Guides

Windows Resource

Suggest Edits

The Windows resource object describes a resource object managed by Windows, such as mutant or timer.

Attributes

CaptionNameTypeDescription
Data data JSON Additional data describing the resource.
Data Classification data_classification Data Classification[] The Data Classification object includes information about data classification levels and data category types.
Details details String The string detailing the attributes of the resource object.
Labels labels String[] The list of labels/tags associated to a resource.
Name name String The name of the resource object.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Service Name svc_name String The Windows service acting as the object server for the resource object, such as Security or Security Account Manager.
Type type String The type of the Windows resource object.
Type ID type_id Integer The normalized type identifier of the Windows resource object accessed.
  • 0: Unknown (UNKNOWN)
  • 1: Directory (DIRECTORY)
  • 10: Section (SECTION)
  • 11: WindowStation (WINDOWSTATION)
  • 12: DebugObject (DEBUGOBJECT)
  • 13: FilterCommunicationPort (FILTERCOMMUNICATIONPORT)
  • 14: EventPair (EVENTPAIR)
  • 15: Driver (DRIVER)
  • 16: IoCompletion (IOCOMPLETION)
  • 17: Controller (CONTROLLER)
  • 18: SymbolicLink (SYMBOLICLINK)
  • 19: WmiGuid (WMIGUID)
  • 2: Event (EVENT)
  • 20: Process (PROCESS)
  • 21: Profile (PROFILE)
  • 22: Desktop (DESKTOP)
  • 23: KeyedEvent (KEYEDEVENT)
  • 24: Adapter (ADAPTER)
  • 25: Key (KEY)
  • 26: WaitablePort (WAITABLEPORT)
  • 27: Callback (CALLBACK)
  • 28: Semaphore (SEMAPHORE)
  • 29: Job (JOB)
  • 3: Timer (TIMER)
  • 30: Port (PORT)
  • 31: FilterConnectionPort (FILTERCONNECTIONPORT)
  • 32: ALPC Port (ALPC_PORT)
  • 33: SAM_ALIAS (SAM_ALIAS)
  • 34: SAM_GROUP (SAM_GROUP)
  • 35: SAM_USER (SAM_USER)
  • 36: SAM_DOMAIN (SAM_DOMAIN)
  • 37: SAM_SERVER (SAM_SERVER)
  • 4: Device (DEVICE)
  • 5: Mutant (MUTANT)
  • 6: Type (TYPE)
  • 7: File (FILE)
  • 8: Token (TOKEN)
  • 9: Thread (THREAD)
  • 99: Other (OTHER)
Unique ID uid String The Windows provided handle identifier for the resource object
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Windows Resource shown in context

Inbound Relationships

These objects and events reference Windows Resource in their attributes:

Outbound Relationships

Windows Resource references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 1 month ago