Subset: windows_extension_subset
The Windows extension defines Windows specific attributes, objects, and
classes.
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Classes in subset
| Class | Description |
|---|---|
| PrefetchQuery | Prefetch Query events report information about Windows prefetch files |
| RegistryKeyActivity | Registry Key Activity events report when a process performs an action on a |
| RegistryKeyQuery | Registry Key Query events report information about discovered Windows registr... |
| RegistryValueActivity | Registry Value Activity events reports when a process performs an action on a |
| RegistryValueQuery | Registry Value Query events report information about discovered Windows |
| RegKey | The registry key object describes a Windows registry key |
| RegValue | The registry value object describes a Windows registry value |
| WindowsEvidences | Extends the evidences object to add Windows specific fields |
| WindowsProcess | Extends the process object to add Windows specific fields |
| WindowsQueryEvidence | The resulting evidence information that was queried |
| WindowsResourceActivity | Windows Resource Activity events report when a process accesses a Windows |
| WindowsServiceActivity | Windows Service Activity events report when a process interacts with the |
| WindowsStartupItem | The startup item object describes an application component that has associate... |
| WinResource | The Windows resource object describes a resource object managed by Windows, |
| WinService | The Windows Service object describes a Windows service |