The Actor object contains details about the user, role, or process that initiated or performed a specific activity.
Attributes
Section titled “Attributes”process
- Type:
process - Requirement: recommended
The process that initiated the activity.
user
- Type:
user - Requirement: recommended
The user that initiated the activity or the user context from which the activity was initiated.
authorizations
- Type:
authorization - Requirement: optional
Provides details about an authorization, such as authorization outcome, and any associated policies related to the activity/event.
idp
- Type:
idp - Requirement: optional
This object describes details about the Identity Provider used.
invoked_by
- Type:
string_t - Requirement: optional
The name of the service that invoked the activity as described in the event.
session
- Type:
session - Requirement: optional
The user session from which the activity was initiated.
Constraints
Section titled “Constraints”At least one of: process, user, invoked_by, session
Used By
Section titled “Used By”account_changeapi_activityapplication_lifecycleauthenticationauthorize_sessioncompliance_findingconfig_statedatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activityemail_activityemail_file_activityemail_url_activityentity_managementfile_activityfile_hostingftp_activitygroup_managementhttp_activityinventory_infokernel_activitykernel_extensionmemory_activitymodule_activitynetwork_activitynetwork_file_activityntp_activityprocess_activityrdp_activityscan_activityscheduled_job_activitysmb_activityssh_activityuser_accessuser_inventoryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_infowin/registry_key_activitywin/registry_key_infowin/registry_value_activitywin/registry_value_infowin/resource_activity