DCE/RPC
dce_rpc
The DCE/RPC, or Distributed Computing Environment/Remote Procedure Call, object describes the remote procedure call system for distributed computing environments. Defined by D3FEND d3f:RemoteProcedureCall.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Command | command | String | The request command (e.g. REQUEST, BIND). | ||
| Command Response | command_response | String | The reply to the request command (e.g. RESPONSE, BINDACK or FAULT). | ||
| Flags | flags | String | The list of interface flags. | ||
| Network Interfaces | network_interfaces | Network Interface |
The list of DCE/RPC interfaces
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Opnum | opnum | Integer | An operation number used to identify a specific remote procedure call (RPC) method or a method in an interface. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Remote Procedure Call Interface | rpc_interface | RPC Interface | The RPC Interface object describes the details pertaining to the remote procedure call interface. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Referenced By
Context
JSON
{
"caption": "DCE/RPC",
"name": "dce_rpc",
"description": "The DCE/RPC, or Distributed Computing Environment/Remote Procedure Call, object describes the remote procedure call system for distributed computing environments. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:RemoteProcedureCall/'>d3f:RemoteProcedureCall</a>.",
"extends": "object",
"attributes": {
"command": {
"description": "The request command (e.g. REQUEST, BIND).",
"requirement": "recommended",
"caption": "Command",
"type": "string_t"
},
"command_response": {
"description": "The reply to the request command (e.g. RESPONSE, BINDACK or FAULT).",
"requirement": "recommended",
"caption": "Command Response",
"type": "string_t"
},
"flags": {
"description": "The list of interface flags.",
"requirement": "required",
"caption": "Flags",
"type": "string_t",
"is_array": true
},
"rpc_interface": {
"requirement": "required",
"caption": "Remote Procedure Call Interface",
"description": "The RPC Interface object describes the details pertaining to the remote procedure call interface.",
"type": "rpc_interface"
},
"opnum": {
"requirement": "recommended",
"caption": "Opnum",
"description": "An operation number used to identify a specific remote procedure call (RPC) method or a method in an interface.",
"type": "integer_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"network_interfaces": {
"description": "The list of DCE/RPC interfaces",
"requirement": "required",
"caption": "Network Interfaces",
"is_array": true,
"type": "network_interface",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
}
}
}