> ## Documentation Index > Fetch the complete documentation index at: https://docs.leen.dev/llms.txt > Use this file to discover all available pages before exploring further. # List IDP Alerts > List all the IDP alerts for a given connection. sort - supports `severity:asc` (eg. lowest to highest criticality) and `severity:desc`. If no direction is provided it will default to `asc` ## OpenAPI ````yaml get /idp/alerts openapi: 3.1.0 info: title: Leen Security API version: 0.0.1 servers: - url: https://api.leen.dev/v1 description: Production API - url: https://api.eu-c1.leen.dev/v1 description: Production API (EU Region) - url: https://api.ap-se2.leen.dev/v1 description: Production Api (APAC Region) security: [] paths: /idp/alerts: get: tags: - idp summary: List IDP Alerts description: >- List all the IDP alerts for a given connection. sort - supports `severity:asc` (eg. lowest to highest criticality) and `severity:desc`. If no direction is provided it will default to `asc` operationId: list_idp_alerts parameters: - name: sort in: query required: false schema: anyOf: - type: string pattern: ^severity$|^severity\:asc$|^severity\:desc$ - type: 'null' description: Sort by field title: Sort description: Sort by field - name: enableCursor in: query required: false schema: type: boolean description: >- Enable cursor based pagination instead of default offset-based pagination default: false title: Enablecursor description: >- Enable cursor based pagination instead of default offset-based pagination - name: updatedSince in: query required: false schema: anyOf: - type: string format: date-time - type: 'null' description: >- Datetime filter, only return items updated since this datetime. Example format: `2021-01-01T00:00:00+00:00` title: Updatedsince description: >- Datetime filter, only return items updated since this datetime. Example format: `2021-01-01T00:00:00+00:00` example: '2021-01-01T00:00:00+00:00' - name: limit in: query required: false schema: type: integer minimum: 0 description: Limit size (page size) default: 100 title: Limit description: Limit size (page size) - name: offset in: query required: false schema: type: integer minimum: 0 description: Offset index (starting index of page) default: 0 title: Offset description: Offset index (starting index of page) - name: excludeTotal in: query required: false schema: type: boolean description: Skips returning the total rows, total is set to null when true default: false title: Excludetotal description: Skips returning the total rows, total is set to null when true - name: cursor in: query required: false schema: anyOf: - type: string - type: 'null' description: Skip token to continue from the last item in the previous page title: Cursor description: Skip token to continue from the last item in the previous page - name: severity in: query required: false schema: anyOf: - type: string - type: 'null' description: Severity filter, comma separated title: Severity description: Severity filter, comma separated example: critical,high responses: '200': description: Successful Response content: application/json: schema: anyOf: - $ref: >- #/components/schemas/OffsetPaginatedResponse_ScopedIDPAlertRespModel_ - $ref: >- #/components/schemas/KeySetPaginatedResponse_ScopedIDPAlertRespModel_ title: Response List Idp Alerts '422': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Unprocessable Entity '500': content: application/json: schema: $ref: '#/components/schemas/ErrorException' description: Internal Server Error security: - Connection-ID: [] API-Key: [] components: schemas: OffsetPaginatedResponse_ScopedIDPAlertRespModel_: properties: count: type: integer title: Count description: Number of items return in the response total: anyOf: - type: integer - type: 'null' title: Total description: Total number of items that can be returned items: items: $ref: '#/components/schemas/ScopedIDPAlertRespModel' type: array title: Items description: List of items returned in the response type: object required: - count - items title: OffsetPaginatedResponse[ScopedIDPAlertRespModel] KeySetPaginatedResponse_ScopedIDPAlertRespModel_: properties: items: items: $ref: '#/components/schemas/ScopedIDPAlertRespModel' type: array title: Items description: List of items returned in the response next_cursor: anyOf: - type: string - type: 'null' title: Next Cursor description: Skip token to continue from the last item in the previous page previous_cursor: anyOf: - type: string - type: 'null' title: Previous Cursor description: Skip token to continue from the first item in the previous page type: object required: - items title: KeySetPaginatedResponse[ScopedIDPAlertRespModel] ErrorResponse: properties: type: type: string title: Type description: Type of error code: type: string title: Code description: Error code message: type: string title: Message description: Error message detail: items: type: object type: array title: Detail description: List of error dictionaries type: object required: - type - code - message - detail title: ErrorResponse ErrorException: properties: detail: type: string title: Detail description: Error message type: object required: - detail title: ErrorException ScopedIDPAlertRespModel: properties: id: type: string format: uuid title: Id activity_id: anyOf: - type: integer - type: 'null' title: Activity Id description: Activity ID of the alert activity_name: anyOf: - type: string - type: 'null' title: Activity Name description: Activity name of the alert category_name: anyOf: - type: string - type: 'null' title: Category Name description: Category name of the alert category_uid: anyOf: - type: integer - type: 'null' title: Category Uid description: Category UID of the alert class_name: anyOf: - type: string - type: 'null' title: Class Name description: Class name of the alert class_uid: anyOf: - type: integer - type: 'null' title: Class Uid description: Class UID of the alert enrichments: anyOf: - items: $ref: '#/components/schemas/OCSFEnrichment' type: array - type: 'null' title: Enrichments description: Enrichments of the alert evidences: anyOf: - items: $ref: '#/components/schemas/OCSFEvidence' type: array - type: 'null' title: Evidences description: Evidences of the alert finding_info: anyOf: - $ref: '#/components/schemas/OCSFFindingInfo' - type: 'null' description: Finding info of the alert metadata: anyOf: - $ref: '#/components/schemas/OCSFMetadata' - type: 'null' description: Metadata of the alert message: anyOf: - type: string - type: 'null' title: Message description: Message of the alert severity: anyOf: - $ref: '#/components/schemas/IDPAlertSeverity' - type: 'null' description: Severity name of the alert based on OCSF schema severity_id: anyOf: - $ref: '#/components/schemas/IDPAlertSeverityID' - type: 'null' description: Severity ID of the alert based on OCSF schema type_uid: allOf: - $ref: '#/components/schemas/IDPAlertTypeUID' description: Type UID of the alert event/finding based on OCSF schema type_name: allOf: - $ref: '#/components/schemas/IDPAlertTypeName' description: Type name of the alert event/finding based on OCSF schema