Class: Os
The Operating System (OS) object describes characteristics of an OS, such as
Linux or Windows.
URI: ocsf:Os
classDiagram
class Os
click Os href "../Os/"
Object <|-- Os
click Object href "../Object/"
Os : build
Os : country
Os : cpe_name
Os : cpu_bits
Os : edition
Os : kernel_release
Os : lang
Os : name
Os : sp_name
Os : sp_ver
Os : type
Os : type_id
Os --> "1" OsTypeIdEnum : type_id
click OsTypeIdEnum href "../OsTypeIdEnum/"
Os : version
Inheritance
- OcsfObject
- Object
- Os
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| build | 0..1 String |
The operating system build number | direct |
| country | 0..1 String |
The operating system country code, as defined by the ISO 3166-1 standard | direct |
| cpe_name | 0..1 String |
The Common Platform Enumeration (CPE) name as described by (<a target='_blank... | direct |
| cpu_bits | 0..1 Integer |
The cpu architecture, the number of bits used for addressing in memory | direct |
| edition | 0..1 String |
The operating system edition | direct |
| kernel_release | 0..1 String |
The kernel release of the operating system | direct |
| lang | 0..1 String |
The two letter lower case language codes, as defined by <a target='_blank' | direct |
| name | 1 String |
The operating system name | direct |
| sp_name | 0..1 String |
The name of the latest Service Pack | direct |
| sp_ver | 0..1 Integer |
The version number of the latest Service Pack | direct |
| type | 0..1 String |
The type of the operating system | direct |
| type_id | 1 OsTypeIdEnum |
The type identifier of the operating system | direct |
| version | 0..1 String |
The version of the OS running on the device that originated the event | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Advisory | os | range | Os |
| Endpoint | os | range | Os |
| KbArticle | os | range | Os |
| NetworkEndpoint | os | range | Os |
| NetworkProxy | os | range | Os |
| Device | os | range | Os |
In Subsets
Aliases
- Operating System (OS)
See Also
Notes
- D3FEND™ Ontology d3f:OperatingSystem — https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Os |
| native | ocsf:Os |
| exact | uco_master:OperatingSystem |
| close | stix:Software |
LinkML Source
Direct
name: Os
description: 'The Operating System (OS) object describes characteristics of an OS,
such as
Linux or Windows.'
notes:
- 'D3FEND™ Ontology d3f:OperatingSystem —
https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/
aliases:
- Operating System (OS)
exact_mappings:
- uco_master:OperatingSystem
close_mappings:
- stix:Software
is_a: Object
slots:
- build
- country
- cpe_name
- cpu_bits
- edition
- kernel_release
- lang
- name
- sp_name
- sp_ver
- type
- type_id
- version
slot_usage:
country:
name: country
description: 'The operating system country code, as defined by the ISO 3166-1
standard
(Alpha-2 code).<p><b>Note:</b> The two letter country code should be
capitalized. For example: <code>US</code> or <code>CA</code>.</p>'
name:
name: name
description: The operating system name.
required: true
type:
name: type
description: The type of the operating system.
type_id:
name: type_id
description: The type identifier of the operating system.
range: OsTypeIdEnum
required: true
version:
name: version
description: 'The version of the OS running on the device that originated the
event. For
example: "Windows 10", "OS X 10.7", or "iOS 9".'
Induced
name: Os
description: 'The Operating System (OS) object describes characteristics of an OS,
such as
Linux or Windows.'
notes:
- 'D3FEND™ Ontology d3f:OperatingSystem —
https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/
aliases:
- Operating System (OS)
exact_mappings:
- uco_master:OperatingSystem
close_mappings:
- stix:Software
is_a: Object
slot_usage:
country:
name: country
description: 'The operating system country code, as defined by the ISO 3166-1
standard
(Alpha-2 code).<p><b>Note:</b> The two letter country code should be
capitalized. For example: <code>US</code> or <code>CA</code>.</p>'
name:
name: name
description: The operating system name.
required: true
type:
name: type
description: The type of the operating system.
type_id:
name: type_id
description: The type identifier of the operating system.
range: OsTypeIdEnum
required: true
version:
name: version
description: 'The version of the OS running on the device that originated the
event. For
example: "Windows 10", "OS X 10.7", or "iOS 9".'
attributes:
build:
name: build
description: The operating system build number.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS Build
rank: 1000
alias: build
owner: Os
domain_of:
- Os
range: string
country:
name: country
annotations:
observable_id:
tag: observable_id
value: 14
description: 'The operating system country code, as defined by the ISO 3166-1
standard
(Alpha-2 code).<p><b>Note:</b> The two letter country code should be
capitalized. For example: <code>US</code> or <code>CA</code>.</p>'
notes:
- ISO 3166-1 alpha-2 codes — https://www.iso.org/obp/ui/#iso:pub:PUB500001:en
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://www.iso.org/obp/ui/#iso:pub:PUB500001:en
aliases:
- Country
rank: 1000
alias: country
owner: Os
domain_of:
- Os
- Location
range: string
cpe_name:
name: cpe_name
description: 'The Common Platform Enumeration (CPE) name as described by (<a target=''_blank''
href=''https://nvd.nist.gov/products/cpe''>NIST</a>) For example:
<code>cpe:/a:apple:safari:16.2</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- The product CPE identifier
rank: 1000
alias: cpe_name
owner: Os
domain_of:
- Os
- Package
- Product
range: string
cpu_bits:
name: cpu_bits
description: 'The cpu architecture, the number of bits used for addressing in
memory. For
example: <code>32</code> or <code>64</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CPU Bits
rank: 1000
alias: cpu_bits
owner: Os
domain_of:
- Os
- DeviceHwInfo
range: integer
edition:
name: edition
description: 'The operating system edition. For example: <code>Professional</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS Edition
rank: 1000
alias: edition
owner: Os
domain_of:
- Os
range: string
kernel_release:
name: kernel_release
description: 'The kernel release of the operating system. On Unix-based systems,
this is
determined from the <code>uname -r</code> command output, for example
"5.15.0-122-generic".'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Kernel Release
rank: 1000
alias: kernel_release
owner: Os
domain_of:
- Os
range: string
lang:
name: lang
description: 'The two letter lower case language codes, as defined by <a target=''_blank''
href=''https://en.wikipedia.org/wiki/ISO_639-1''>ISO 639-1</a>. For example:
<code>en</code> (English), <code>de</code> (German), or <code>fr</code>
(French).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Language
rank: 1000
alias: lang
owner: Os
domain_of:
- Os
- Product
- TransformationInfo
range: string
name:
name: name
description: The operating system name.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Os
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
required: true
sp_name:
name: sp_name
description: The name of the latest Service Pack.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS Service Pack
rank: 1000
alias: sp_name
owner: Os
domain_of:
- Os
range: string
sp_ver:
name: sp_ver
description: The version number of the latest Service Pack.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS Service Pack Version
rank: 1000
alias: sp_ver
owner: Os
domain_of:
- Os
range: integer
type:
name: type
description: The type of the operating system.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Os
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The type identifier of the operating system.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: Os
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: OsTypeIdEnum
required: true
version:
name: version
description: 'The version of the OS running on the device that originated the
event. For
example: "Windows 10", "OS X 10.7", or "iOS 9".'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Os
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string