Process Entity
process_entity
The Process Entity object provides critical fields for referencing a process.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Command Line | cmd_line |
String |
Entity:COMMAND_LINE The full command line used to launch an application, service, process, or job. For example: ssh [email protected] . If the command line is unavailable or missing, the empty string '' is to be used.
|
Created Time | created_time |
Timestamp | The time when the process was created/started. |
Name | name |
Process Name |
Entity:PROCESS_NAME The friendly name of the process, for example: Notepad++ .
|
Path | path |
String | The process file path. |
Process ID | pid |
Integer |
Entity:PROCESS_ID The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process. |
Raw Data | raw_data |
JSON |
Group:context The event data as received from the event source. |
Record ID | record_id |
String |
Group:primary Unique identifier for the object |
Unique ID | uid |
String | A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process. |
Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Process Entity in their attributes:
Outbound Relationships
Process Entity references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago