Class: QueryInfo

The query info object holds information related to data access within a

datastore. To access, manipulate, delete, or retrieve data from a datastore, a

query must be written using a specific syntax.

 classDiagram
    class QueryInfo
    click QueryInfo href "../QueryInfo/"
      Entity <|-- QueryInfo
        click Entity href "../Entity/"

      QueryInfo : bytes

      QueryInfo : data

      QueryInfo : name

      QueryInfo : query_string

      QueryInfo : query_time

      QueryInfo : uid

Inheritance

OcsfObject
- Object
  - Entity
    - QueryInfo

Slots

Name	Cardinality and Range	Description	Inheritance
bytes	0..1 Integer	The size of the data returned from the query	direct
data	0..1 String	The data returned from the query execution	direct
name	0..1 recommended String	The query name for a saved or scheduled query	direct
query_string	1 String	A string representing the query code being run	direct
query_time	0..1 TimestampT	The time when the query was run	direct
uid	0..1 recommended String	The unique identifier of the query	direct

Usages

used by	used in	type	used
DatastoreActivity	query_info	range	QueryInfo
AdminGroupQuery	query_info	range	QueryInfo
DiscoveryResult	query_info	range	QueryInfo
EvidenceInfo	query_info	range	QueryInfo
FileQuery	query_info	range	QueryInfo
FolderQuery	query_info	range	QueryInfo
JobQuery	query_info	range	QueryInfo
KernelObjectQuery	query_info	range	QueryInfo
ModuleQuery	query_info	range	QueryInfo
NetworkConnectionQuery	query_info	range	QueryInfo
NetworksQuery	query_info	range	QueryInfo
PeripheralDeviceQuery	query_info	range	QueryInfo
ProcessQuery	query_info	range	QueryInfo
ServiceQuery	query_info	range	QueryInfo
SessionQuery	query_info	range	QueryInfo
StartupItemQuery	query_info	range	QueryInfo
UserQuery	query_info	range	QueryInfo
PrefetchQuery	query_info	range	QueryInfo
RegistryKeyQuery	query_info	range	QueryInfo
RegistryValueQuery	query_info	range	QueryInfo

In Subsets

objects_subset

Aliases

Query Information

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:QueryInfo
native	ocsf:QueryInfo

LinkML Source

Direct

name: QueryInfo
description: 'The query info object holds information related to data access within
  a

  datastore. To access, manipulate, delete, or retrieve data from a datastore, a

  query must be written using a specific syntax.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Query Information
is_a: Entity
slots:
- bytes
- data
- name
- query_string
- query_time
- uid
slot_usage:
  bytes:
    name: bytes
    description: The size of the data returned from the query.
  data:
    name: data
    description: The data returned from the query execution.
  name:
    name: name
    description: The query name for a saved or scheduled query.
  query_string:
    name: query_string
    description: 'A string representing the query code being run. For example: <code>SELECT
      *

      FROM my_table</code>'
    required: true
  query_time:
    name: query_time
    description: The time when the query was run.
  uid:
    name: uid
    description: The unique identifier of the query.

Induced

name: QueryInfo
description: 'The query info object holds information related to data access within
  a

  datastore. To access, manipulate, delete, or retrieve data from a datastore, a

  query must be written using a specific syntax.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Query Information
is_a: Entity
slot_usage:
  bytes:
    name: bytes
    description: The size of the data returned from the query.
  data:
    name: data
    description: The data returned from the query execution.
  name:
    name: name
    description: The query name for a saved or scheduled query.
  query_string:
    name: query_string
    description: 'A string representing the query code being run. For example: <code>SELECT
      *

      FROM my_table</code>'
    required: true
  query_time:
    name: query_time
    description: The time when the query was run.
  uid:
    name: uid
    description: The unique identifier of the query.
attributes:
  bytes:
    name: bytes
    description: The size of the data returned from the query.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Total Bytes
    rank: 1000
    alias: bytes
    owner: QueryInfo
    domain_of:
    - NetworkTraffic
    - QueryInfo
    range: integer
  data:
    name: data
    description: The data returned from the query execution.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Data
    rank: 1000
    alias: data
    owner: QueryInfo
    domain_of:
    - Request
    - Response
    - TlsExtension
    - Resource
    - ApplicationObject
    - Edge
    - Enrichment
    - Evidences
    - ManagedEntity
    - Node
    - Policy
    - QueryInfo
    - WebResource
    - RegValue
    range: string
  name:
    name: name
    description: The query name for a saved or scheduled query.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Name
    rank: 1000
    alias: name
    owner: QueryInfo
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - Parameter
    - PrivilegeInfo
    - San
    - Scim
    - Script
    - ServicePrivilegeAnalysis
    - SoftwareComponent
    - Sso
    - StartupItem
    - ThreatActor
    - Token
    - Entity
    - Resource
    - Account
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - AutonomousSystem
    - Campaign
    - Check
    - CisBenchmark
    - CisBenchmarkResult
    - CisControl
    - ClassifierDetails
    - Container
    - D3fTactic
    - D3fTechnique
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Endpoint
    - Enrichment
    - EnvironmentVariable
    - Evidences
    - Extension
    - Feature
    - File
    - Graph
    - Group
    - HttpCookie
    - HttpHeader
    - Idp
    - Image
    - Job
    - Kernel
    - KeyValueObject
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metric
    - Mitigation
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - ResourceDetails
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - FtpActivity
    - RegValue
    - WinResource
    - WinService
    - PrefetchQuery
    range: string
    recommended: true
  query_string:
    name: query_string
    description: 'A string representing the query code being run. For example: <code>SELECT
      *

      FROM my_table</code>'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - HTTP Query String
    rank: 1000
    alias: query_string
    owner: QueryInfo
    domain_of:
    - Url
    - QueryInfo
    range: string
    required: true
  query_time:
    name: query_time
    description: The time when the query was run.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Query Time
    rank: 1000
    alias: query_time
    owner: QueryInfo
    domain_of:
    - QueryInfo
    - DnsActivity
    range: TimestampT
  uid:
    name: uid
    description: The unique identifier of the query.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Unique ID
    rank: 1000
    alias: uid
    owner: QueryInfo
    domain_of:
    - Osint
    - Package
    - ProgrammaticCredential
    - RelatedEvent
    - Request
    - Sbom
    - Scim
    - Script
    - Session
    - Span
    - Sso
    - Ticket
    - Token
    - Trace
    - Entity
    - Resource
    - Account
    - Advisory
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - Certificate
    - Check
    - ClassifierDetails
    - Container
    - Cve
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Email
    - Endpoint
    - Evidences
    - Extension
    - Feature
    - File
    - FindingObject
    - FindingInfo
    - Graph
    - Group
    - HttpRequest
    - Idp
    - Image
    - KbArticle
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metadata
    - Mitigation
    - NetworkConnectionInfo
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - WinResource
    range: string
    recommended: true