Process Entity

process_entity

The Process Entity object provides critical fields for referencing a process.

Attributes

Caption	Name	Type	Description
Command Line	`cmd_line`	String	Entity:`COMMAND_LINE` The full command line used to launch an application, service, process, or job. For example: `ssh [email protected]`. If the command line is unavailable or missing, the empty string `''` is to be used.
Created Time	`created_time`	Timestamp	The time when the process was created/started.
Name	`name`	Process Name	Entity:`PROCESS_NAME` The friendly name of the process, for example: `Notepad++`.
Path	`path`	String	The process file path.
Process ID	`pid`	Integer	Entity:`PROCESS_ID` The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Unique ID	`uid`	String	A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Process Entity in their attributes:

Process Entity references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 28 days ago