Guides

Service

Suggest Edits

The Service object describes characteristics of a service, e.g. AWS EC2.

Attributes

CaptionNameTypeDescription
Command Line cmd_line String The full command line used to launch an application, service, process, or job. For example: ssh [email protected]. If the command line is unavailable or missing, the empty string '' is to be used

🚧 WARNING: DEPRECATED

Command Line has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
File file File[] The service file object.

🚧 WARNING: DEPRECATED

File has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Labels labels String[] The list of labels associated with the service.
Loaded Module loaded_module_name String The name of the module loaded by the service.

🚧 WARNING: DEPRECATED

Loaded Module has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Name name String The name of the service.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Run State run_state String The service run state.

🚧 WARNING: DEPRECATED

Run State has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Run State ID run_state_id Integer The service run state ID.

🚧 WARNING: DEPRECATED

Run State ID has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

  • -1: Other (OTHER)
  • 0: Unknown (UNKNOWN)
  • 1: Stopped (STOPPED)
  • 2: Start Pending (START_PENDING)
  • 3: Stop Pending (STOP_PENDING)
  • 4: Running (RUNNING)
  • 5: Continue Pending (CONTINUE_PENDING)
  • 6: Pause Pending (PAUSE_PENDING)
  • 7: Paused (PAUSED)
  • 99: Other (OTHER)
Start Type start_type String The service start type.

🚧 WARNING: DEPRECATED

Start Type has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Start Type ID start_type_id Integer The service start type ID.

🚧 WARNING: DEPRECATED

Start Type ID has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

  • -1: Other (OTHER)
  • 0: Unknown (UNKNOWN)
  • 1: Auto (AUTO)
  • 10: System Changed (SYSTEM_CHANGED)
  • 2: Boot (BOOT)
  • 3: Demand (DEMAND)
  • 4: System (SYSTEM)
  • 5: Disabled (DISABLED)
  • 6: All Logins (ALL_LOGINS)
  • 7: Specific User Login (SPECIFIC_USER_LOGIN)
  • 8: Interactive Login (INTERACTIVE_LOGIN)
  • 9: Scheduled (SCHEDULED)
Type IDs type_ids Integer[] The service type identifiers.

🚧 WARNING: DEPRECATED

Type IDs has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

  • -1: Other (OTHER)
  • 0: Unknown (UNKNOWN)
  • 1: Adapter (ADAPTER)
  • 2: File System Driver (FILE_SYSTEM_DRIVER)
  • 3: Kernel Driver (KERNEL_DRIVER)
  • 4: Recognized Driver (RECOGNIZED_DRIVER)
  • 5: Own Process (OWN_PROCESS)
  • 6: Shared Process (SHARED_PROCESS)
  • 7: Interactive (INTERACTIVE)
  • 8: Other (OTHER)
  • 9: Autoload (AUTOLOAD)
Types types String[] The service types.

🚧 WARNING: DEPRECATED

Types has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Unique ID uid String The unique identifier of the service.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version version String The version of the service.

Relationships

Service shown in context

Inbound Relationships

These objects and events reference Service in their attributes:

Outbound Relationships

Service references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 5 months ago