Process Entity
process_entity
The Process Entity object provides critical fields for referencing a process.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Command Line | cmd_line |
String |
The full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used.
|
| Created Time | created_time |
Timestamp | The time when the process was created/started. |
| Created Time | created_time_dt |
Datetime | The time when the process was created/started. |
| Name | name |
Process Name |
The friendly name of the process, for example: Notepad++.
|
| Path | path |
String | The process file path. |
| Process ID | pid |
Integer | The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process. |
| Raw Data | raw_data |
String | The raw event/finding data as received from the source. |
| Record ID | record_id |
String | Unique identifier for the object |
| Unique ID | uid |
String | A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process. |
| Unmapped Data | unmapped |
Object[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Process Entity in their attributes:
Outbound Relationships
Process Entity references the following objects and events in its attributes:
This page describes qdm-1.4.0+ocsf-1.4.0
Updated 5 days ago