The Analytic object contains details about the analytic technique used to analyze and derive insights from the data or information that led to the finding or conclusion.
- Extends:
_entity
Attributes
Section titled “Attributes”name
- Type:
string_t - Requirement: required
The name of the analytic that generated the finding.
type_id
- Type:
integer_t - Requirement: required
- Values:
0-Unknown: The type is unknown.1-Rule2-Behavioral3-Statistical4-Learning (ML/DL)99-Other: The type is not mapped. See thetypeattribute, which may contain a data source specific value.
The analytic type ID.
uid
- Type:
string_t - Requirement: recommended
The unique identifier of the analytic that generated the finding.
category
- Type:
string_t - Requirement: optional
The analytic category.
desc
- Type:
string_t - Requirement: optional
The description of the analytic that generated the finding.
related_analytics
- Type:
analytic - Requirement: optional
Describes analytics related to the analytic of a finding or detection as identified by the security product.
type
- Type:
string_t - Requirement: optional
The analytic type.
version
- Type:
string_t - Requirement: optional
The analytic version. For example: 1.1.