Slot: log_source_channel
The specific log channel, event ID, or event category within the log source (e.g., '1' for Sysmon Process Creation event, 'SYSCALL' for Linux auditd, 'process' for macOS unified logs). Together with log_source_name, uniquely identifies a log collection configuration.
URI: attack:log_source_channel
Alias: log_source_channel
Applicable Classes
| Name |
Description |
Modifies Slot |
| LogSourceReference |
A reference linking an analytic to a specific data component and log source p... |
yes |
| LogSource |
A platform-specific log collection configuration embedded within a data compo... |
yes |
Properties
Type and Range
Cardinality and Requirements
| Property |
Value |
| Required |
Yes |
In Subsets
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type |
Mapped Value |
| self |
attack:log_source_channel |
| native |
attack:log_source_channel |
LinkML Source
name: log_source_channel
description: The specific log channel, event ID, or event category within the log
source (e.g., '1' for Sysmon Process Creation event, 'SYSCALL' for Linux auditd,
'process' for macOS unified logs). Together with log_source_name, uniquely identifies
a log collection configuration.
in_subset:
- attack_aux
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: log_source_channel
domain_of:
- LogSource
- LogSourceReference
range: string
required: true