Registry Key
The registry key object describes a Windows registry key. Defined by D3FEND d3f:WindowsRegistryKey.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| System | is_system |
Boolean | The indication of whether the object is part of the operating system. |
| Modified Time | modified_time |
Timestamp | The time when the registry key was last modified. |
| Path | path |
String | The full path to the registry key. |
| Raw Data | raw_data |
JSON | The event data as received from the event source. |
| Record ID | record_id |
String | Unique identifier for the object |
| Security Descriptor | security_descriptor |
String | The security descriptor of the registry key. |
| Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Registry Key in their attributes:
Outbound Relationships
Registry Key references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 17 hours ago