The Policy object describes the policies that are applicable.
Policy attributes provide traceability to the operational state of the security product at the time that the event was captured, facilitating forensics, troubleshooting, and policy tuning/adjustments.
- Extends:
_entity
Attributes
Section titled “Attributes”is_applied
- Type:
boolean_t - Requirement: recommended
A determination if the content of a policy was applied to a target or request, or not.
name
- Type:
string_t - Requirement: recommended
The policy name. For example: IAM Policy.
uid
- Type:
string_t - Requirement: recommended
A unique identifier of the policy instance.
version
- Type:
string_t - Requirement: recommended
The policy version number.
data
- Type:
json_t - Requirement: optional
Additional data about the policy such as the underlying JSON policy itself or other details.
desc
- Type:
string_t - Requirement: optional
The description of the policy.
group
- Type:
group - Requirement: optional
The policy group.
Constraints
Section titled “Constraints”At least one of: name, uid
Used By
Section titled “Used By”account_changeadmin_group_queryairborne_broadcast_activityapi_activityapplication_errorapplication_lifecycleapplication_security_posture_findingauthenticationauthorize_sessionbase_eventcloud_resources_inventory_infocompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activitydrone_flights_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_log_actvityevidence_infofile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityincident_findinginventory_infojob_querykernel_activitykernel_extension_activitykernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activityosint_inventory_infopatch_stateperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activityscript_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitystartup_item_querytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/windows_resource_activitywin/windows_service_activity