time: type: string format: date-time title: Time description: Time of the alert end_time: anyOf: - type: string format: date-time - type: 'null' title: End Time description: The time of the most recent event included in the finding. status: anyOf: - $ref: '#/components/schemas/ScopedIDPAlertStatus' - type: 'null' description: >- The normalized status of the Finding set by the consumer normalized to the caption of the status_id value. In the case of 'Other', it is defined by the source. status_id: anyOf: - $ref: '#/components/schemas/ScopedIDPAlertStatusID' - type: 'null' description: The normalized status identifier of the Finding risk_level: anyOf: - $ref: '#/components/schemas/ScopedIDPAlertRiskLevel' - type: 'null' description: >- The risk level, normalized to the caption of the risk_level_id value. risk_level_id: anyOf: - $ref: '#/components/schemas/ScopedIDPAlertRiskLevelID' - type: 'null' description: Risk level ID of the finding based on OCSF schema risk_details: anyOf: - type: string - type: 'null' title: Risk Details description: Describes the risk associated with the finding. resources: anyOf: - items: $ref: '#/components/schemas/OCSFResourceDetails' type: array - type: 'null' title: Resources description: >- Describes details about resources that were the target of the activity that triggered the finding type: object required: - id - time - end_time title: ScopedIDPAlertRespModel OCSFEnrichment: properties: name: type: string title: Name description: The name of the attribute to which the enriched data pertains value: type: string title: Value description: The value of the attribute to which the enriched data pertains data: type: object title: Data description: The enrichment data associated with the attribute and value created_time: anyOf: - type: string format: date-time - type: 'null' title: Created Time description: The time when the enrichment data was generated provider: anyOf: - type: string - type: 'null' title: Provider description: The enrichment data provider name short_desc: anyOf: - type: string - type: 'null' title: Short Desc description: A short description of the enrichment data src_url: anyOf: - type: string - type: 'null' title: Src Url description: The URL of the source of the enrichment data type: anyOf: - type: string - type: 'null' title: Type description: 'The enrichment type. For example: location' created_time_dt: anyOf: - type: string format: date-time - type: 'null' title: Created Time Dt description: The time when the enrichment data was generated desc: anyOf: - type: string - type: 'null' title: Desc description: A long description of the enrichment data reputation: anyOf: - $ref: '#/components/schemas/OCSFReputation' - type: 'null' description: The reputation of the enrichment data type: object required: - name - value - data title: OCSFEnrichment OCSFEvidence: properties: actor: anyOf: - $ref: '#/components/schemas/OCSFActor' - type: 'null' description: Details about the user/role/process that was the source api: anyOf: - $ref: '#/components/schemas/OCSFApi' - type: 'null' description: Details about the API call connection_info: anyOf: - $ref: '#/components/schemas/OCSFNetworkConnectionInfo' - type: 'null' description: Network connection information container: anyOf: - $ref: '#/components/schemas/OCSFContainer' - type: 'null' description: Container details database: anyOf: - $ref: '#/components/schemas/OCSFDatabase' - type: 'null' description: Database details databucket: anyOf: - $ref: '#/components/schemas/OCSFDatabucket' - type: 'null' description: Databucket details device: anyOf: - $ref: '#/components/schemas/OCSFDevice' - type: 'null' description: Addressable device/computer system details dst_endpoint: anyOf: - $ref: '#/components/schemas/OCSFNetworkEndpoint' - type: 'null' description: Destination network endpoint details email: anyOf: - $ref: '#/components/schemas/OCSFEmail' - type: 'null' description: Email object details file: anyOf: - type: object - type: 'null' title: File description: File details job: anyOf: - type: object - type: 'null' title: Job description: Scheduled job details process: anyOf: - type: object - type: 'null' title: Process description: Process details query: anyOf: - type: object - type: 'null' title: Query description: DNS query details reg_key: anyOf: - type: object - type: 'null' title: Reg Key description: Registry key details (Windows-specific) reg_value: anyOf: - type: object - type: 'null' title: Reg Value description: Registry value details (Windows-specific) src_endpoint: anyOf: - $ref: '#/components/schemas/OCSFNetworkEndpoint' - type: 'null' description: Source network endpoint details url: anyOf: - type: object - type: 'null' title: Url description: URL object details user: anyOf: - $ref: '#/components/schemas/OCSFUser' - type: 'null' description: User details win_service: anyOf: - type: object - type: 'null' title: Win Service description: Windows service details (Windows-specific) data: anyOf: - type: object - type: 'null' title: Data description: Additional evidence data not covered by other fields type: object title: OCSFEvidence OCSFFindingInfo: properties: title: type: string title: Title description: A title or a brief phrase summarizing the reported finding uid: type: string title: Uid description: The unique identifier of the reported finding analytic: anyOf: - $ref: '#/components/schemas/OCSFAnalytic' - type: 'null' description: >- The analytic technique used to analyze and derive insights from the data or information that led to the finding or conclusion attacks: anyOf: - items: type: object type: array - type: 'null' title: Attacks description: >- The MITRE ATT&CKĀ® technique and associated tactics related to the finding created_time: anyOf: - type: string format: date-time - type: 'null' title: Created Time description: The time when the finding was created data_sources: anyOf: - items: type: string type: array - type: 'null' title: Data Sources description: A list of data sources utilized in generation of the finding desc: anyOf: - type: string - type: 'null' title: Desc description: The description of the reported finding first_seen_time: anyOf: - type: string format: date-time - type: 'null' title: First Seen Time description: >- The time when the finding was first observed. e.g. The time when a vulnerability was first observed. It can differ from the created_time timestamp, which reflects the time this finding was created kill_chain: anyOf: - items: type: object type: array - type: 'null' title: Kill Chain description: >- The Cyber Kill ChainĀ® provides a detailed description of each phase and its associated activities within the broader context of a cyber attack last_seen_time: anyOf: - type: string format: date-time - type: 'null' title: Last Seen Time description: >- The time when the finding was most recently observed. e.g. The time when a vulnerability was most recently observed. It can differ from the modified_time timestamp, which reflects the time this finding was last modified modified_time: anyOf: - type: string format: date-time - type: 'null' title: