Falco · JSON-LD Context

Falco Context

JSON-LD context defining the semantic vocabulary for Falco from Falco.

5 Classes 28 Properties 10 Namespaces
View Context View on GitHub

Namespaces

falco: https://falco.org/vocab#
schema: https://schema.org/
sec: https://w3id.org/security#
spdx: https://spdx.org/rdf/terms#
stix: https://docs.oasis-open.org/cti/stix/v2.1/vocab#
mitre: https://attack.mitre.org/techniques/
cve: https://cve.mitre.org/cgi-bin/cvename.cgi?name=
oci: https://opencontainers.org/schema#
k8s: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#
xsd: http://www.w3.org/2001/XMLSchema#

Classes

Rule Macro List Alert DetectionEngine

Properties

Property Type Container
rule string
condition string
output string
priority string
source string
enabled boolean
tags set
hostname string
time dateTime
uuid string
processName string
processId integer
parentProcessName string
commandLine string
userName string
userId integer
containerId string
containerName string
containerImage string
containerImageTag string
namespace string
podName string
threatCategory reference
mitreAttackTechnique reference
description string
name string
version string
license string

JSON-LD Document

Raw ↑ 
{
  "@context": {
    "@version": 1.1,
    "falco": "https://falco.org/vocab#",
    "schema": "https://schema.org/",
    "sec": "https://w3id.org/security#",
    "spdx": "https://spdx.org/rdf/terms#",
    "stix": "https://docs.oasis-open.org/cti/stix/v2.1/vocab#",
    "mitre": "https://attack.mitre.org/techniques/",
    "cve": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=",
    "oci": "https://opencontainers.org/schema#",
    "k8s": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#",

    "Rule": "falco:Rule",
    "Macro": "falco:Macro",
    "List": "falco:List",
    "Alert": "falco:Alert",
    "DetectionEngine": "falco:DetectionEngine",

    "rule": {
      "@id": "falco:ruleName",
      "@type": "xsd:string"
    },
    "condition": {
      "@id": "falco:condition",
      "@type": "xsd:string"
    },
    "output": {
      "@id": "falco:output",
      "@type": "xsd:string"
    },
    "priority": {
      "@id": "falco:priority",
      "@type": "xsd:string"
    },
    "source": {
      "@id": "falco:dataSource",
      "@type": "xsd:string"
    },
    "enabled": {
      "@id": "falco:enabled",
      "@type": "xsd:boolean"
    },
    "tags": {
      "@id": "schema:keywords",
      "@container": "@set"
    },

    "hostname": {
      "@id": "schema:hostName",
      "@type": "xsd:string"
    },
    "time": {
      "@id": "schema:dateCreated",
      "@type": "xsd:dateTime"
    },
    "uuid": {
      "@id": "schema:identifier",
      "@type": "xsd:string"
    },

    "processName": {
      "@id": "falco:processName",
      "@type": "xsd:string"
    },
    "processId": {
      "@id": "falco:processId",
      "@type": "xsd:integer"
    },
    "parentProcessName": {
      "@id": "falco:parentProcessName",
      "@type": "xsd:string"
    },
    "commandLine": {
      "@id": "falco:commandLine",
      "@type": "xsd:string"
    },
    "userName": {
      "@id": "schema:name",
      "@type": "xsd:string"
    },
    "userId": {
      "@id": "falco:userId",
      "@type": "xsd:integer"
    },

    "containerId": {
      "@id": "oci:containerId",
      "@type": "xsd:string"
    },
    "containerName": {
      "@id": "oci:containerName",
      "@type": "xsd:string"
    },
    "containerImage": {
      "@id": "oci:imageRepository",
      "@type": "xsd:string"
    },
    "containerImageTag": {
      "@id": "oci:imageTag",
      "@type": "xsd:string"
    },

    "namespace": {
      "@id": "k8s:namespace",
      "@type": "xsd:string"
    },
    "podName": {
      "@id": "k8s:podName",
      "@type": "xsd:string"
    },

    "threatCategory": {
      "@id": "stix:attack-pattern",
      "@type": "@id"
    },
    "mitreAttackTechnique": {
      "@id": "mitre:technique",
      "@type": "@id"
    },

    "description": {
      "@id": "schema:description",
      "@type": "xsd:string"
    },
    "name": {
      "@id": "schema:name",
      "@type": "xsd:string"
    },
    "version": {
      "@id": "schema:softwareVersion",
      "@type": "xsd:string"
    },
    "license": {
      "@id": "spdx:licenseDeclared",
      "@type": "xsd:string"
    },

    "xsd": "http://www.w3.org/2001/XMLSchema#"
  }
}