Types define the format and validation rules for attribute values in OCSF.
| Type | Caption | Base Type | Description |
|---|---|---|---|
boolean_t | Boolean | — | Boolean value. One of true or false. |
bytestring_t | Byte String | string_t | Base64 encoded immutable byte sequence. |
datetime_t | Datetime | string_t | The Internet Date/Time format as defined in RFC-3339. For example 1985-04-12T23:20:50.52Z. |
email_t | Email Address | string_t | Email address. For example: john_doe@example.com. |
file_hash_t | File Hash | string_t | File hash. A unique value that corresponds to the content of the file. |
file_name_t | File Name | string_t | File name. For example: text-file.txt. |
float_t | Float | — | Real floating-point value. For example: 3.14. |
hostname_t | Hostname | string_t | Unique name assigned to a device connected to a computer network. A domain name in general is an Internet address that can be resolved through the Domain Name System (DNS). For example: r2-d2.example.com. |
integer_t | Integer | — | Signed integer value. |
ip_t | IP Address | string_t | Internet Protocol address (IP address), in either IPv4 or IPv6 format. |
json_t | JSON | — | Embedded JSON value. A value can be a string, or a number, or true or false or null, or an object or an array. These structures can be nested. See www.json.org. |
long_t | Long | — | 8-byte long, signed integer value. |
mac_t | MAC Address | string_t | Media Access Control (MAC) address. For example: 18:36:F3:98:4F:9A. |
port_t | Port | integer_t | The TCP/UDP port number. For example: 80 or 22. |
process_name_t | Process Name | string_t | Process name. For example: Notepad. |
resource_uid_t | Resource UID | string_t | Resource unique identifier. For example, S3 Bucket name or EC2 Instance ID. |
string_t | String | — | UTF-8 encoded byte sequence. |
subnet_t | Subnet | string_t | Subnet mask in Classless Inter-Domain Routing (CIDR) notation. For example 192.168.200.0/24. |
timestamp_t | Timestamp | long_t | The timestamp format is the number of milliseconds since the Epoch 01/01/1970 00:00:00 UTC. For example 1618524549901. |
url_t | URL String | string_t | Uniform Resource Locator (URL) string. For example: http://www.example.com/download/trouble.exe. |
username_t | User Name | string_t | User name. For example: john_doe. |
uuid_t | UUID | string_t | 128-bit universal unique identifier. For example: 123e4567-e89b-12d3-a456-42661417400. |