Registry Value

reg_value

The registry value object describes a Windows registry value.

Attributes

Caption	Name	Type	Description
Data	`data`	JSON	The data of the registry value.
Default Value	`is_default`	Boolean	The indication of whether the value is from a default value name. For example, the value name could be missing.
System	`is_system`	Boolean	The indication of whether the object is part of the operating system.
Modified Time	`modified_time`	Timestamp	The time when the registry value was last modified.
Name	`name`	String	The name of the registry value.
Path	`path`	String	The full path to the registry key, where the value is located.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Type	`type`	String	A string representation of the value type as specified in Registry Value Types.
Type ID	`type_id`	Integer	The value type ID. `0`: Unknown (`UNKNOWN`) `1`: REG_BINARY (`REG_BINARY`) `10`: REG_SZ (`REG_SZ`) `2`: REG_DWORD (`REG_DWORD`) `3`: REG_DWORD_BIG_ENDIAN (`REG_DWORD_BIG_ENDIAN`) `4`: REG_EXPAND_SZ (`REG_EXPAND_SZ`) `5`: REG_LINK (`REG_LINK`) `6`: REG_MULTI_SZ (`REG_MULTI_SZ`) `7`: REG_NONE (`REG_NONE`) `8`: REG_QWORD (`REG_QWORD`) `9`: REG_QWORD_LITTLE_ENDIAN (`REG_QWORD_LITTLE_ENDIAN`) `99`: Other (`OTHER`)
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference Registry Value in their attributes:

Registry Value references the following objects and events in its attributes:

This page describes ocsf-1.4.0