Profiles are reusable attribute sets that can be applied to event classes to add common functionality like host information, user details, or malware analysis.
- Cloud: The attributes that describe information specific to Cloud services/applications.
- Container: The container context for a process.
- Date/Time: This profile defines date/time attributes as defined in RFC-3339.
- Host: The attributes that identify host/device attributes.
- Linux: The attributes that Linux uses to identify user information.
- Security Control: The attributes that identify security controls such as malware or policy violations.