Slot: query_info
The query info object holds information related to data access within a
datastore. To access, manipulate, delete, or retrieve data from a datastore, a
database query must be written using a specific syntax.
URI: ocsf:query_info Alias: query_info
Applicable Classes
| Name | Description | Modifies Slot |
|---|---|---|
| DiscoveryResult | Discovery Result events report the results of a discovery request | yes |
| KernelObjectQuery | Kernel Object Query events report information about discovered kernel | no |
| ProcessQuery | Process Query events report information about running processes | no |
| DatastoreActivity | Datastore events describe general activities (Read, Update, Query, Delete, | yes |
| NetworksQuery | Networks Query events report information about network adapters | no |
| ModuleQuery | Module Query events report information about loaded modules | no |
| UserQuery | User Query events report user data that have been discovered, queried, polled | no |
| RegistryKeyQuery | Registry Key Query events report information about discovered Windows registr... | no |
| AdminGroupQuery | Admin Group Query events report information about administrative groups | no |
| ServiceQuery | Service Query events report information about running services | no |
| SessionQuery | User Session Query events report information about existing user sessions | no |
| PeripheralDeviceQuery | Peripheral Device Query events report information about peripheral devices | no |
| StartupItemQuery | Startup Item Query events report information about discovered items, e | no |
| FolderQuery | Folder Query events report information about folders that are present on the | no |
| NetworkConnectionQuery | Network Connection Query events report information about active network | no |
| RegistryValueQuery | Registry Value Query events report information about discovered Windows | no |
| JobQuery | Job Query events report information about scheduled jobs | no |
| EvidenceInfo | Data collected directly from devices that represents forensic information | no |
| PrefetchQuery | Prefetch Query events report information about Windows prefetch files | no |
| FileQuery | File Query events report information about files that are present on the | no |
Properties
Type and Range
| Property | Value |
|---|---|
| Range | QueryInfo |
| Domain Of | DatastoreActivity, DiscoveryResult |
Cardinality and Requirements
| Property | Value |
|---|---|
Aliases
- Query Info
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:query_info |
| native | ocsf:query_info |
LinkML Source
name: query_info
description: 'The query info object holds information related to data access within
a
datastore. To access, manipulate, delete, or retrieve data from a datastore, a
database query must be written using a specific syntax.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Query Info
rank: 1000
alias: query_info
domain_of:
- DatastoreActivity
- DiscoveryResult
range: QueryInfo