Modified Time description: The time when the finding was last modified product_uid: anyOf: - type: string - type: 'null' title: Product Uid description: The unique identifier of the product that reported the finding related_analytics: anyOf: - items: $ref: '#/components/schemas/OCSFAnalytic' type: array - type: 'null' title: Related Analytics description: Other analytics related to this finding related_events: anyOf: - items: type: object type: array - type: 'null' title: Related Events description: >- Describes events and/or other findings related to the finding as identified by the security product src_url: anyOf: - type: string - type: 'null' title: Src Url description: The URL pointing to the source of the finding types: anyOf: - items: type: string type: array - type: 'null' title: Types description: One or more types of the reported finding type: object required: - title - uid title: OCSFFindingInfo OCSFMetadata: properties: product: allOf: - $ref: '#/components/schemas/OCSFProduct' description: The product that reported the event version: type: string title: Version description: >- The version of the OCSF schema, using Semantic Versioning Specification (SemVer). For example: 1.0.0. Event consumers use the version to determine the available event attributes default: 1.3.0 log_name: anyOf: - type: string - type: 'null' title: Log Name description: >- The event log name. For example, syslog file name or Windows logging subsystem: Security log_provider: anyOf: - type: string - type: 'null' title: Log Provider description: >- The logging provider or logging service that logged the event. For example, Microsoft-Windows-Security-Auditing original_time: anyOf: - type: string - type: 'null' title: Original Time description: >- The original event time as reported by the event source. For example, the time in the original format from system event log such as Syslog on Unix/Linux and the System event file on Windows. Omit if event is generated instead of collected via logs tenant_uid: anyOf: - type: string - type: 'null' title: Tenant Uid description: The unique tenant identifier correlation_uid: anyOf: - type: string - type: 'null' title: Correlation Uid description: The unique identifier used to correlate events event_code: anyOf: - type: string - type: 'null' title: Event Code description: The Event ID or Code that the product uses to describe the event uid: anyOf: - type: string - type: 'null' title: Uid description: The logging system-assigned unique identifier of an event instance labels: anyOf: - items: type: string type: array - type: 'null' title: Labels description: >- The list of category labels attached to the event or specific attributes. Labels are user defined tags or aliases added at normalization time log_level: anyOf: - type: string - type: 'null' title: Log Level description: The audit level at which an event was generated log_version: anyOf: - type: string - type: 'null' title: Log Version description: >- The event log schema version that specifies the format of the original event. For example syslog version or Cisco Log Schema Version logged_time: anyOf: - type: string format: date-time - type: 'null' title: Logged Time description: The time when the logging system collected and logged the event loggers: anyOf: - items: type: object type: array - type: 'null' title: Loggers description: >- An array of Logger objects that describe the devices and logging products between the event source and its eventual destination modified_time: anyOf: - type: string format: date-time - type: 'null' title: Modified Time description: The time when the event was last modified or enriched processed_time: anyOf: - type: string format: date-time - type: 'null' title: Processed Time description: The event processed time, such as an ETL operation profiles: anyOf: - items: type: string type: array - type: 'null' title: Profiles description: >- The list of profiles used to create the event. Profiles should be referenced by their name attribute for core profiles, or extension/name for profiles from extensions extensions: anyOf: - items: type: object type: array - type: 'null' title: Extensions description: The schema extensions used to create the event sequence: anyOf: - type: integer - type: 'null' title: Sequence description: >- Sequence number of the event. The sequence number is a value available in some events, to make the exact ordering of events unambiguous, regardless of the event time precision type: object required: - product title: OCSFMetadata IDPAlertSeverity: type: string enum: - UNKNOWN - INFORMATIONAL - LOW - MEDIUM - HIGH - CRITICAL - FATAL - OTHER title: IDPAlertSeverity IDPAlertSeverityID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 99 title: IDPAlertSeverityID IDPAlertTypeUID: type: integer enum: - 200400 - 200401 - 200402 - 200403 - 200499 title: IDPAlertTypeUID IDPAlertTypeName: type: string enum: - 'Detection Finding: Unknown' - 'Detection Finding: Create' - 'Detection Finding: Update' - 'Detection Finding: Close' - 'Detection Finding: Other' title: IDPAlertTypeName ScopedIDPAlertStatus: type: string enum: - Unknown - New - In Progress - Suppressed - Resolved - Other title: ScopedIDPAlertStatus ScopedIDPAlertStatusID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 99 title: ScopedIDPAlertStatusID ScopedIDPAlertRiskLevel: type: string enum: - Unknown - Info - Low - Medium - High - Critical - Other title: ScopedIDPAlertRiskLevel ScopedIDPAlertRiskLevelID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 99 title: ScopedIDPAlertRiskLevelID OCSFResourceDetails: properties: uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the resource. name: anyOf: - type: string - type: 'null' title: Name description: The name of the resource. type: anyOf: - type: string - type: 'null' title: Type description: The type of the resource. version: anyOf: - type: string - type: 'null' title: Version description: The version of the resource. namespace: anyOf: - type: string - type: 'null' title: Namespace description: The namespace the resource belongs to. criticality: anyOf: - type: string - type: 'null' title: Criticality description: The criticality level of the resource. owner: anyOf: - $ref: '#/components/schemas/OCSFUser' - type: 'null' description: The owner of the resource. group: anyOf: - $ref: '#/components/schemas/OCSFGroup' - type: 'null' description: The group associated with the resource. agent_list: anyOf: - items: $ref: '#/components/schemas/OCSFAgent' type: array - type: 'null' title: Agent List description: A list of agents associated with the resource. labels: anyOf: - items: type: string type: array - type: 'null' title: Labels description: Labels or tags associated with the resource. data: anyOf: - type: object - type: 'null' title: Data description: Additional data related to the resource. type: object title: OCSFResourceDetails OCSFReputation: properties: base_score: type: number title: Base Score description: The reputation score as reported by the event source score_id: allOf: - $ref: '#/components/schemas/OCSFReputationScoreID' description: The