1007 - Process Activity
OCSF Reference
CIM Data Models: Endpoint.Processes
OCSF Version: 1.0.0
| CIM Field |
Mapping |
| process_id |
process.pid |
| action |
allowed |
| dest |
device.hostname |
| original_file_name |
process.file.name |
| os |
device.os |
| parent_process |
process.parent_process.cmdline |
| parent_process_guid |
process.parent_process.uid |
| parent_process_name |
process.parent_process.name |
| parent_process_path |
process.parent_process.file.path |
| process |
process.cmd_line |
| process_exec |
process.file.name |
| process_name |
process.name |
| process_path |
process.file.path |
| user |
process.user.name |
| user_id |
process.user.id |
| vendor_product |
metadata.product.name |
OCSF Version: 1.1.0
| CIM Field |
Mapping |
| process_id |
process.pid |
| action |
allowed |
| dest |
device.hostname |
| original_file_name |
process.file.name |
| os |
device.os |
| parent_process |
process.parent_process.cmdline |
| parent_process_guid |
process.parent_process.uid |
| parent_process_name |
process.parent_process.name |
| parent_process_path |
process.parent_process.file.path |
| process |
process.cmd_line |
| process_exec |
process.file.name |
| process_name |
process.name |
| process_path |
process.file.path |
| user |
process.user.name |
| user_id |
process.user.id |
| vendor_product |
metadata.product.name |
OCSF Version: 1.2.0
| CIM Field |
Mapping |
| process_id |
process.pid |
| action |
allowed |
| dest |
device.hostname |
| original_file_name |
process.file.name |
| os |
device.os |
| parent_process |
process.parent_process.cmdline |
| parent_process_guid |
process.parent_process.uid |
| parent_process_name |
process.parent_process.name |
| parent_process_path |
process.parent_process.file.path |
| process |
process.cmd_line |
| process_exec |
process.file.name |
| process_name |
process.name |
| process_path |
process.file.path |
| user |
process.user.name |
| user_id |
process.user.id |
| vendor_product |
metadata.product.name |
OCSF Version: 1.0.0*
| CIM Field |
Mapping |
| process_id |
process.pid |
| action |
allowed |
| dest |
device.hostname |
| original_file_name |
process.file.name |
| os |
device.os |
| parent_process |
process.parent_process.cmdline |
| parent_process_guid |
process.parent_process.uid |
| parent_process_name |
process.parent_process.name |
| parent_process_path |
process.parent_process.file.path |
| process |
process.cmd_line |
| process_exec |
process.file.name |
| process_name |
process.name |
| process_path |
process.file.path |
| user |
process.user.name |
| user_id |
process.user.id |
| vendor_product |
metadata.product.name |