Process Entity
process_entity
The Process Entity object provides critical fields for referencing a process.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Command Line | cmd_line | String | Entity:COMMAND_LINEThe full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used. |
| Common Process Identifier | cpid | UUID | A unique process identifier that can be assigned deterministically by multiple system data producers. |
| Created Time | created_time | Timestamp | The time when the process was created/started. |
| Name | name | Process Name | Entity:PROCESS_NAMEThe friendly name of the process, for example: Notepad++. |
| Path | path | String | The process file path. |
| Process ID | pid | Integer | Entity:PROCESS_IDThe process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process. |
| Raw Data | raw_data | JSON | Group:contextThe event data as received from the event source. |
| Record ID | record_id | String | Group:primaryUnique identifier for the object |
| Unique ID | uid | String | Entity:LINUX_PROCESS_OBJECT_UIDA unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Process Entity in their attributes:
Outbound Relationships
Process Entity references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0