normalized reputation score identifier provider: anyOf: - type: string - type: 'null' title: Provider description: The provider of the reputation information score: anyOf: - $ref: '#/components/schemas/OCSFReputationScore' - type: 'null' description: >- The reputation score, normalized to the caption of the score_id value type: object required: - base_score - score_id title: OCSFReputation OCSFActor: properties: process: anyOf: - type: object - type: 'null' title: Process description: The process that initiated the activity user: anyOf: - $ref: '#/components/schemas/OCSFUser' - type: 'null' description: The user that initiated the activity or the user context app_uid: anyOf: - type: string - type: 'null' title: App Uid description: >- The unique identifier of the client application or service that initiated the activity app_name: anyOf: - type: string - type: 'null' title: App Name description: The client application or service that initiated the activity authorizations: anyOf: - items: type: object type: array - type: 'null' title: Authorizations description: >- Provides details about an authorization, such as authorization outcome, and any associated policies idp: anyOf: - type: object - type: 'null' title: Idp description: Details about the Identity Provider used invoked_by: anyOf: - type: string - type: 'null' title: Invoked By description: >- The name of the service that invoked the activity (Deprecated since v1.2.0) session: anyOf: - type: object - type: 'null' title: Session description: The user session from which the activity was initiated type: object title: OCSFActor OCSFApi: properties: operation: type: string title: Operation description: Verb/Operation associated with the request request: anyOf: - type: object - type: 'null' title: Request description: Details pertaining to the API request response: anyOf: - type: object - type: 'null' title: Response description: Details pertaining to the API response group: anyOf: - type: object - type: 'null' title: Group description: The information pertaining to the API group service: anyOf: - type: object - type: 'null' title: Service description: The information pertaining to the API service version: anyOf: - type: string - type: 'null' title: Version description: The version of the API service type: object required: - operation title: OCSFApi OCSFNetworkConnectionInfo: properties: direction_id: allOf: - $ref: '#/components/schemas/OCSFNetworkConnectionDirectionID' description: >- The normalized identifier of the direction of the initiated connection, traffic, or email protocol_name: anyOf: - type: string - type: 'null' title: Protocol Name description: >- The TCP/IP protocol name in lowercase, as defined by IANA. For example: tcp or udp protocol_num: anyOf: - type: integer - type: 'null' title: Protocol Num description: >- The TCP/IP protocol number, as defined by IANA. Use -1 if not defined by IANA protocol_ver_id: anyOf: - $ref: '#/components/schemas/OCSFNetworkConnectionProtocolVerID' - type: 'null' description: The Internet Protocol version identifier boundary_id: anyOf: - $ref: '#/components/schemas/OCSFNetworkConnectionBoundaryID' - type: 'null' description: The normalized identifier of the boundary of the connection uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the connection boundary: anyOf: - type: string - type: 'null' title: Boundary description: >- The boundary of the connection, normalized to the caption of 'boundary_id' direction: anyOf: - type: string - type: 'null' title: Direction description: The direction of the initiated connection, traffic, or email protocol_ver: anyOf: - type: string - type: 'null' title: Protocol Ver description: The Internet Protocol version session: anyOf: - type: object - type: 'null' title: Session description: The authenticated user or service session tcp_flags: anyOf: - type: integer - type: 'null' title: Tcp Flags description: The network connection TCP header flags (i.e., control bits) type: object required: - direction_id title: OCSFNetworkConnectionInfo OCSFContainer: properties: hash: anyOf: - type: object - type: 'null' title: Hash description: >- Commit hash of image created for docker or the SHA256 hash of the container image: anyOf: - type: object - type: 'null' title: Image description: The container image used as a template to run the container name: anyOf: - type: string - type: 'null' title: Name description: The container name size: anyOf: - type: integer - type: 'null' title: Size description: The size of the container image uid: anyOf: - type: string - type: 'null' title: Uid description: >- The full container unique identifier for this instantiation of the container tag: anyOf: - type: string - type: 'null' title: Tag description: The tag used by the container. It can indicate version, format, OS network_driver: anyOf: - type: string - type: 'null' title: Network Driver description: >- The network driver used by the container. For example, bridge, overlay, host, none, etc orchestrator: anyOf: - type: string - type: 'null' title: Orchestrator description: >- The orchestrator managing the container, such as ECS, EKS, K8s, or OpenShift pod_uuid: anyOf: - type: string - type: 'null' title: Pod Uuid description: >- The unique identifier of the pod (or equivalent) that the container is executing on runtime: anyOf: - type: string - type: 'null' title: Runtime description: The backend running the container, such as containerd or cri-o type: object title: OCSFContainer OCSFDatabase: properties: type_id: allOf: - $ref: '#/components/schemas/OCSFDatabaseTypeID' description: The normalized identifier of the database type name: anyOf: - type: string - type: 'null' title: Name description: >- The database name, ordinarily as assigned by a database administrator type: anyOf: - type: string - type: 'null' title: Type description: The database type uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the database created_time: anyOf: - type: string format: date-time - type: 'null' title: Created Time description: The time when the database was known to have been created desc: anyOf: - type: string - type: 'null' title: Desc description: The description of the database groups: anyOf: - items: type: object type: array - type: 'null' title: Groups description: The group names to which the database belongs modified_time: anyOf: - type: string format: date-time - type: 'null' title: Modified Time description: >- The most recent time when any changes, updates, or modifications were made within the database size: anyOf: - type: integer - type: 'null' title: Size description: The size of the database in bytes type: object required: - type_id title: OCSFDatabase OCSFDatabucket: properties: type_id: allOf: - $ref: '#/components/schemas/OCSFDatabucketTypeID' description: The normalized identifier of the databucket type uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the databucket type: anyOf: - type: string - type: 'null' title: Type description: The databucket type name: anyOf: - type: string - type: 'null' title: Name description: The databucket name size: anyOf: - type: integer - type: 'null' title: Size description: The size of the databucket in bytes modified_time: anyOf: - type: string format: date-time - type: 'null' title: Modified Time description: >- The most recent time when any changes, updates, or modifications were made within the databucket groups: anyOf: - items: type: object type: array - type: 'null' title: Groups description: The group names to which the databucket belongs file: anyOf: - type: object - type: 'null' title: File description: A file within a databucket desc: anyOf: - type: string - type: 'null' title: Desc description: The description of the databucket created_time: anyOf: - type: string format: date-time - type: 'null' title: Created Time description: The time when the databucket was known to have been created type: object required: - type_id title: OCSFDatabucket OCSFDevice: properties: type_id: allOf: - $ref: '#/components/schemas/OCSFDeviceTypeID' description: The device type ID uid: anyOf: - type: string - type: 'null' title: Uid description: >- The unique identifier of the device. For example the Windows TargetSID or AWS EC2 ARN type: anyOf: - type: string - type: 'null' title: Type description: >- The device type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other region: anyOf: - type: string - type: 'null' title: Region description: >- The region where the virtual machine is located. For example, an AWS Region owner: anyOf: - type: object - type: 'null' title: Owner description: >- The identity of the service or user account that owns the endpoint or was last logged into it interface_name: anyOf: - type: string - type: 'null' title: Interface Name description: The name of the network interface (e.g. eth2) interface_uid: anyOf: - type: string - type: 'null' title: Interface Uid description: The unique identifier of the network interface instance_uid: anyOf: - type: string - type: 'null' title: Instance Uid description: The unique identifier of a VM instance hostname: anyOf: - type: string - type: 'null' title: Hostname description: The device hostname vpc_uid: anyOf: - type: string - type: 'null' title: Vpc Uid description: The unique identifier of the Virtual Private Cloud (VPC) vlan_uid: anyOf: - type: string - type: 'null' title: Vlan Uid description: The unique identifier of the Virtual LAN (VLAN) agent_list: anyOf: - items: type: object type: array - type: 'null' title: Agent List description: >- A list of agent objects associated with a device, endpoint, or resource uid_alt: anyOf: - type: string - type: 'null' title: Uid Alt description: >- An alternate unique identifier of the device if any. For example the ActiveDirectory DN autoscale_uid: anyOf: - type: string - type: 'null' title: Autoscale Uid description: The unique identifier of the cloud autoscale configuration boot_time: anyOf: - type: string format: date-time - type: 'null' title: Boot Time description: The time the system was booted is_compliant: anyOf: - type: boolean - type: 'null' title: Is Compliant description: The event occurred on a compliant device created_time: anyOf: - type: string format: date-time - type: 'null' title: Created Time description: The time when the device was known to have been created desc: anyOf: - type: string - type: 'null' title: Desc description: >- The description of the device, ordinarily as reported by the operating system domain: anyOf: - type: string - type: 'null' title: Domain description: >- The network domain where the device resides. For example: work.example.com first_seen_time: anyOf: - type: string format: date-time - type: 'null' title: First Seen Time description: The initial discovery time of the device location: anyOf: - type: object - type: 'null' title: Location description: The geographical location of the device groups: anyOf: - items: type: object type: array - type: 'null' title: Groups description: >- The group names to which the device belongs. For example: ["Windows Laptops", "Engineering"] hw_info: anyOf: - type: object - type: 'null' title: Hw Info description: The endpoint hardware information hypervisor: anyOf: - type: string - type: 'null' title: Hypervisor description: >- The name of the hypervisor running on the device. For example, Xen, VMware, Hyper-V, VirtualBox, etc imei: anyOf: - type: string - type: 'null' title: Imei description: >- The International Mobile Station Equipment Identifier that is associated with the device ip: anyOf: - type: string - type: 'null' title: Ip description: The device IP address, in either IPv4 or IPv6 format image: anyOf: - type: object - type: 'null' title: Image description: The image used as a template to run the virtual machine last_seen_time: anyOf: - type: string format: date-time - type: 'null' title: Last Seen Time description: The most recent discovery time of the device mac: anyOf: - type: string - type: 'null' title: Mac description: The Media Access Control (MAC) address of the endpoint is_managed: anyOf: - type: boolean - type: 'null' title: Is Managed description: The event occurred on a managed device modified_time: anyOf: - type: string format: date-time - type: 'null' title: Modified Time description: The time when the device was last known to have been modified name: anyOf: - type: string - type: 'null' title: Name description: >- The alternate device name, ordinarily as assigned by an administrator network_interfaces: anyOf: - items: type: object type: array - type: 'null' title: Network Interfaces description: The network interfaces that are associated with the device zone: anyOf: - type: string - type: 'null' title: Zone description: The network zone or LAN segment os: anyOf: - $ref: '#/components/schemas/OCSFOS' - type: 'null' description: The endpoint operating system org: anyOf: - type: object - type: 'null' title: Org description: Organization and org unit related to the device is_personal: anyOf: - type: boolean - type: 'null' title: Is Personal description: The event occurred on a personal device risk_level: anyOf: - type: string - type: 'null' title: Risk Level description: The risk level, normalized to the caption of the risk_level_id value risk_level_id: anyOf: - type: integer - type: 'null' title: Risk Level Id description: The normalized risk level id risk_score: anyOf: - type: integer - type: 'null' title: Risk Score description: The risk score as reported by the event source subnet: anyOf: - type: string - type: 'null' title: Subnet description: The subnet mask subnet_uid: anyOf: - type: string - type: 'null' title: Subnet Uid description: The unique identifier of a virtual subnet is_trusted: anyOf: - type: boolean - type: 'null' title: Is Trusted description: The event occurred on a trusted device type: object required: - type_id title: OCSFDevice OCSFNetworkEndpoint: properties: container: anyOf: - type: object - type: 'null' title: Container description: The information describing an instance of a container hostname: anyOf: - type: string - type: 'null' title: Hostname description: The fully qualified name of the endpoint instance_uid: anyOf: - type: string - type: 'null' title: Instance