OCSF per-class activity mappings.
Maps activity names to their OCSF 1.8 numeric identifiers within each event class. Activities describe what happened in a given event class (e.g. Logon, Logoff for Authentication).
See the OCSF activity_id definition.
Activities by class
| Class UID | Activity | ID |
|---|---|---|
| 3002 | :Logon | 1 |
| 3002 | :Logoff | 2 |
| 3002 | :Preauth | 6 |
| 3001 | :Create | 1 |
| 3001 | :Delete | 6 |
| 3003 | :"Assign Privileges" | 1 |
| 6003 | :Create | 1 |
| ... | ... | ... |
See OCSF.Class for class definitions.
Summary
Functions
Return the human-readable label for a class_uid and activity_id.
Return the activity_id for a class_uid and activity name.
Return true if the activity_id is valid for the given class_uid.
Return activities for a class_uid as a keyword list.
Functions
Return the human-readable label for a class_uid and activity_id.
Returns nil if the class or activity is unknown.
Examples
iex> OCSF.Activity.label(3002, 1)
:Logon
iex> OCSF.Activity.label(3002, 42)
nilReturn the activity_id for a class_uid and activity name.
Returns nil if the class or activity name is unknown.
Examples
iex> OCSF.Activity.uid(3002, :Logon)
1
iex> OCSF.Activity.uid(3002, :NonExistent)
nilReturn true if the activity_id is valid for the given class_uid.
Examples
iex> OCSF.Activity.valid?(3002, 1)
true
iex> OCSF.Activity.valid?(3002, 42)
falseReturn activities for a class_uid as a keyword list.
Returns an empty list if the class is unknown.
Examples
iex> OCSF.Activity.values(3003)
[{:Unknown, 0}, {:"Assign Privileges", 1}, {:"Revoke Privileges", 2}, {:Other, 99}]
iex> OCSF.Activity.values(9999)
[]