Process Entity

process_entity

The Process Entity object provides critical fields for referencing a process.

Attributes

CaptionNameTypeDescription
Command Line cmd_line String Entity:COMMAND_LINE
The full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used.
Created Time created_time Timestamp The time when the process was created/started.
Name name Process Name Entity:PROCESS_NAME
The friendly name of the process, for example: Notepad++.
Path path String The process file path.
Process ID pid Integer Entity:PROCESS_ID
The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Unique ID uid String A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Process Entity shown in context

Inbound Relationships

These objects and events reference Process Entity in their attributes:

Outbound Relationships

Process Entity references the following objects and events in its attributes:

This page describes ocsf-1.4.0