Uid description: The unique identifier of a VM instance interface_name: anyOf: - type: string - type: 'null' title: Interface Name description: The name of the network interface (e.g. eth2) interface_uid: anyOf: - type: string - type: 'null' title: Interface Uid description: The unique identifier of the network interface ip: anyOf: - type: string - type: 'null' title: Ip description: The IP address of the endpoint, in either IPv4 or IPv6 format name: anyOf: - type: string - type: 'null' title: Name description: The short name of the endpoint namespace_pid: anyOf: - type: integer - type: 'null' title: Namespace Pid description: >- If running under a process namespace (such as in a container), the process identifier within that process namespace owner: anyOf: - type: object - type: 'null' title: Owner description: >- The identity of the service or user account that owns the endpoint or was last logged into it port: anyOf: - type: integer - type: 'null' title: Port description: The port used for communication within the network connection svc_name: anyOf: - type: string - type: 'null' title: Svc Name description: The service name in service-to-service connections type_id: anyOf: - $ref: '#/components/schemas/OCSFNetworkEndpointTypeID' - type: 'null' description: The network endpoint type ID uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the endpoint agent_list: anyOf: - items: type: object type: array - type: 'null' title: Agent List description: >- A list of agent objects associated with a device, endpoint, or resource autonomous_system: anyOf: - type: object - type: 'null' title: Autonomous System description: The Autonomous System details associated with an IP address domain: anyOf: - type: string - type: 'null' title: Domain description: The name of the domain hw_info: anyOf: - type: object - type: 'null' title: Hw Info description: The endpoint hardware information intermediate_ips: anyOf: - items: type: string type: array - type: 'null' title: Intermediate Ips description: >- The intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header location: anyOf: - type: object - type: 'null' title: Location description: The geographical location of the endpoint mac: anyOf: - type: string - type: 'null' title: Mac description: The Media Access Control (MAC) address of the endpoint os: anyOf: - $ref: '#/components/schemas/OCSFOS' - type: 'null' description: The endpoint operating system proxy_endpoint: anyOf: - type: object - type: 'null' title: Proxy Endpoint description: The network proxy information pertaining to a specific endpoint subnet_uid: anyOf: - type: string - type: 'null' title: Subnet Uid description: The unique identifier of a virtual subnet type: anyOf: - $ref: '#/components/schemas/OCSFNetworkEndpointTypeName' - type: 'null' description: >- The network endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other vlan_uid: anyOf: - type: string - type: 'null' title: Vlan Uid description: The Virtual LAN identifier vpc_uid: anyOf: - type: string - type: 'null' title: Vpc Uid description: The unique identifier of the Virtual Private Cloud (VPC) zone: anyOf: - type: string - type: 'null' title: Zone description: The network zone or LAN segment type: object title: OCSFNetworkEndpoint OCSFEmail: properties: from: type: string title: From description: The email header From values, as defined by RFC 5322 to: items: type: string type: array title: To description: The email header To values, as defined by RFC 5322 message_uid: anyOf: - type: string - type: 'null' title: Message Uid description: The email header Message-Id value, as defined by RFC 5322 reply_to: anyOf: - type: string - type: 'null' title: Reply To description: The email header Reply-To values, as defined by RFC 5322 size: anyOf: - type: integer - type: 'null' title: Size description: The size in bytes of the email, including attachments smtp_from: anyOf: - type: string - type: 'null' title: Smtp From description: The value of the SMTP MAIL FROM command smtp_to: anyOf: - items: type: string type: array - type: 'null' title: Smtp To description: The value of the SMTP envelope RCPT TO command subject: anyOf: - type: string - type: 'null' title: Subject description: The email header Subject value, as defined by RFC 5322 uid: anyOf: - type: string - type: 'null' title: Uid description: The email unique identifier cc: anyOf: - items: type: string type: array - type: 'null' title: Cc description: The email header Cc values, as defined by RFC 5322 delivered_to: anyOf: - type: string - type: 'null' title: Delivered To description: The Delivered-To email header field raw_header: anyOf: - type: string - type: 'null' title: Raw Header description: The email authentication header x_originating_ip: anyOf: - items: type: string type: array - type: 'null' title: X Originating Ip description: >- The X-Originating-IP header identifying the emails originating IP address(es) type: object required: - from - to title: OCSFEmail OCSFUser: properties: name: anyOf: - type: string - type: 'null' title: Name description: The username. For example, janedoe1 type_id: anyOf: - $ref: '#/components/schemas/OCSFUserTypeID' - type: 'null' description: The account type identifier uid: anyOf: - type: string - type: 'null' title: Uid description: >- The unique user identifier. For example, the Windows user SID, ActiveDirectory DN or AWS user ARN account: anyOf: - $ref: '#/components/schemas/OCSFAccount' - type: 'null' description: The user's account or the account associated with the user credential_uid: anyOf: - type: string - type: 'null' title: Credential Uid description: >- The unique identifier of the user's credential. For example, AWS Access Key ID domain: anyOf: - type: string - type: 'null' title: Domain description: >- The domain where the user is defined. For example: the LDAP or Active Directory domain email_addr: anyOf: - type: string - type: 'null' title: Email Addr description: The user's primary email address full_name: anyOf: - type: string - type: 'null' title: Full Name description: >- The full name of the person, as per the LDAP Common Name attribute (cn) groups: anyOf: - items: $ref: '#/components/schemas/OCSFGroup' type: array - type: 'null' title: Groups description: The administrative groups to which the user belongs ldap_person: anyOf: - $ref: '#/components/schemas/OCSFLdapPerson' - type: 'null' description: The additional LDAP attributes that describe a person org: anyOf: - $ref: '#/components/schemas/OCSFOrganization' - type: 'null' description: Organization and org unit related to the user risk_level: anyOf: - $ref: '#/components/schemas/OCSFUserRiskLevel' - type: 'null' description: The risk level, normalized to the caption of the risk_level_id value risk_level_id: anyOf: - $ref: '#/components/schemas/OCSFUserRiskLevelID' - type: 'null' description: The normalized risk level id risk_score: anyOf: - type: integer - type: 'null' title: Risk Score description: The risk score as reported by the event source type: anyOf: - $ref: '#/components/schemas/OCSFUserType' - type: 'null' description: The type of the