Profiles are reusable attribute sets that can be applied to event classes to add common functionality like host information, user details, or malware analysis.
- AI Operation: AI-specific attributes for model operations, retrieval systems, and agent activities. e.g. model_name, total_token_counts etc.
- Cloud: The attributes that describe information specific to Cloud services/applications.
- Container: The container context for a process.
- Data Classification: The Data Classification profile adds attributes to specific resource objects, allowing users to describe information about classifiers & data classification results.
- Date/Time: This profile defines date/time attributes as defined in RFC-3339.
- Host: The attributes that identify host/device attributes.
- Incident: The attributes that add incident handling semantics to a Finding.
- Linux Users: The attributes that Linux uses to identify user information.
- Load Balancer: The attributes that describe information specific to load balancers.
- Network Proxy: The attributes that identify network proxy attributes.
- OSINT: The OSINT (Open Source Intelligence) profile contains one or more indicators and associated analysis and details, such as registrar (WHOIS) information and commentary about a hostname, or information about a digital certificate and its usage within a campaign.
- Security Control: The attributes including disposition that represent the outcome of a security control including but not limited to access control, malware or policy violation, network proxy, intrusion detection, firewall, or data control.
- Trace: The Trace Profile extends the OCSF framework to capture and standardize observability events, specifically targeting trace-level data.