Resource Details

The Resource Details object describes details about resources that were affected by the activity/event.

• Extends: _resource

Attributes

data_classification

• Type: data_classification
• Requirement: recommended

The Data Classification object includes information about data classification levels and data category types.

data_classifications

• Type: data_classification
• Requirement: recommended

A list of Data Classification objects, that include information about data classification levels and data category types, identified by a classifier.

hostname

• Type: hostname_t
• Requirement: recommended

The fully qualified name of the resource.

ip

• Type: ip_t
• Requirement: recommended

The IP address of the resource, in either IPv4 or IPv6 format.

name

• Type: string_t
• Requirement: recommended

The name of the resource.

owner

• Type: user
• Requirement: recommended

The details of the entity that owns the resource. This object includes properties such as the owner’s name, unique identifier, type, domain, and other relevant attributes that help identify the resource owner within the environment.

role_id

• Type: integer_t
• Requirement: recommended
• Values:
  • 0 - Unknown: The role is unknown.
  • 1 - Target: The resource is the primary target or subject of the event/finding.
  • 2 - Actor: The resource is acting as the initiator or performer in the context of the event/finding.
  • 3 - Affected: The resource was impacted or affected by the event/finding.
  • 4 - Related: The resource is related to or associated with the event/finding.
  • 99 - Other: The role is not mapped. See the role attribute, which contains a data source specific value.

The normalized identifier of the resource’s role in the context of the event or finding.

uid

• Type: resource_uid_t
• Requirement: recommended

The unique identifier of the resource.

agent_list

• Type: agent
• Requirement: optional

A list of agent objects associated with a device, endpoint, or resource.

cloud_partition

• Type: string_t
• Requirement: optional

The logical grouping or isolated segment within a cloud provider’s infrastructure where the resource is located. Examples include AWS partitions (aws, aws-cn, aws-us-gov), Azure cloud environments (AzureCloud, AzureUSGovernment, AzureChinaCloud), or similar logical divisions in other cloud providers.

created_time

• Type: timestamp_t
• Requirement: optional

The time when the resource was created.

created_time_dt

• Type: datetime_t
• Requirement: optional

The time when the resource was created.

criticality

• Type: string_t
• Requirement: optional

The criticality of the resource as defined by the event source.

data

• Type: json_t
• Requirement: optional

Additional data describing the resource.

group

• Type: group
• Requirement: optional

The name of the related resource group.

is_backed_up

• Type: boolean_t
• Requirement: optional

Indicates whether the device or resource has a backup enabled, such as an automated snapshot or a cloud backup. For example, this is indicated by the cloudBackupEnabled value within JAMF Pro mobile devices or the registration of an AWS ARN with the AWS Backup service.

labels

• Type: string_t
• Requirement: optional

The list of labels associated to the resource.

modified_time

• Type: timestamp_t
• Requirement: optional

The time when the resource was last modified.

modified_time_dt

• Type: datetime_t
• Requirement: optional

The time when the resource was last modified.

namespace

• Type: string_t
• Requirement: optional

The namespace is useful when similar entities exist that you need to keep separate.

region

• Type: string_t
• Requirement: optional

The cloud region where the resource is hosted, as defined by the cloud provider. This represents the physical or logical geographic area containing the infrastructure supporting the resource. Examples include AWS regions (us-east-1, eu-west-1), Azure regions (East US, West Europe), GCP regions (us-central1, europe-west1), or Oracle Cloud regions (us-ashburn-1, uk-london-1).

resource_relationship

• Type: graph
• Requirement: optional

A graph representation showing how this resource relates to and interacts with other entities in the environment. This can include parent/child relationships, dependencies, or other connections.

role

• Type: string_t
• Requirement: optional

The role of the resource in the context of the event or finding, normalized to the caption of the role_id value. In the case of ‘Other’, it is defined by the event source.

tags

• Type: key_value_object
• Requirement: optional

The list of tags; {key:value} pairs associated to the resource.

type

• Type: string_t
• Requirement: optional

The resource type as defined by the event source.

uid_alt

• Type: resource_uid_t
• Requirement: optional

The alternative unique identifier of the resource.

version

• Type: string_t
• Requirement: optional

The version of the resource. For example 1.2.3.

zone

• Type: string_t
• Requirement: optional

The availability zone within a cloud region where the resource is located. Examples include AWS availability zones (us-east-1a, us-east-1b), Azure availability zones (1, 2, 3 within a region), GCP zones (us-central1-a, us-central1-b), or Oracle Cloud availability domains (AD-1, AD-2, AD-3).

Constraints

At least one of: name, uid

Used By

• api_activity
• application_security_posture_finding
• cloud_resources_inventory_info
• compliance_finding
• data_security_finding
• detection_finding
• group_management
• iam_analysis_finding
• security_finding
• user_access
• vulnerability_finding