Class: WindowsThreadFacet
"A Windows thread facet is a grouping os characteristics unique to a single thread of execution within a Windows process."
URI: observable:WindowsThreadFacet
classDiagram
class WindowsThreadFacet
Facet <|-- WindowsThreadFacet
WindowsThreadFacet : context
WindowsThreadFacet ..> string : context
WindowsThreadFacet : creationFlags
WindowsThreadFacet : creationTime
WindowsThreadFacet ..> datetime : creationTime
WindowsThreadFacet : parameterAddress
WindowsThreadFacet ..> hex binary type : parameterAddress
WindowsThreadFacet : priority
WindowsThreadFacet ..> string : priority
WindowsThreadFacet : runningStatus
WindowsThreadFacet ..> string : runningStatus
WindowsThreadFacet : securityAttributes
WindowsThreadFacet ..> string : securityAttributes
WindowsThreadFacet : stackSize
WindowsThreadFacet ..> non negative integer type : stackSize
WindowsThreadFacet : startAddress
WindowsThreadFacet ..> hex binary type : startAddress
WindowsThreadFacet : threadID
WindowsThreadFacet ..> non negative integer type : threadID
Inheritance
- UcoThing
- UcoInherentCharacterizationThing
- Facet
- WindowsThreadFacet
- Facet
- UcoInherentCharacterizationThing
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| creationTime | 0..1 xsd:dateTime |
direct | |
| parameterAddress | 0..1 HexBinaryType |
direct | |
| startAddress | 0..1 HexBinaryType |
direct | |
| priority | 0..1 xsd:string |
"The priority of the email | direct |
| stackSize | 0..1 NonNegativeIntegerType |
direct | |
| threadID | 0..1 NonNegativeIntegerType |
direct | |
| context | 0..1 xsd:string |
A description of particular contextual affinity | direct |
| runningStatus | 0..1 xsd:string |
direct | |
| securityAttributes | 0..1 xsd:string |
direct | |
| creationFlags | 0..1 UnsignedIntegerType |
direct |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/uco-observable
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | observable:WindowsThreadFacet |
| native | observable:WindowsThreadFacet |
LinkML Source
Direct
name: WindowsThreadFacet
description: '"A Windows thread facet is a grouping os characteristics unique to a
single thread of execution within a Windows process."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slots:
- creationTime
- parameterAddress
- startAddress
- priority
- stackSize
- threadID
- context
- runningStatus
- securityAttributes
- creationFlags
slot_usage:
parameterAddress:
name: parameterAddress
multivalued: true
domain_of:
- WindowsThreadFacet
startAddress:
name: startAddress
multivalued: true
domain_of:
- WindowsThreadFacet
stackSize:
name: stackSize
multivalued: true
domain_of:
- WindowsThreadFacet
threadID:
name: threadID
multivalued: true
domain_of:
- WindowsThreadFacet
creationFlags:
name: creationFlags
multivalued: true
domain_of:
- WindowsThreadFacet
Induced
name: WindowsThreadFacet
description: '"A Windows thread facet is a grouping os characteristics unique to a
single thread of execution within a Windows process."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slot_usage:
parameterAddress:
name: parameterAddress
multivalued: true
domain_of:
- WindowsThreadFacet
startAddress:
name: startAddress
multivalued: true
domain_of:
- WindowsThreadFacet
stackSize:
name: stackSize
multivalued: true
domain_of:
- WindowsThreadFacet
threadID:
name: threadID
multivalued: true
domain_of:
- WindowsThreadFacet
creationFlags:
name: creationFlags
multivalued: true
domain_of:
- WindowsThreadFacet
attributes:
creationTime:
name: creationTime
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: creationTime
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: datetime
parameterAddress:
name: parameterAddress
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: parameterAddress
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: hex binary type
startAddress:
name: startAddress
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: startAddress
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: hex binary type
priority:
name: priority
description: '"The priority of the email."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: priority
owner: WindowsThreadFacet
domain_of:
- EmailMessageFacet
- WindowsProcessFacet
- WindowsTaskFacet
- WindowsThreadFacet
union_of:
- '{''range'': ''TaskPriorityVocab''}'
- '{''range'': ''integer''}'
- '{''range'': ''string type''}'
range: string
stackSize:
name: stackSize
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: stackSize
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: non negative integer type
threadID:
name: threadID
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: threadID
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: non negative integer type
context:
name: context
description: A description of particular contextual affinity.
from_schema: https://w3id.org/lmodel/uco-core
exact_mappings:
- NCIT:C63325
- wikidata:Q813912
related_mappings:
- wikidata:Q2141565
narrow_mappings:
- wikidata:Q196626
alias: context
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
- Grouping
range: string
runningStatus:
name: runningStatus
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: runningStatus
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: string
securityAttributes:
name: securityAttributes
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
alias: securityAttributes
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: string
creationFlags:
name: creationFlags
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: creationFlags
owner: WindowsThreadFacet
domain_of:
- WindowsThreadFacet
range: unsigned integer type