Skip to content

Analytic

The Analytic object contains details about the analytic technique used to analyze and derive insights from the data or information that led to the creation of a finding or conclusion.

  • Extends: _entity

Attributes

Section titled “Attributes”

type_id

  • Type: integer_t
  • Requirement: required
  • Values:
    • 0 - Unknown: The type is unknown.
    • 1 - Rule: A Rule in security analytics refers to predefined criteria or conditions set to monitor, alert, or enforce policies, playing a crucial role in access control, threat detection, and regulatory compliance across security systems.
    • 2 - Behavioral: Behavioral analytics focus on monitoring and analyzing user or system actions to identify deviations from established patterns, aiding in the detection of insider threats, fraud, and advanced persistent threats (APTs).
    • 3 - Statistical: Statistical analytics pertains to analyzing data patterns and anomalies using statistical models to predict, detect, and respond to potential threats, enhancing overall security posture through informed decision-making.
    • 5 - Fingerprinting: Fingerprinting is the technique of collecting detailed system data, including software versions and configurations, to enhance threat detection, data loss prevention (DLP), and endpoint detection and response (EDR) capabilities.
    • 6 - Tagging: Tagging refers to the practice of assigning labels or identifiers to data, users, assets, or activities to monitor, control access, and facilitate incident response across various security domains such as DLP and EDR.
    • 7 - Keyword Match: Keyword Match involves scanning content for specific terms to identify sensitive information, potential threats, or policy violations, aiding in DLP and compliance monitoring.
    • 8 - Regular Expressions: Regular Expressions are used to define complex search patterns for identifying, validating, and extracting specific data sets or threats within digital content, enhancing DLP, EDR, and threat detection mechanisms.
    • 9 - Exact Data Match: Exact Data Match is a precise comparison technique used to detect the unauthorized use or exposure of specific, sensitive information, crucial for enforcing DLP policies and protecting against data breaches.
    • 10 - Partial Data Match: Partial Data Match involves identifying instances where segments of sensitive information or patterns match, facilitating nuanced DLP and threat detection without requiring complete data conformity.
    • 11 - Indexed Data Match: Indexed Data Match refers to comparing content against a pre-compiled index of sensitive information to efficiently detect and prevent unauthorized access or breaches, streamlining DLP and compliance efforts.
    • 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The analytic type ID.

name

  • Type: string_t
  • Requirement: recommended

The name of the analytic that generated the finding.

uid

  • Type: string_t
  • Requirement: recommended

The unique identifier of the analytic that generated the finding.

category

  • Type: string_t
  • Requirement: optional

The analytic category.

desc

  • Type: string_t
  • Requirement: optional

The description of the analytic that generated the finding.

related_analytics

Other analytics related to this analytic.

type

  • Type: string_t
  • Requirement: optional

The analytic type.

version

  • Type: string_t
  • Requirement: optional

The analytic version. For example: 1.1.

Constraints

Section titled “Constraints”

At least one of: name, uid

Used By

Section titled “Used By”