The Related Event object describes an event related to a finding or detection as identified by the security product.
Attributes
Section titled “Attributes”uid
- Type:
string_t - Requirement: required
The unique identifier of the related event.
type_uid
- Type:
long_t - Requirement: recommended
The unique identifier of the related event type. For example: 100701.
attacks
- Type:
attack - Requirement: optional
An array of MITRE ATT&CK® objects describing the tactics, techniques & sub-techniques identified by a security control or finding.
kill_chain
- Type:
kill_chain_phase - Requirement: optional
The Cyber Kill Chain® provides a detailed description of each phase and its associated activities within the broader context of a cyber attack.
observables
- Type:
observable - Requirement: optional
The observables associated with the event or a finding.
product_uid
- Type:
string_t - Requirement: optional
The unique identifier of the product that reported the related event.
type
- Type:
string_t - Requirement: optional
The type of the related event. For example: Process Activity: Launch.