Script
script
The Script object describes a script or command that can be executed by a shell, script engine, or interpreter. Examples include Bash, JavsScript, PowerShell, Python, VBScript, etc. Note that the term script here denotes not only a script contained within a file but also a script or command typed interactively by a user, supplied on the command line, or provided by some other file-less mechanism.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
File | file | File[] | Entity: |
Hashes | hashes | Fingerprint[] | Entity: |
Name | name | String | Unique identifier for the script or macro, independent of the containing file, used for tracking, auditing, and security analysis. |
Parent Unique ID | parent_uid | String | This attribute relates a sub-script to a parent script having the matching |
Raw Data | raw_data | JSON | Group: |
Record ID | record_id | String | Group: |
Script Content | script_content | Long String[] | Entity: |
Type | type | String | The script type, normalized to the caption of the |
Type ID | type_id | Integer | The normalized script type ID.
|
Unique ID | uid | String | Some script engines assign a unique ID to each individual execution of a given script. This attribute captures that unique ID. In the case of PowerShell, the unique ID corresponds to the |
Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Script in their attributes:
Outbound Relationships
Script references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 6 days ago