Guides

Startup Item

Suggest Edits

startup_item

The startup item object describes an application component that has associated startup criteria and configurations.

Attributes

CaptionNameTypeDescription
Kernel Driver driver Kernel Extension[] The startup item kernel driver resource.
Job job Job[] The startup item job resource.
Name name String The unique name of the startup item.
Process process Linux Process[] Entity:PROCESS
The startup item process resource.
Run Mode IDs run_mode_ids Integer[] The list of normalized identifiers that describe the startup items' properties when it is running. Use this field to capture extended information about the process, which may depend on the type of startup item. E.g., A Windows service that interacts with the desktop.
  • 0: Unknown (UNKNOWN)
  • 1: Interactive (INTERACTIVE)
  • 2: Own Process (OWN_PROCESS)
  • 3: Shared Process (SHARED_PROCESS)
  • 99: Other (OTHER)
Run Modes run_modes String[] The list of run_modes, normalized to the captions of the run_mode_id values. In the case of 'Other', they are defined by the event source.
Run State run_state String The run state of the startup item.
Run State ID run_state_id Integer The run state ID of the startup item.
  • 0: Unknown (UNKNOWN)
  • 1: Stopped (STOPPED)
  • 2: Start Pending (START_PENDING)
  • 3: Stop Pending (STOP_PENDING)
  • 4: Running (RUNNING)
  • 5: Continue Pending (CONTINUE_PENDING)
  • 6: Pause Pending (PAUSE_PENDING)
  • 7: Paused (PAUSED)
  • 8: Restart Pending (RESTART_PENDING)
  • 99: Other (OTHER)
Start Type start_type String The start type of the startup item.
Start Type ID start_type_id Integer The start type ID of the startup item.
  • 0: Unknown (UNKNOWN)
  • 1: Auto (AUTO)
  • 2: Boot (BOOT)
  • 3: On Demand (ON_DEMAND)
  • 4: Disabled (DISABLED)
  • 5: All Logins (ALL_LOGINS)
  • 6: Specific User Login (SPECIFIC_USER_LOGIN)
  • 7: Scheduled (SCHEDULED)
  • 8: System Changed (SYSTEM_CHANGED)
  • 99: Other (OTHER)
Type type String The startup item type.
Type ID type_id Integer The startup item type identifier.
  • 0: Unknown (UNKNOWN)
  • 1: Kernel Mode Driver (KERNEL_MODE_DRIVER)
  • 2: User Mode Driver (USER_MODE_DRIVER)
  • 3: Service (SERVICE)
  • 4: User Mode Application (USER_MODE_APPLICATION)
  • 5: Autoload (AUTOLOAD)
  • 6: System Extension (SYSTEM_EXTENSION)
  • 7: Kernel Extension (KERNEL_EXTENSION)
  • 8: Scheduled Job, Task (SCHEDULED_JOB,_TASK)
  • 99: Other (OTHER)
Windows Service win_service Windows Service[] The startup item Windows service resource.

Relationships

Startup Item shown in context

Inbound Relationships

These objects and events reference Startup Item in their attributes:

Outbound Relationships

Startup Item references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 9 days ago