# OSIM Documentation This file provides a comprehensive list of all available documentation in the OSIM platform. ## Main Documentation - [OSIM Platform Overview](https://10.50.86.62/osim/en/index.html.md): Overview of the OSIM platform, including core features, technology stack, and quick links ## Guides - [Guide Center](https://10.50.86.62/osim/en/guide/index.html.md): Central hub for all OSIM guides and tutorials - [Quick Start Guide](https://10.50.86.62/osim/en/guide/quickstart/index.html.md): Step-by-step guide to deploy and run OSIM, including environment requirements and installation - [Changelog](https://10.50.86.62/osim/en/guide/changelog/index.html.md): Version history with new features, improvements, and bug fixes - [Contribution Guide](https://10.50.86.62/osim/en/guide/contribution/index.html.md): How to contribute to OSIM, including reporting issues and code standards - [Application Scenarios](https://10.50.86.62/osim/en/guide/scenario/index.html.md): Real-world use cases and scenarios for OSIM across different industries - [Internationalization Guide](https://10.50.86.62/osim/en/guide/internationalization/index.html.md): Multi-language support and how to add new language translations ## Scenarios - [Application Scenarios](https://10.50.86.62/osim/en/scenario/index.html.md): Detailed scenarios including SOC, threat intelligence, compliance audit, and security data analysis ## Resources - [Resource Center](https://10.50.86.62/osim/en/resources/index.html.md): Official documentation, code repositories, community resources, and third-party integrations ## Data Types - [Alert](https://10.50.86.62/osim/en/data/type/alert/index.html.md): An automated notification generated by a security system (like SIEM, IDS, or firewall) indicating that a predefined rule or anomaly detection threshold has been triggered. - [Asset](https://10.50.86.62/osim/en/data/type/asset/index.html.md): Any data, device, or other component of an organization's systems that has value and requires protection. This includes hardware, software, information, and network resources. - [Security Incident](https://10.50.86.62/osim/en/data/type/incident/index.html.md): A confirmed violation or imminent threat of violation of an organization's security policies, acceptable use policies, or standard security practices. Incidents are escalated from alerts after investigation and require a coordinated response to contain. - [Log Data](https://10.50.86.62/osim/en/data/type/log/index.html.md): A chronologically ordered record of events generated by an operating system, application, or security device. Logs provide an immutable audit trail for monitoring system health, investigating suspicious activity, and conducting forensic analysis post-incident. ## Categories and Subcategories - [Network Attack](https://10.50.86.62/osim/en/data/category/network_attack/index.html.md): Monitors and alerts on malicious activities targeting network infrastructure, including intrusion attempts, DDoS attacks, and unauthorized access. - [Backdoor Exploit](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_backdoor_exploit/index.html.md): Monitors and alerts on network traffic indicating exploitation of backdoor vulnerabilities to gai... - [Credential Attack](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_credential_attack/index.html.md): Monitors and alerts on network-based attempts to steal or exploit user credentials, such as brute... - [Denial of Service](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_dos/index.html.md): Monitors and alerts on network traffic patterns indicative of Denial of Service (DoS) attacks, wh... - [Email Threat](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_email_threat/index.html.md): Monitors and alerts on email-based network attacks, including phishing, malware distribution, and... - [Host Exploit](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_host_exploit/index.html.md): Monitors and alerts on network-based exploitation attempts targeting vulnerabilities in host syst... - [Phishing](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_phishing/index.html.md): Records network traffic patterns indicative of phishing attempts, including deceptive emails or f... - [Scan Probe](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_scan_probe/index.html.md): Records network scanning and probing activities, typically involving port scans, service discover... - [Web Attack](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_web/index.html.md): Monitors and alerts on malicious activities targeting web applications, such as SQL injection, XS... - [Web Tampering](https://10.50.86.62/osim/en/data/category/network_attack/network_attack_web_tampering/index.html.md): Monitors and alerts on unauthorized modifications or defacements of web pages, indicating potenti... - [Malware](https://10.50.86.62/osim/en/data/category/malware/index.html.md): An alert indicating the detection of malicious software designed to disrupt, damage, or gain unauthorized access to a computer system. - [Botnet](https://10.50.86.62/osim/en/data/category/malware/malware_botnet/index.html.md): Monitors and alerts on malicious botnet activities, including command and control communications,... - [Computer Virus](https://10.50.86.62/osim/en/data/category/malware/malware_computer_virus/index.html.md): This alert category monitors and records activities related to computer viruses, which are malici... - [Malicious Code Embedded