Class: EventRecordFacet
"An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events)."
URI: observable:EventRecordFacet
classDiagram
class EventRecordFacet
Facet <|-- EventRecordFacet
EventRecordFacet : account
EventRecordFacet ..> ObservableObject : account
EventRecordFacet : application
EventRecordFacet ..> ObservableObject : application
EventRecordFacet : cyberAction
EventRecordFacet ..> ObservableAction : cyberAction
EventRecordFacet : endTime
EventRecordFacet ..> datetime : endTime
EventRecordFacet : eventID
EventRecordFacet ..> string : eventID
EventRecordFacet : eventRecordDevice
EventRecordFacet ..> ObservableObject : eventRecordDevice
EventRecordFacet : eventRecordID
EventRecordFacet ..> string : eventRecordID
EventRecordFacet : eventRecordRaw
EventRecordFacet ..> string : eventRecordRaw
EventRecordFacet : eventRecordServiceName
EventRecordFacet ..> string : eventRecordServiceName
EventRecordFacet : eventRecordText
EventRecordFacet ..> string : eventRecordText
EventRecordFacet : eventType
EventRecordFacet ..> string : eventType
EventRecordFacet : observableCreatedTime
EventRecordFacet ..> datetime : observableCreatedTime
EventRecordFacet : startTime
EventRecordFacet ..> datetime : startTime
Inheritance
- UcoThing
- UcoInherentCharacterizationThing
- Facet
- EventRecordFacet
- Facet
- UcoInherentCharacterizationThing
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| cyberAction | 0..1 ObservableAction |
"The action taken in response to the event | direct |
| account | 0..1 ObservableObject |
"Specifies the account referenced in an event log entry or used to run the sc... | direct |
| application | 0..1 ObservableObject |
"The application associated with this object | direct |
| eventRecordDevice | 0..1 ObservableObject |
"The device on which the log entry was generated | direct |
| observableCreatedTime | 0..1 xsd:dateTime |
"The date and time at which the observable object being characterized was cre... | direct |
| endTime | 0..1 xsd:dateTime |
The ending time of a time range | direct |
| startTime | 0..1 xsd:dateTime |
The initial time of a time range | direct |
| eventID | 0..1 xsd:string |
direct | |
| eventRecordID | 0..1 xsd:string |
"The identifier of the event record | direct |
| eventRecordRaw | 0..1 xsd:string |
"The complete raw content of the event record | direct |
| eventRecordServiceName | 0..1 xsd:string |
"The service that generated the event record | direct |
| eventRecordText | 0..1 xsd:string |
"The textual representation of the event | direct |
| eventType | 0..1 xsd:string |
"The type of the event, for example 'information', 'warning' or 'error' | direct |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/uco-observable
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | observable:EventRecordFacet |
| native | observable:EventRecordFacet |
LinkML Source
Direct
name: EventRecordFacet
description: '"An event record facet is a grouping of characteristics unique to something
that happens in a digital context (e.g., operating system events)."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slots:
- cyberAction
- account
- application
- eventRecordDevice
- observableCreatedTime
- endTime
- startTime
- eventID
- eventRecordID
- eventRecordRaw
- eventRecordServiceName
- eventRecordText
- eventType
Induced
name: EventRecordFacet
description: '"An event record facet is a grouping of characteristics unique to something
that happens in a digital context (e.g., operating system events)."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
attributes:
cyberAction:
name: cyberAction
description: '"The action taken in response to the event."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: cyberAction
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: ObservableAction
account:
name: account
description: '"Specifies the account referenced in an event log entry or used
to run the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381228(v=vs.85).aspx."'
from_schema: https://w3id.org/lmodel/uco-observable
exact_mappings:
- sumo:Account
rank: 1000
alias: account
owner: EventRecordFacet
domain_of:
- EventRecordFacet
- WindowsTaskFacet
range: ObservableObject
application:
name: application
description: '"The application associated with this object."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: application
owner: EventRecordFacet
domain_of:
- ApplicationAccountFacet
- BrowserBookmarkFacet
- BrowserCookieFacet
- CalendarEntryFacet
- CalendarFacet
- CallFacet
- EmailMessageFacet
- EventRecordFacet
- GeoLocationEntryFacet
- GeoLocationLogFacet
- GeoLocationTrackFacet
- MessageFacet
- NoteFacet
- WindowsTaskFacet
range: ObservableObject
eventRecordDevice:
name: eventRecordDevice
description: '"The device on which the log entry was generated."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventRecordDevice
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: ObservableObject
observableCreatedTime:
name: observableCreatedTime
description: '"The date and time at which the observable object being characterized
was created. This time pertains to an intrinsic characteristic of the observable
object, and would be consistent across independent characterizations or observations
of the observable object."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: observableCreatedTime
owner: EventRecordFacet
domain_of:
- AccountFacet
- BrowserBookmarkFacet
- BrowserCookieFacet
- CalendarEntryFacet
- DiskPartitionFacet
- EventRecordFacet
- FileFacet
- GeoLocationEntryFacet
- GeoLocationLogFacet
- NoteFacet
- ProcessFacet
- WindowsTaskFacet
range: datetime
endTime:
name: endTime
description: The ending time of a time range.
from_schema: https://w3id.org/lmodel/uco-core
exact_mappings:
- NCIT:C82573
- SIO:000670
- sumo:TimePoint
- wikidata:Q24575125
broad_mappings:
- sumo:TimePoint
alias: endTime
owner: EventRecordFacet
domain_of:
- CalendarEntryFacet
- CallFacet
- CapturedTelecommunicationsInformationFacet
- EventRecordFacet
- GeoLocationTrackFacet
- NetworkConnectionFacet
- Relationship
- Action
- ActionLifecycle
range: datetime
startTime:
name: startTime
description: The initial time of a time range.
from_schema: https://w3id.org/lmodel/uco-core
broad_mappings:
- sumo:TimePoint
alias: startTime
owner: EventRecordFacet
domain_of:
- CalendarEntryFacet
- CallFacet
- CapturedTelecommunicationsInformationFacet
- EventRecordFacet
- GeoLocationTrackFacet
- NetworkConnectionFacet
- Relationship
- Action
- ActionLifecycle
range: datetime
eventID:
name: eventID
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventID
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: string
eventRecordID:
name: eventRecordID
description: '"The identifier of the event record."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventRecordID
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: string
eventRecordRaw:
name: eventRecordRaw
description: '"The complete raw content of the event record."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventRecordRaw
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: string
eventRecordServiceName:
name: eventRecordServiceName
description: '"The service that generated the event record. A single application
can have multiple services generating event records."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventRecordServiceName
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: string
eventRecordText:
name: eventRecordText
description: '"The textual representation of the event."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventRecordText
owner: EventRecordFacet
domain_of:
- EventRecordFacet
range: string
eventType:
name: eventType
description: '"The type of the event, for example ''information'', ''warning''
or ''error''."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: eventType
owner: EventRecordFacet
domain_of:
- CalendarEntryFacet
- EventRecordFacet
range: string