• Home
• org.mitre
• stix
• 1.2.0.2
• source code
• Process_Object.xsd

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

schemas.v1.2.0.cybox.objects.Process_Object.xsd Maven / Gradle / Ivy

	
		This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
		
			Process_Object
			2.1
			01/22/2014			
			The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. 
			Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.
		
	
	
	
	
	
		
			The Process object is intended to characterize system processes.
		
	
	
		
			The ProcessObjectType type is intended to characterize system processes.
		
		
			
				
					
						
							The PID field specifies the Process ID, or PID, of the process.
						
					
					
						
							The Name field specifies the name of the process.
						
					
					
						
							The Creation_Time field specifies the local date/time at which the process was created.
						
					
					
						
							The Parent_PID field specifies the process ID (PID) of the parent process (i.e. the process that spawned this one), if applicable.
							NOTE: this field will be deprecated in the next major version of this object, at which point the parent process of this process should be specified using a Related_Object with the "Child_Of" Relationship value.
						
					
					
						
							The Child_PID_List field specifies any children spawned by the process being characterized, by way of a list of PIDs.
							NOTE: this field will be deprecated in the next major version of this object, at which point child processes of this process should be specified using a Related_Object with the "Parent_Of" Relationship value.
						
					
					
						
							The Image_Info field specifies information about the image associated with the process, such as its file name and path.
						
					
					
						
							The Argument_List field is optional and specifies a list of arguments utilized in initiating the process.
						
					
					
						
							The Environment_Variable_List field specifies any environment variables associated with the process. This field imports and uses the EnvironmentVariableListType from the CybOX Common Types.
						
					
					
						
							The Kernel_Time field specifies the duration of time that the process has executed in kernel mode.
						
					
					
						
							The Port_List field is optional and specifies a list of ports owned by the process.
						
					
					
						
							The Network_Connection_List field specifies information about any network connections opened or initiated by the process.
						
					
					
						
							The Start_Time field specifies the local date/time at which the process was started.
						
					
					
						
							The Status field specifies the current status of the process. Since this is an operating system specific Object property, this is defined here as an abstract type which is then used as a base type in any OS-specific extensions.
						
					
					
						
							The Username field specifies the name of the user that created the process.
						
					
					
						
							The User_Time field specifies the duration of time that the process has executed in user mode.
						
					
					
						
							A description of features extracted from the memory image of this process.
						
					
				
				
					
						The is_hidden field specifies whether the process is hidden or not.
					
				
			
		
	
	
		
			The NetworkConnectionListType type is a list of network connections.
		
		
			
				
					The Network_Connection field specifies information about a single network connection opened or initiated by the process.
				
			
		
	
	
		
			The ImageInfoType type captures information about the process image.
		
		
			
				
					The File_Name field specifies the name of the binary file which represents the process image.
				
			
			
				
					The Command_Line field specifies the complete command used to execute the process image.
				
			
			
				
					The Current_Directory field specifies the current directory of the process image.
				
			
			
				
					The Path field specifies the fully qualified path to the image file, including the file name.
				
			
		
	
	
		
			The ProcessStatusType is used for specifying the status of a running or terminated process. Since this property is platform-specific, it is created here as an abstract type and then used in the platform-specific process CybOX objects.
		
	
	
		
			The ChildPIDListType type captures the PID's of the children of the process in a list format.
		
		
			
				
					The Child_PID field specifies the process ID of a single child process.
				
			
		
	
	
		
			The ArgumentListType is intended to specify a list of arguments utilized in initiating the process.
		
		
			
				
					The Argument field is optional and specifies a single argument utilized in initiating the process.
				
			
		
	
	
		
			The PortListType is intended to specify a list of network ports.
		
		
			
				
					The Port field is optional and specifies a single network port.