Webpage](https://10.50.86.62/osim/en/data/category/malware/malware_embedded_webpage/index.html.md): Alerts indicating detection of malicious code embedded within a webpage, typically used to delive... - [Mining Software](https://10.50.86.62/osim/en/data/category/malware/malware_mining/index.html.md): Alerts related to malware specifically designed for cryptocurrency mining activities, indicating ... - [Network Worm](https://10.50.86.62/osim/en/data/category/malware/malware_network_worm/index.html.md): Alerts indicating the detection of a self-replicating malware that propagates across networks, ex... - [Ransomware](https://10.50.86.62/osim/en/data/category/malware/malware_ransomware/index.html.md): Alerts indicating the detection of ransomware, a type of malware that encrypts files and demands ... - [Trojan Horse](https://10.50.86.62/osim/en/data/category/malware/malware_trojan/index.html.md): Alerts indicating the detection of Trojan malware, which disguises itself as legitimate software ... - [Anomalous Behavior](https://10.50.86.62/osim/en/data/category/anomalous_behavior/index.html.md): This alert type monitors and reports unusual or suspicious activities that deviate from established baseline behaviors, potentially indicating security threats or compromised systems. - [Access Anomaly](https://10.50.86.62/osim/en/data/category/anomalous_behavior/abnormal_behavior_access_anomaly/index.html.md): This alert records instances of anomalous access behavior, indicating potential unauthorized or s... - [Host Behavior Anomaly](https://10.50.86.62/osim/en/data/category/anomalous_behavior/abnormal_behavior_host_abnormality/index.html.md): Monitors and alerts on unusual or suspicious activities detected on a host, indicating potential ... - [Traffic Anomaly](https://10.50.86.62/osim/en/data/category/anomalous_behavior/abnormal_behavior_traffic_anomaly/index.html.md): Monitors and alerts on unusual network traffic patterns that deviate from established baselines, ... - [Data Security](https://10.50.86.62/osim/en/data/category/data_security/index.html.md): Monitors and alerts on potential data breaches, unauthorized access, or leakage of sensitive information. - [Data Leak](https://10.50.86.62/osim/en/data/category/data_security/data_security_data_leak/index.html.md): Monitors and alerts on unauthorized access or exposure of sensitive data, indicating potential da... - [Data Tampering](https://10.50.86.62/osim/en/data/category/data_security/data_security_tampering/index.html.md): Alerts indicating unauthorized modifications or alterations to data, potentially compromising dat... - [Vulnerability Configuration Risk](https://10.50.86.62/osim/en/data/category/vulnerability_configuration_risk/index.html.md): Alert indicating potential security risks due to misconfigured or vulnerable system settings that could be exploited by attackers. - [Database Risk](https://10.50.86.62/osim/en/data/category/vulnerability_configuration_risk/vulnerability_configuration_database_risk/index.html.md): Alerts indicating potential vulnerabilities or misconfigurations in database systems that could e... - [Host Vulnerability Risk](https://10.50.86.62/osim/en/data/category/vulnerability_configuration_risk/vulnerability_configuration_host_risk/index.html.md): Alerts indicating potential security risks due to vulnerabilities or misconfigurations detected o... - [Weak Password Risk](https://10.50.86.62/osim/en/data/category/vulnerability_configuration_risk/vulnerability_configuration_weak_password/index.html.md): Alerts indicating potential security risks due to weak or default passwords in system configurati... - [Website Vulnerability Risk](https://10.50.86.62/osim/en/data/category/vulnerability_configuration_risk/vulnerability_configuration_website_risk/index.html.md): Alerts indicating potential security risks due to misconfigurations or vulnerabilities in web app... - [Data Asset](https://10.50.86.62/osim/en/data/category/data_asset/index.html.md): A data asset refers to any structured or unstructured data that holds value to an organization, including sensitive information, intellectual property, or operational data that requires protection. - [Account](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_account/index.html.md): This category records account-related data assets, including user credentials and authentication ... - [API](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_api/index.html.md): An API data asset represents programmable interfaces that enable secure data exchange between sys... - [Database](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_database/index.html.md): A data asset representing a structured collection of data stored in a database system, typically ... - [Data Field](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_field/index.html.md): A specific attribute or element within a data asset that contains structured information, often u... - [File](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_file/index.html.md): A data asset file represents a digital document or resource stored within an information system, ... - [Data Table](https://10.50.86.62/osim/en/data/category/data_asset/data_asset_table/index.html.md): A structured data asset representing a table with rows and columns, typically used for storing an... - [Business Asset](https://10.50.86.62/osim/en/data/category/business_asset/index.html.md): A business asset represents critical IT resources, systems, or services that support organizational