Process Entity

process_entity

The Process Entity object provides critical fields for referencing a process.

Attributes

CaptionNameTypeDescription
Command Linecmd_lineStringEntity:COMMAND_LINE

The full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used.
Common Process IdentifiercpidUUIDA unique process identifier that can be assigned deterministically by multiple system data producers.
Created Timecreated_timeTimestampThe time when the process was created/started.
NamenameProcess NameEntity:PROCESS_NAME

The friendly name of the process, for example: Notepad++.
PathpathStringThe process file path.
Process IDpidIntegerEntity:PROCESS_ID

The process identifier, as reported by the operating system. Process ID (PID) is a number used by the operating system to uniquely identify an active process.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Unique IDuidStringEntity:LINUX_PROCESS_OBJECT_UID

A unique identifier for this process assigned by the producer (tool). Facilitates correlation of a process event with other events for that process.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Process Entity shown in context

Inbound Relationships

These objects and events reference Process Entity in their attributes:

Outbound Relationships

Process Entity references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0