>

Created Time

The time when the related event/finding was created.

optional

§created_time_dt: Option<String>

Created Time

The time when the related event/finding was created.

optional

§desc: Option<String>

Description

A description of the related event/finding.

optional

§first_seen_time: Option<i64>

First Seen

The time when the finding was first observed. e.g. The time when a vulnerability was first observed.
It can differ from the created_time timestamp, which reflects the time this finding was created.

optional

§first_seen_time_dt: Option<String>

First Seen

The time when the finding was first observed. e.g. The time when a vulnerability was first observed.
It can differ from the created_time timestamp, which reflects the time this finding was created.

optional

§kill_chain: Option<Vec<KillChainPhase>>

Kill Chain

The Cyber Kill Chain® provides a detailed description of each phase and its associated activities within the broader context of a cyber attack.

optional

§last_seen_time: Option<i64>

Last Seen

The time when the finding was most recently observed. e.g. The time when a vulnerability was most recently observed.
It can differ from the modified_time timestamp, which reflects the time this finding was last modified.

optional

§last_seen_time_dt: Option<String>

Last Seen

The time when the finding was most recently observed. e.g. The time when a vulnerability was most recently observed.
It can differ from the modified_time timestamp, which reflects the time this finding was last modified.

optional

§modified_time: Option<i64>

Modified Time

The time when the related event/finding was last modified.

optional

§modified_time_dt: Option<String>

Modified Time

The time when the related event/finding was last modified.

optional

§observables: Option<Vec<Observable>>

Observables

The observables associated with the event or a finding.

optional

§product: Option<Box<Product>>

Product

Details about the product that reported the related event/finding.

optional

§product_uid: Option<String>

Product Identifier

The unique identifier of the product that reported the related event.

optional

§severity: Option<String>

Severity

The event/finding severity, normalized to the caption of the severity_id value. In the case of ‘Other’, it is defined by the source.

optional

§severity_id: Option<i64>

Severity ID

The normalized identifier of the event/finding severity.

The normalized severity is a measurement the effort and expense required to manage and resolve an event or incident. Smaller numerical values represent lower impact events, and larger numerical values represent higher impact events.

recommended

§status: Option<String>

Status

The related event status. Should correspond to the label of the status_id (or ‘Other’ status value for status_id = 99) of the related event.

optional

§tags: Option<Vec<KeyValueObject>>

Tags

The list of tags; {key:value} pairs associated with the related event/finding.

optional

§title: Option<String>

Title

A title or a brief phrase summarizing the related event/finding.

optional

§traits: Option<Vec<Trait>>

Traits

The list of key traits or characteristics extracted from the related event/finding that influenced or contributed to the overall finding’s outcome.

optional

§type: Option<String>

Type

The type of the related event/finding.

Populate if the related event/finding is NOT in OCSF. If it is in OCSF, then utilize type_name, type_uid instead.

optional

§type_name: Option<String>

Type Name

The type of the related OCSF event, as defined by type_uid.

For example: Process Activity: Launch.

Populate if the related event/finding is in OCSF.

optional

§type_uid: Option<i64>

Type ID

The unique identifier of the related OCSF event type.

For example: 100701.

Populate if the related event/finding is in OCSF.

recommended

§uid: Option<String>

Unique ID

The unique identifier of the related event/finding.

If the related event/finding is in OCSF, then this value must be equal to metadata.uid in the corresponding event.

required

Trait Implementations§

Source§

impl Clone for RelatedEvent

Source§

fn clone(&self) -> RelatedEvent

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RelatedEvent

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for RelatedEvent

Source§

fn default() -> RelatedEvent

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for RelatedEvent
where RelatedEvent: Default,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for RelatedEvent

Source§

fn eq(&self, other: &RelatedEvent) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for RelatedEvent

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for RelatedEvent

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,