Guides

Operating System (OS)

Suggest Edits

The Operating System (OS) object describes characteristics of an OS, such as Linux or Windows. Defined by D3FEND d3f:OperatingSystem.

Attributes

CaptionNameTypeDescription
OS Build build String The operating system build number.
Country country String The operating system country code, as defined by the ISO 3166-1 standard (Alpha-2 code). For the complete list of country codes, see ISO 3166-1 alpha-2 codes.
The product CPE identifier cpe_name String The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2.
CPU Bits cpu_bits Integer The cpu architecture, the number of bits used for addressing in memory. For example: 32 or 64.
OS Edition edition String The operating system edition. For example: Professional.
Language lang String The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).
Name name String The operating system name.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
OS Service Pack sp_name String The name of the latest Service Pack.
OS Service Pack Version sp_ver Integer The version number of the latest Service Pack.
Type type String The type of the operating system.
Type ID type_id Integer The type identifier of the operating system.
  • 0: Unknown (UNKNOWN)
  • 100: Windows (WINDOWS)
  • 101: Windows Mobile (WINDOWS_MOBILE)
  • 200: Linux (LINUX)
  • 201: Android (ANDROID)
  • 300: macOS (MACOS)
  • 301: iOS (IOS)
  • 302: iPadOS (IPADOS)
  • 400: Solaris (SOLARIS)
  • 401: AIX (AIX)
  • 402: HP-UX (HP-UX)
  • 99: Other (OTHER)
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version version String The version of the OS running on the device that originated the event. For example: "Windows 10", "OS X 10.7", or "iOS 9".

Relationships

Operating System (OS) shown in context

Inbound Relationships

These objects and events reference Operating System (OS) in their attributes:

Outbound Relationships

Operating System (OS) references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 1 month ago