Kernel Extension

kernel_driver

The Kernel Extension object describes a kernel driver that has been loaded or unloaded into the operating system (OS) kernel.

Attributes

Caption	Name	Type	Description
File	`file`	File[]	Entity:`FILE` Group:`primary` The driver/extension file object.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Kernel Extension in their attributes:

Kernel Extension references the following objects and events in its attributes:

This page describes ocsf-1.4.0