operations and require protection against cyber threats. - [App](https://10.50.86.62/osim/en/data/category/business_asset/business_asset_app/index.html.md): An application asset within the business infrastructure, monitored for security vulnerabilities a... - [Mini Program](https://10.50.86.62/osim/en/data/category/business_asset/business_asset_mini_program/index.html.md): Monitors and records security-related activities and configurations of mini-programs within the b... - [Public Account](https://10.50.86.62/osim/en/data/category/business_asset/business_asset_public_account/index.html.md): A public account asset representing an official business account on social media platforms, monit... - [Business System](https://10.50.86.62/osim/en/data/category/business_asset/business_asset_system/index.html.md): A business asset system represents critical IT infrastructure or applications that support core o... - [Web Site](https://10.50.86.62/osim/en/data/category/business_asset/business_asset_web_site/index.html.md): A web-based business asset that represents an organization's online presence, including websites ... - [Physical Asset](https://10.50.86.62/osim/en/data/category/physical_asset/index.html.md): Physical assets refer to tangible hardware devices and infrastructure components within an IT environment that require security monitoring and protection. - [Device](https://10.50.86.62/osim/en/data/category/physical_asset/physical_asset_device/index.html.md): A physical device asset that is monitored and managed within the network infrastructure. - [Server](https://10.50.86.62/osim/en/data/category/physical_asset/physical_asset_server/index.html.md): A physical server asset that hosts applications, services, or data within a network infrastructure. - [Terminal](https://10.50.86.62/osim/en/data/category/physical_asset/physical_asset_terminal/index.html.md): A physical endpoint device that connects to a network, such as a desktop computer, laptop, or mob... - [Virtual Asset](https://10.50.86.62/osim/en/data/category/virtual_asset/index.html.md): Virtual assets refer to digital resources such as cryptocurrencies, NFTs, or virtual infrastructure that require security monitoring and protection against cyber threats. - [Container](https://10.50.86.62/osim/en/data/category/virtual_asset/virtual_asset_container/index.html.md): A virtualized environment that encapsulates applications and their dependencies, enabling isolate... - [Virtual Machine](https://10.50.86.62/osim/en/data/category/virtual_asset/virtual_asset_vm/index.html.md): A virtual machine asset that emulates a physical computer system, providing an isolated environme... - [Software Asset](https://10.50.86.62/osim/en/data/category/software_asset/index.html.md): Software asset refers to any software application or system that is installed, used, or managed within an organization's IT infrastructure, including details such as version, license, and vulnerabilities. - [Application Software](https://10.50.86.62/osim/en/data/category/software_asset/software_asset_application/index.html.md): Records details of application software assets, including version, vendor, and installation detai... - [Component](https://10.50.86.62/osim/en/data/category/software_asset/software_asset_component/index.html.md): A software component that is part of a larger software asset, typically monitored for vulnerabili... - [Middleware](https://10.50.86.62/osim/en/data/category/software_asset/software_asset_middleware/index.html.md): Middleware assets refer to software components that facilitate communication and data management ... - [Network Asset](https://10.50.86.62/osim/en/data/category/network_asset/index.html.md): Network asset refers to any device, system, or resource connected to a network that needs to be monitored and secured, including servers, workstations, and IoT devices. - [Certificate](https://10.50.86.62/osim/en/data/category/network_asset/network_asset_certificate/index.html.md): Network asset certificate records the digital certificates used for secure communication, includi... - [Domain](https://10.50.86.62/osim/en/data/category/network_asset/network_asset_domain/index.html.md): A network asset representing a domain name, which is a critical component for identifying and acc... - [IP Address](https://10.50.86.62/osim/en/data/category/network_asset/network_asset_ip_address/index.html.md): A network asset representing an IP address, which is a unique identifier assigned to devices on a... - [Port](https://10.50.86.62/osim/en/data/category/network_asset/network_asset_port/index.html.md): Network asset port records the open ports and associated services on a network device, used for m... - [Cloud Asset](https://10.50.86.62/osim/en/data/category/cloud_asset/index.html.md): A cloud asset represents any virtualized resource or service hosted in a cloud environment, including virtual machines, storage, and applications. - [Cloud Server](https://10.50.86.62/osim/en/data/category/cloud_asset/cloud_asset_ecs/index.html.md): Monitors and records metadata and configuration details of Elastic Compute Service (ECS) instance... - [Cloud Storage](https://10.50.86.62/osim/en/data/category/cloud_asset/cloud_asset_storage/index.html.md): Records metadata and configuration details of cloud storage assets, including access controls and... - [Security Incident](https://10.50.86.62/osim/en/data/category/security_incident/index.html.md): A security incident refers to any confirmed violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. - [Security Incident](https://10.50.86.62/osim/en/data/category/security_incident/security_incident/index.html.md): A security incident refers to any confirmed violation or imminent threat of violation of computer... - [Authentication And Access](https://10.50.86.62/osim/en/data/category/authentication_and_access/index.html.md): This log type captures authentication attempts, access control events, and user identity verification activities within the network infrastructure. - [Application Access Authentication](https://10.50.86.62/osim/en/data/category/authentication_and_access/authentication_access_app_auth/index.html.md): Logs recording application-level authentication events, including user login attempts, session ma... - [Host Login Authentication](https://10.50.86.62/osim/en/data/category/authentication_and_access/authentication_access_host_login/index.html.md): Records authentication attempts and access events for host logins, including successful and faile... - [Network Login Authentication](https://10.50.86.62/osim/en/data/category/authentication_and_access/authentication_network_login/index.html.md): Records network login attempts and authentication events, including success, failure, and related... - [Data Security Audit](https://10.50.86.62/osim/en/data/category/data_security_audit/index.html.md): Logs capturing detailed records of data access, modifications, and security-related activities for compliance and forensic analysis. - [Database Operation Audit](https://10.50.86.62/osim/en/data/category/data_security_audit/data_security_audit_db_operation/index.html.md): Records and audits all database operations including queries, modifications, and access attempts ... - [File Communication Audit](https://10.50.86.62/osim/en/data/category/data_security_audit/data_security_audit_file_communication/index.html.md): Logs and audits file transfer activities to monitor data security compliance and detect unauthori... - [Network Session Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/index.html.md): Network session audit logs capture detailed records of communication sessions between devices, including timestamps, source/destination IPs, ports, and protocol information for security analysis. - [DNP3 Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_dnp3/index.html.md): Records DNP3 protocol sessions for auditing and monitoring SCADA network communications. - [FTP Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_ftp/index.html.md): Logs FTP session activities including authentication, file transfers, and command executions for ... - [NFS Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_nfs/index.html.md): Records audit logs of NFS (Network File System) sessions, including file access and permission ev... - [Rdp Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_rdp/index.html.md): Records and monitors Remote Desktop Protocol (RDP) sessions, including authentication attempts, s... - [SSH Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_ssh/index.html.md): Records and monitors SSH session activities, including authentication attempts, command execution... - [Telnet Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_telnet/index.html.md): Audit logs capturing TELNET session activities, including authentication attempts, command execut... - [Traffic Session Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_audit_traffic/index.html.md): Records and audits network traffic sessions, including details of source, destination, protocols,... - [Database Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_db_audit/index.html.md): Records and monitors database query and transaction activities within network sessions for securi... - [DHCP Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_dhcp_audit/index.html.md): Records and monitors DHCP (Dynamic Host Configuration Protocol) lease assignments, renewals, and ... - [DNS Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_dns_audit/index.html.md): Records DNS query and response activities for auditing and monitoring network session integrity. - [Email Protocol Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_email_protocol_audit/index.html.md): Records and audits network sessions involving email protocols such as SMTP, IMAP, and POP3 for se... - [Http Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_http_audit/index.html.md): Records and monitors HTTP session activities, including requests, responses, and headers for secu... - [KRB5 Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_krb5_audit/index.html.md): Records authentication and authorization events within network sessions using the Kerberos 5 (KRB... - [Ldap Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_ldap_audit/index.html.md): Records LDAP protocol activities including authentication, authorization, and directory access fo... - [Modbus Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_modbus_audit/index.html.md): Records and audits MODBUS protocol network sessions for industrial control system security monito... - [MQTT Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_mqtt_audit/index.html.md): Records MQTT protocol sessions, including connection establishment, message publishing/subscribin... - [Network Access Control](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_network_access_control/index.html.md): Records events related to endpoint authentication, posture assessment, authorization decisions, a... - [Network