Kernel Resource

kernel

The Kernel Resource object provides information about a specific kernel resource, including its name and type. It describes essential attributes associated with a resource managed by the kernel of an operating system.

Attributes

Caption	Name	Type	Description
System	`is_system`	Boolean	The indication of whether the object is part of the operating system.
Name	`name`	String	The name of the kernel resource.
Path	`path`	File Path	Entity:`FILE_PATH` The full path of the kernel resource.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
System Call	`system_call`	String	The system call that was invoked.
Type	`type`	String	The type of the kernel resource.
Type ID	`type_id`	Integer	The type of the kernel resource. `1`: Shared Mutex (`SHARED_MUTEX`) `2`: System Call (`SYSTEM_CALL`) `0`: Unknown (`UNKNOWN`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Kernel Resource in their attributes:

Outbound Relationships

Kernel Resource references the following objects and events in its attributes:

Unmapped

This page describes qdm-1.5.1+ocsf-1.6.0

Updated 13 days ago