Skip to content

Profiles

Profiles are reusable attribute sets that can be applied to event classes to add common functionality like host information, user details, or malware analysis.

  • Cloud: The attributes that describe information specific to Cloud services/applications.
  • Container: The container context for a process.
  • Data Classification: The attributes that describe information specific to data classification.
  • Date/Time: This profile defines date/time attributes as defined in RFC-3339.
  • Host: The attributes that identify host/device attributes.
  • Linux Users: The attributes that Linux uses to identify user information.
  • Load Balancer: The attributes that describe information specific to load balancers.
  • Network Proxy: The attributes that identify network proxy attributes.
  • OSINT: The OSINT (Open Source Intelligence) profile contains one or more indicators and associated analysis and details, such as registrar (WHOIS) information and commentary about a hostname, or information about a digital certificate and its usage within a campaign.
  • Security Control: The attributes including disposition that represent the outcome of a security control including but not limited to access control, malware or policy violation, network proxy, firewall, or data control.