user. For example, System, AWS IAM User, etc uid_alt: anyOf: - type: string - type: 'null' title: Uid Alt description: >- The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID type: object title: OCSFUser OCSFAnalytic: properties: type_id: allOf: - $ref: '#/components/schemas/OCSFAnalyticTypeID' description: The analytic type ID name: anyOf: - type: string - type: 'null' title: Name description: The name of the analytic that generated the finding uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the analytic that generated the finding category: anyOf: - type: string - type: 'null' title: Category description: The analytic category desc: anyOf: - type: string - type: 'null' title: Desc description: The description of the analytic that generated the finding type: anyOf: - type: string - type: 'null' title: Type description: The analytic type version: anyOf: - type: string - type: 'null' title: Version description: 'The analytic version. For example: 1.1' type: object required: - type_id title: OCSFAnalytic OCSFProduct: properties: vendor_name: type: string title: Vendor Name description: The name of the vendor of the product name: anyOf: - type: string - type: 'null' title: Name description: The name of the product uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the product version: anyOf: - type: string - type: 'null' title: Version description: >- The version of the product, as defined by the event source. For example: 2013.1.3-beta cpe_name: anyOf: - type: string - type: 'null' title: Cpe Name description: >- The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2 feature: anyOf: - type: object - type: 'null' title: Feature description: The feature that reported the event lang: anyOf: - type: string - type: 'null' title: Lang description: >- The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French) path: anyOf: - type: string - type: 'null' title: Path description: The installation path of the product url_string: anyOf: - type: string - type: 'null' title: Url String description: The URL pointing towards the product type: object required: - vendor_name title: OCSFProduct OCSFGroup: properties: uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the group. name: anyOf: - type: string - type: 'null' title: Name description: The name of the group. desc: anyOf: - type: string - type: 'null' title: Desc description: A description of the group. type: anyOf: - type: string - type: 'null' title: Type description: The type of the group. domain: anyOf: - type: string - type: 'null' title: Domain description: The domain associated with the group. privileges: anyOf: - items: type: string type: array - type: 'null' title: Privileges description: Privileges associated with the group. type: object title: OCSFGroup OCSFAgent: properties: uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the agent. uid_alt: anyOf: - type: string - type: 'null' title: Uid Alt description: An alternate identifier for the agent. name: anyOf: - type: string - type: 'null' title: Name description: The name of the agent. type: anyOf: - type: string - type: 'null' title: Type description: The type of the agent. type_id: anyOf: - $ref: '#/components/schemas/OCSFAgentType' - type: 'null' description: The type identifier for the agent. vendor_name: anyOf: - type: string - type: 'null' title: Vendor Name description: The name of the agent vendor. version: anyOf: - type: string - type: 'null' title: Version description: The version of the agent. policies: anyOf: - items: $ref: '#/components/schemas/OCSFPolicy' type: array - type: 'null' title: Policies description: A list of policies associated with the agent. type: object title: OCSFAgent OCSFReputationScoreID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 99 title: OCSFReputationScoreID OCSFReputationScore: type: string enum: - UNKNOWN - VERY_SAFE - SAFE - PROBABLY_SAFE - LEANS_SAFE - MAY_NOT_BE_SAFE - EXERCISE_CAUTION - SUSPICIOUS_RISKY - POSSIBLY_MALICIOUS - PROBABLY_MALICIOUS - MALICIOUS - OTHER title: OCSFReputationScore description: String representation of reputation scores OCSFNetworkConnectionDirectionID: type: integer enum: - 0 - 1 - 2 - 3 - 99 title: OCSFNetworkConnectionDirectionID OCSFNetworkConnectionProtocolVerID: type: integer enum: - 0 - 4 - 6 - 99 title: OCSFNetworkConnectionProtocolVerID OCSFNetworkConnectionBoundaryID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 99 title: OCSFNetworkConnectionBoundaryID OCSFDatabaseTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 99 title: OCSFDatabaseTypeID OCSFDatabucketTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 99 title: OCSFDatabucketTypeID OCSFDeviceTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 99 title: OCSFDeviceTypeID OCSFOS: properties: name: type: string title: Name description: The operating system name type_id: allOf: - $ref: '#/components/schemas/OCSFOSTypeID' description: The type identifier of the operating system build: anyOf: - type: string - type: 'null' title: Build description: The operating system build number country: anyOf: - type: string - type: 'null' title: Country description: >- The operating system country code, as defined by the ISO 3166-1 standard (Alpha-2 code) cpe_name: anyOf: - type: string - type: 'null' title: Cpe Name description: The Common Platform Enumeration (CPE) name as described by (NIST) cpu_bits: anyOf: - type: integer - type: 'null' title: Cpu Bits description: >- The cpu architecture, the number of bits used for addressing in memory. For example: 32 or 64 edition: anyOf: - type: string - type: 'null' title: Edition description: 'The operating system edition. For example: Professional' lang: anyOf: - type: string - type: 'null' title: Lang description: The two letter lower case language codes, as defined by ISO 639-1 sp_name: anyOf: - type: string - type: 'null' title: Sp Name description: The name of the latest Service Pack sp_ver: anyOf: - type: integer - type: 'null' title: Sp Ver description: The version number of the latest Service Pack type: anyOf: - type: string - type: 'null' title: Type description: The type of the operating system version: anyOf: - type: string - type: 'null' title: Version description: >- The version of the OS running on the device that originated the event type: object required: - name - type_id title: OCSFOS OCSFNetworkEndpointTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 99 title: OCSFNetworkEndpointTypeID OCSFNetworkEndpointTypeName: type: string enum: - Unknown - Server - Desktop - Laptop - Tablet - Mobile - Virtual - IOT - Browser - Firewall - Switch - Hub - Router - IDS - IPS - Load Balancer - Other title: OCSFNetworkEndpointTypeName OCSFUserTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 99 title: OCSFUserTypeID OCSFAccount: properties: name: anyOf: - type: string - type: 'null' title: Name description: The name of the account (e.g. GCP Account Name) type_id: anyOf: - $ref: '#/components/schemas/OCSFAccountTypeID' - type: 'null' description: The normalized account type identifier uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the account (e.g. AWS Account ID) labels: anyOf: - items: type: string type: array - type: 'null' title: Labels description: The list of labels/tags associated to the account type: anyOf: - type: string - type: 'null' title: Type description: >- The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source type: object title: OCSFAccount OCSFLdapPerson: properties: cost_center: anyOf: - type: string - type: 'null' title: Cost Center description: The cost center associated with the person. created_time: anyOf: - type: integer - type: 'null' title: Created Time description: The time the person was created, in Unix timestamp. created_time_dt: anyOf: - type: string - type: 'null' title: Created Time Dt description: The time the person was created, in ISO 8601 format. deleted_time: anyOf: - type: integer - type: 'null' title: Deleted Time description: The time the person was deleted, in Unix timestamp. deleted_time_dt: anyOf: - type: string - type: 'null' title: Deleted Time Dt description: The time the person was deleted, in ISO 8601 format. email_addrs: anyOf: - items: type: string type: array - type: 'null' title: Email Addrs description: A list of email addresses for the person. employee_uid: anyOf: - type: string - type: 'null' title: Employee Uid description: The employee ID for the person. given_name: anyOf: - type: string - type: 'null' title: Given Name description: The given name of the person. hire_time: anyOf: - type: integer - type: 'null' title: Hire Time description: The time the person was hired, in Unix timestamp. hire_time_dt: anyOf: - type: string - type: 'null' title: Hire Time Dt description: The time the person was hired, in ISO 8601 format. job_title: anyOf: - type: string - type: 'null' title: Job Title description: The job title of the person. labels: anyOf: - items: type: string type: array - type: 'null' title: Labels description: A list of labels associated with the person. last_login_time: anyOf: - type: integer - type: 'null' title: Last Login Time description: The last login time of the person, in Unix timestamp. last_login_time_dt: anyOf: - type: string - type: 'null' title: Last Login Time Dt description: The last login time of the person, in ISO 8601 format. ldap_cn: anyOf: - type: string - type: 'null' title: Ldap Cn description: The LDAP Common Name for the person. ldap_dn: anyOf: - type: string - type: 'null' title: Ldap Dn description: The LDAP Distinguished Name for the person. leave_time: anyOf: - type: integer - type: 'null' title: Leave Time description: The time the person left the organization, in Unix timestamp. leave_time_dt: anyOf: - type: string - type: 'null' title: Leave Time Dt description: The time the person left the organization, in ISO 8601 format. location: anyOf: - $ref: '#/components/schemas/OCSFLocation' - type: 'null' description: The geographical location of the person. manager: anyOf: - $ref: '#/components/schemas/OCSFUser' - type: 'null' description: The manager of the person. modified_time: anyOf: - type: integer - type: 'null' title: Modified Time description: The time the person was last modified, in Unix timestamp. modified_time_dt: anyOf: - type: string - type: 'null' title: Modified Time Dt description: The time the person was last modified, in ISO 8601 format. office_location: anyOf: - type: string - type: 'null' title: Office Location description: The office location of the person. surname: anyOf: - type: string - type: 'null' title: Surname description: The surname of the person. type: object title: OCSFLdapPerson OCSFOrganization: properties: uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier for the organization. name: anyOf: - type: string - type: 'null' title: Name description: The name of the organization. ou_uid: anyOf: - type: string - type: 'null' title: Ou Uid description: The unique identifier for the organizational unit. ou_name: anyOf: - type: string - type: 'null' title: Ou Name description: The name of the organizational unit. type: object title: OCSFOrganization OCSFUserRiskLevel: type: string enum: - Info - Low - Medium - High - Critical - Other title: OCSFUserRiskLevel OCSFUserRiskLevelID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 99 title: OCSFUserRiskLevelID OCSFUserType: type: string enum: - Unknown - User - Admin - System - Other title: OCSFUserType OCSFAnalyticTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 99 title: OCSFAnalyticTypeID OCSFAgentType: type: string enum: - '0' - '1' - '2' - '3' - '4' - '5' - '6' - '7' - '8' - '9' - '99' title: OCSFAgentType OCSFPolicy: properties: uid: anyOf: - type: string - type: 'null' title: Uid description: The unique identifier of the policy. name: anyOf: - type: string - type: 'null' title: Name description: The name of the policy. desc: anyOf: - type: string - type: 'null' title: Desc description: A description of the policy. version: anyOf: - type: string - type: 'null' title: Version description: The version of the policy. is_applied: anyOf: - type: boolean - type: 'null' title: Is Applied description: Indicates whether the policy is applied. group: anyOf: - $ref: '#/components/schemas/OCSFGroup' - type: 'null' description: The group associated with the policy. type: object title: OCSFPolicy OCSFOSTypeID: type: integer enum: - 0 - 100 - 101 - 200 - 201 - 300 - 301 - 302 - 400 - 401 - 402 - 99 title: OCSFOSTypeID OCSFAccountTypeID: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 99 title: OCSFAccountTypeID OCSFLocation: properties: city: anyOf: - type: string - type: 'null' title: City description: The city where the location resides. continent: anyOf: - type: string - type: 'null' title: Continent description: The continent of the location. coordinates: anyOf: - items: type: number type: array - type: 'null' title: Coordinates description: The coordinates of the location as a latitude-longitude pair. country: anyOf: - type: string - type: 'null' title: Country description: The country of the location. desc: anyOf: - type: string - type: 'null' title: Desc description: A description of the location. geohash: anyOf: - type: string - type: 'null' title: Geohash description: The geohash representing the location. is_on_premises: anyOf: - type: boolean - type: 'null' title: Is On Premises description: Whether the location is on premises. isp: anyOf: - type: string - type: 'null' title: Isp description: The Internet Service Provider (ISP) for the location. lat: anyOf: - type: number - type: 'null' title: Lat description: The latitude of the location. long: anyOf: - type: number - type: 'null' title: Long description: The longitude of the location. postal_code: anyOf: - type: string - type: 'null' title: Postal Code description: The postal code of the location. provider: anyOf: - type: string - type: 'null' title: Provider description: The provider for the location. region: anyOf: - type: string - type: 'null' title: Region description: The region where the location resides. type: object title: OCSFLocation securitySchemes: Connection-ID: type: apiKey in: header name: X-CONNECTION-ID API-Key: type: apiKey in: header name: X-API-KEY ````