Process Entity
process_entity
The Process Entity object provides critical fields for referencing a process.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Command Line | cmd_line |
String |
Entity:COMMAND_LINEThe full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used.
|
| Created Time | created_time |
Timestamp | The time when the process was created/started. |
| Name | name |
Process Name |
Entity:PROCESS_NAMEThe friendly name of the process, for example: Notepad++.
|
| Path | path |
String | The process file path. |
| Process ID | pid |
Integer |
Entity:PROCESS_IDThe process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process. |
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Unique ID | uid |
String | A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process. |
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Process Entity in their attributes:
Outbound Relationships
Process Entity references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 10 days ago