Universal Interface

October 15, 2025 · View on GitHub

Description

The universal interface defines a set of global fields. These are fields that are required for every event, regardless the type of event. The following list represents the minimum fields required to define an event. The list includes the CDI (core/detection/informational) values for each field. For more information about CDI values, see Information Model Interface.

Universal fields

FieldCoreDetectionInformational
activity
activity_type
host
landscape
outcome
platform
product
product_category
security_criticality
site_id
subject
time
vendor