diff --git a/docs/cloud-security-posture-team/Technical_Index.md b/docs/cloud-security-posture-team/Technical_Index.md index 0f0fd22c26ee2c1..c9b38d96563d237 100644 --- a/docs/cloud-security-posture-team/Technical_Index.md +++ b/docs/cloud-security-posture-team/Technical_Index.md @@ -117,41 +117,41 @@ activated_rules: ### Finding Schema Evaluating a policy with the relevant resource will result in the following: -| Field | Type | Description | -| :--------------------------- | :--------------------------------------------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `@timestamp` | String - ISO DATE yyy-MM-dd'T'HH:mm:ss.SSSZ | Timestamp processing the output by the agent's machine | -| `agent.*` | Object | Basic information represents the agent producing the finding. [docs](https://www.elastic.co/guide/en/ecs/8.3/ecs-agent.html) | -| `cycle_id` Obsolete | String | A unique identifier that represents a batch of results of a single cycle made by the agent. This field is temporary solution until we will solve the "Batching Problem". | -| `event.*` | Object | Meta data about the finding (kind of event). [docs](https://www.elastic.co/guide/en/ecs/current/ecs-event.html) | -| `host.*` | Object | Host (core) information. [docs](https://www.elastic.co/guide/en/ecs/8.1/ecs-host.html) | -| `resource_id` Obsolete | String | A unique identifier of the resource - deprecated, use `resource.id` instead. | -| `resource.*` | Object | Represents the resource of the finding | -| `resource.id` | Unique resource ID | String | -| `resource.name` | A human readable representation of the resource | String | -| `resource.raw` | Represents the input resource to be evaluated | Object | -| `resource.sub_type` | The sub-type of the resource, e.g. `pod`, `directory` etc. | String | -| `resource.type` | Resource type, e.g. `file`, `k8s_object`, `process` etc. | String | -| `result.*` | Object | Represents the results of the finding | -| `result.evaluation` | String (`passed` \| `failed`) | Evaluation result | -| `result.evidence.*` | Object | A map of key-value data that represents the critical information the evaluation result dependent upon | -| `result.expected.*` | Object | A map of key-value data that represents the expected information from the evaluation result | -| `rule.*` | Object | Represents the rule which ran to produce the following finding | -| `rule.audit` | String (Markdown) | Rule audit | -| `rule.benchmark.name` | String | Benchmark name | -| `rule.benchmark.version` | String | Benchmark Version | -| `rule.default_value` | String (Markdown) | Rule default value | -| `rule.description` | String (Markdown) | Rule description | -| `rule.id` | String | Rule unique identifier | -| `rule.impact` | String (Markdown) | Rule Impact | -| `rule.name` | String | Human readable rule name | -| `rule.profile_applicability` | String (Markdown) | Rule profile applicability | -| `rule.rationale` | String (Markdown) | The Rationale behind the rule | -| `rule.references` | String (Markdown) | Rule references | -| `rule.remediation` | String (Markdown) | Recommended way of remediation | -| `rule.section` | String | Rule section | -| `rule.tags` | String[] | List of relevant tags | -| `rule.version` | String | Rule Version | -| `type` Obsolete | String | The type of the resource (`file-system`, `kube-api`, `process`) - deprecated, use `resource.type` instead. | +| Field | Type | Description | +| :--------------------------- | :--------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `@timestamp` | String - ISO DATE yyy-MM-dd'T'HH:mm:ss.SSSZ | Timestamp processing the output by the agent's machine | +| `agent.*` | Object | Basic information represents the agent producing the finding. [docs](https://www.elastic.co/guide/en/ecs/8.3/ecs-agent.html) | +| `cycle_id` Obsolete | String | A unique identifier that represents a batch of results of a single cycle made by the agent. This field is temporary solution until we will solve the "Batching Problem". | +| `event.*` | Object | Meta data about the finding (kind of event). [docs](https://www.elastic.co/guide/en/ecs/current/ecs-event.html) | +| `host.*` | Object | Host (core) information. [docs](https://www.elastic.co/guide/en/ecs/8.1/ecs-host.html) | +| `resource_id` Obsolete | String | A unique identifier of the resource - deprecated, use `resource.id` instead. | +| `resource.*` | Object | Represents the resource of the finding | +| `resource.id` | Unique resource ID | uuid that is generated according to resource type. file-system: uuid(cluster.id, node.id, file.path, file.creation_date). process: uuid(cluster.id, node.id, process.namespace_inode, process.pid, process.start_time). kube-api: k8s object metadata.uuid. | +| `resource.name` | A human readable representation of the resource | String | +| `resource.raw` | Represents the input resource to be evaluated | Object | +| `resource.sub_type` | The sub-type of the resource, e.g. `pod`, `directory` etc. | String | +| `resource.type` | Resource type, e.g. `file`, `k8s_object`, `process` etc. | String | +| `result.*` | Object | Represents the results of the finding | +| `result.evaluation` | String (`passed` \| `failed`) | Evaluation result | +| `result.evidence.*` | Object | A map of key-value data that represents the critical information the evaluation result dependent upon | +| `result.expected.*` | Object | A map of key-value data that represents the expected information from the evaluation result | +| `rule.*` | Object | Represents the rule which ran to produce the following finding | +| `rule.audit` | String (Markdown) | Rule audit | +| `rule.benchmark.name` | String | Benchmark name | +| `rule.benchmark.version` | String | Benchmark Version | +| `rule.default_value` | String (Markdown) | Rule default value | +| `rule.description` | String (Markdown) | Rule description | +| `rule.id` | String | Rule unique identifier | +| `rule.impact` | String (Markdown) | Rule Impact | +| `rule.name` | String | Human readable rule name | +| `rule.profile_applicability` | String (Markdown) | Rule profile applicability | +| `rule.rationale` | String (Markdown) | The Rationale behind the rule | +| `rule.references` | String (Markdown) | Rule references | +| `rule.remediation` | String (Markdown) | Recommended way of remediation | +| `rule.section` | String | Rule section | +| `rule.tags` | String[] | List of relevant tags | +| `rule.version` | String | Rule Version | +| `type` Obsolete | String | The type of the resource (`file-system`, `kube-api`, `process`) - deprecated, use `resource.type` instead. | ##### Finding example