Slot: query_result_id
The normalized identifier of the query result.
URI: ocsf:query_result_id
Alias: query_result_id
Applicable Classes
| Name |
Description |
Modifies Slot |
| DiscoveryResult |
Discovery Result events report the results of a discovery request |
yes |
| KernelObjectQuery |
Kernel Object Query events report information about discovered kernel |
no |
| ProcessQuery |
Process Query events report information about running processes |
no |
| NetworksQuery |
Networks Query events report information about network adapters |
no |
| ModuleQuery |
Module Query events report information about loaded modules |
no |
| UserQuery |
User Query events report user data that have been discovered, queried, polled |
no |
| RegistryKeyQuery |
Registry Key Query events report information about discovered Windows registr... |
no |
| AdminGroupQuery |
Admin Group Query events report information about administrative groups |
no |
| ServiceQuery |
Service Query events report information about running services |
no |
| SessionQuery |
User Session Query events report information about existing user sessions |
no |
| PeripheralDeviceQuery |
Peripheral Device Query events report information about peripheral devices |
no |
| StartupItemQuery |
Startup Item Query events report information about discovered items, e |
no |
| FolderQuery |
Folder Query events report information about folders that are present on the |
no |
| NetworkConnectionQuery |
Network Connection Query events report information about active network |
no |
| RegistryValueQuery |
Registry Value Query events report information about discovered Windows |
no |
| JobQuery |
Job Query events report information about scheduled jobs |
no |
| EvidenceInfo |
Data collected directly from devices that represents forensic information |
no |
| PrefetchQuery |
Prefetch Query events report information about Windows prefetch files |
no |
| FileQuery |
File Query events report information about files that are present on the |
no |
Properties
Type and Range
Cardinality and Requirements
Aliases
Annotations
| property |
value |
| sibling |
query_result |
Schema Source
Mappings
| Mapping Type |
Mapped Value |
| self |
ocsf:query_result_id |
| native |
ocsf:query_result_id |
LinkML Source
name: query_result_id
annotations:
sibling:
tag: sibling
value: query_result
description: The normalized identifier of the query result.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Query Result ID
rank: 1000
alias: query_result_id
domain_of:
- DiscoveryResult
range: QueryResultIdEnum