Skip to content

Class: RegKey

The registry key object describes a Windows registry key.

URI: ocsf:RegKey

 classDiagram
    class RegKey
    click RegKey href "../RegKey/"
      Object <|-- RegKey
        click Object href "../Object/"

      RegKey : is_system

      RegKey : modified_time

      RegKey : path

      RegKey : security_descriptor

Inheritance

Slots

Name Cardinality and Range Description Inheritance
is_system 0..1
Boolean		 The indication of whether the object is part of the operating system direct
modified_time 0..1
TimestampT		 The time when the registry key was last modified direct
path 1
String		 The full path to the registry key direct
security_descriptor 0..1
String		 The security descriptor of the registry key direct

Usages

used by used in type used
WindowsEvidences reg_key range RegKey
WindowsQueryEvidence reg_key range RegKey
RegistryKeyActivity prev_reg_key range RegKey
RegistryKeyActivity reg_key range RegKey
RegistryKeyQuery reg_key range RegKey

In Subsets

Aliases

  • Registry Key

See Also

Notes

Identifier and Mapping Information

Annotations

property value
observable_id 28
ocsf_extension windows

Schema Source

Mappings

Mapping Type Mapped Value
self ocsf:RegKey
native ocsf:RegKey
exact stix:WindowsRegistryKey, uco_master:WindowsRegistryKey

LinkML Source

Direct

name: RegKey
annotations:
  observable_id:
    tag: observable_id
    value: 28
  ocsf_extension:
    tag: ocsf_extension
    value: windows
description: The registry key object describes a Windows registry key.
notes:
- 'D3FEND™ Ontology d3f:WindowsRegistryKey. 

  https://d3fend.mitre.org/dao/artifact/d3f:WindowsRegistryKey/'
in_subset:
- windows_extension_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:WindowsRegistryKey/
aliases:
- Registry Key
exact_mappings:
- stix:WindowsRegistryKey
- uco_master:WindowsRegistryKey
is_a: Object
slots:
- is_system
- modified_time
- path
- security_descriptor
slot_usage:
  modified_time:
    name: modified_time
    description: The time when the registry key was last modified.
  path:
    name: path
    description: The full path to the registry key.
    required: true
  security_descriptor:
    name: security_descriptor
    description: The security descriptor of the registry key.

Induced

name: RegKey
annotations:
  observable_id:
    tag: observable_id
    value: 28
  ocsf_extension:
    tag: ocsf_extension
    value: windows
description: The registry key object describes a Windows registry key.
notes:
- 'D3FEND™ Ontology d3f:WindowsRegistryKey. 

  https://d3fend.mitre.org/dao/artifact/d3f:WindowsRegistryKey/'
in_subset:
- windows_extension_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:WindowsRegistryKey/
aliases:
- Registry Key
exact_mappings:
- stix:WindowsRegistryKey
- uco_master:WindowsRegistryKey
is_a: Object
slot_usage:
  modified_time:
    name: modified_time
    description: The time when the registry key was last modified.
  path:
    name: path
    description: The full path to the registry key.
    required: true
  security_descriptor:
    name: security_descriptor
    description: The security descriptor of the registry key.
attributes:
  is_system:
    name: is_system
    description: The indication of whether the object is part of the operating system.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - System
    rank: 1000
    alias: is_system
    owner: RegKey
    domain_of:
    - File
    - Kernel
    - RegKey
    - RegValue
    range: boolean
  modified_time:
    name: modified_time
    description: The time when the registry key was last modified.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Modified Time
    rank: 1000
    alias: modified_time
    owner: RegKey
    domain_of:
    - Osint
    - RelatedEvent
    - Scim
    - Sso
    - Token
    - Resource
    - Advisory
    - Cve
    - Database
    - Databucket
    - File
    - FindingObject
    - FindingInfo
    - LdapPerson
    - Metadata
    - Table
    - Device
    - RegKey
    - RegValue
    range: TimestampT
  path:
    name: path
    description: The full path to the registry key.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Path
    rank: 1000
    alias: path
    owner: RegKey
    domain_of:
    - Url
    - AffectedPackage
    - File
    - HttpCookie
    - Image
    - Kernel
    - Malware
    - ProcessEntity
    - Product
    - RegKey
    - RegValue
    range: string
    required: true
  security_descriptor:
    name: security_descriptor
    description: The security descriptor of the registry key.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Security Descriptor
    rank: 1000
    alias: security_descriptor
    owner: RegKey
    domain_of:
    - File
    - RegKey
    range: string