Address Translation](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_network_address_translation/index.html.md): Records details of IP address and port translation sessions between private and public networks, ... - [Radius Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_radius_audit/index.html.md): Records RADIUS protocol authentication and accounting events for network access control and sessi... - [SMB Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_smb_audit/index.html.md): Records and monitors SMB protocol activities, including file sharing, authentication, and session... - [Tftp Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_tftp_audit/index.html.md): Records and monitors TFTP (Trivial File Transfer Protocol) sessions for auditing and security ana... - [TLS Audit](https://10.50.86.62/osim/en/data/category/network_session_audit/network_session_tls_audit/index.html.md): Records and monitors TLS handshake details, cipher suite negotiations, and certificate validation... - [Host Behavior Audit](https://10.50.86.62/osim/en/data/category/host_behavior_audit/index.html.md): This log type records detailed audit trails of host activities, including user commands, process executions, and system modifications for security monitoring and forensic analysis. - [Account Behavior](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_account_behavior/index.html.md): Records and monitors user account activities and behaviors on the host system for security auditi... - [Domain Request](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_domain_request/index.html.md): Records DNS queries and domain resolution attempts made by the host, monitoring potential malicio... - [File Operation](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_file_operation/index.html.md): Records file operations such as creation, modification, deletion, and access activities on the ho... - [Module Load](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_module_load/index.html.md): Records the loading of modules or libraries into the host system's memory, which may indicate pot... - [Named Pipe](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_named_pipe/index.html.md): Records activities related to named pipe operations on the host, including creation, access, and ... - [Network Behavior](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_network_behavior/index.html.md): Records and monitors network-related activities and behaviors performed by a host, including conn... - [Process Operation](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_process_operation/index.html.md): Records detailed audit logs of process-related activities on a host, including creation, terminat... - [Registry Operation](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_registry_operation/index.html.md): Records and monitors modifications, accesses, and deletions of registry keys and values on a host... - [Remote Thread Creation](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_remote_thread_creation/index.html.md): Records instances of remote thread creation activities on a host, which may indicate potential co... - [Scheduled Task Operation](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_scheduled_task_operation/index.html.md): Records audit events related to the creation, modification, or deletion of scheduled tasks on a h... - [Script Execution](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_script_execution/index.html.md): Records and monitors script execution activities on a host, including details such as script name... - [WinRM Behavior](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_winrm/index.html.md): Records Windows Remote Management (WinRM) activities, including authentication, command execution... - [Wmi Behavior](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_audit_wmi/index.html.md): Records and monitors Windows Management Instrumentation (WMI) activities on the host, including s... - [Service Behavior](https://10.50.86.62/osim/en/data/category/host_behavior_audit/host_behavior_service/index.html.md): Logs capturing service-related activities and behaviors on a host, including service starts, stop... - [Operation Monitoring Audit](https://10.50.86.62/osim/en/data/category/operation_monitoring_audit/index.html.md): This log type captures detailed audit trails of operational monitoring activities, including system performance metrics, configuration changes, and administrative access events for compliance and security analysis. - [File Transfer](https://10.50.86.62/osim/en/data/category/operation_monitoring_audit/operation_monitoring_audit_file_transfer/index.html.md): Logs and monitors file transfer activities, including uploads, downloads, and data exchanges, for... - [Image Text](https://10.50.86.62/osim/en/data/category/operation_monitoring_audit/operation_monitoring_audit_image_text/index.html.md): Logs capturing OCR (Optical Character Recognition) operations and text extraction activities from... - [System Operations](https://10.50.86.62/osim/en/data/category/operation_monitoring_audit/operation_monitoring_audit_system_operations/index.html.md): Logs system administrative and operational activities for monitoring and auditing purposes. - [Command Operation](https://10.50.86.62/osim/en/data/category/operation_monitoring_audit/operation_monitoring_command/index.html.md): Logs and monitors command execution activities for security auditing and compliance purposes.