Slot: process

The process object.

URI: ocsf:process Alias: process

Applicable Classes

Name	Description	Modifies Slot
QueryEvidence	The specific resulting evidence information that was queried or discovered	yes
StartupItem	The startup item object describes an application component that has associate...	yes
Evidences	A collection of evidence artifacts associated to the activity/activities that	yes
NetworkConnectionQuery	Network Connection Query events report information about active network	yes
ProcessQuery	Process Query events report information about running processes	yes
WindowsQueryEvidence	The resulting evidence information that was queried	no
WindowsEvidences	Extends the evidences object to add Windows specific fields	no
WindowsStartupItem	The startup item object describes an application component that has associate...	no
SecurityFinding	Security Finding events describe findings, detections, anomalies, alerts and/...	yes
Actor	The Actor object contains details about the user, role, application, service,	yes
MemoryActivity	Memory Activity events report when a process has memory allocated,	yes
ProcessActivity	Process Activity events report when a process launches, injects, opens or	yes
ProcessRemediationActivity	Process Remediation Activity events report on attempts at remediating	yes
ModuleQuery	Module Query events report information about loaded modules	yes

Properties

Type and Range

Property	Value
Range	Process
Domain Of	QueryEvidence, StartupItem, Actor, Evidences, ModuleQuery, NetworkConnectionQuery, ProcessQuery, SecurityFinding, ProcessRemediationActivity, MemoryActivity, ProcessActivity

Cardinality and Requirements

Property	Value

Aliases

• Process

Identifier and Mapping Information

Schema Source

• from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:process
native	ocsf:process

LinkML Source

name: process
description: The process object.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Process
rank: 1000
alias: process
domain_of:
- QueryEvidence
- StartupItem
- Actor
- Evidences
- ModuleQuery
- NetworkConnectionQuery
- ProcessQuery
- SecurityFinding
- ProcessRemediationActivity
- MemoryActivity
- ProcessActivity
range: Process