Class: KernelDriver
The Kernel Extension object describes a kernel driver that has been loaded or
unloaded into the operating system (OS) kernel.
URI: ocsf:KernelDriver
classDiagram
class KernelDriver
click KernelDriver href "../KernelDriver/"
Object <|-- KernelDriver
click Object href "../Object/"
KernelDriver : file
KernelDriver --> "1" File : file
click File href "../File/"
Inheritance
- OcsfObject
- Object
- KernelDriver
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| file | 1 File |
The driver/extension file object | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| StartupItem | driver | range | KernelDriver |
| KernelExtensionActivity | driver | range | KernelDriver |
| WindowsStartupItem | driver | range | KernelDriver |
In Subsets
Aliases
- Kernel Extension
See Also
Notes
- D3FEND™ Ontology d3f:KernelModule — https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:KernelDriver |
| native | ocsf:KernelDriver |
| close | uco_master:Library |
LinkML Source
Direct
name: KernelDriver
description: 'The Kernel Extension object describes a kernel driver that has been
loaded or
unloaded into the operating system (OS) kernel.'
notes:
- 'D3FEND™ Ontology d3f:KernelModule —
https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/
aliases:
- Kernel Extension
close_mappings:
- uco_master:Library
is_a: Object
slots:
- file
slot_usage:
file:
name: file
annotations:
group:
tag: group
value: primary
description: The driver/extension file object.
required: true
Induced
name: KernelDriver
description: 'The Kernel Extension object describes a kernel driver that has been
loaded or
unloaded into the operating system (OS) kernel.'
notes:
- 'D3FEND™ Ontology d3f:KernelModule —
https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/
aliases:
- Kernel Extension
close_mappings:
- uco_master:Library
is_a: Object
slot_usage:
file:
name: file
annotations:
group:
tag: group
value: primary
description: The driver/extension file object.
required: true
attributes:
file:
name: file
annotations:
group:
tag: group
value: primary
description: The driver/extension file object.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- File
rank: 1000
alias: file
owner: KernelDriver
domain_of:
- Osint
- QueryEvidence
- Script
- AffectedCode
- Databucket
- Evidences
- Job
- KernelDriver
- Module
- Process
- FileHosting
- FileQuery
- DataSecurityFinding
- EmailFileActivity
- FtpActivity
- HttpActivity
- NetworkFileActivity
- RdpActivity
- SmbActivity
- SshActivity
- FileRemediationActivity
- EventLogActvity
- FileActivity
range: File
required: true