Digital Signature

digital_signature

The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.

Contents

Attributes

Caption Name Type Is Array Default Description
Algorithm algorithm String The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.
Algorithm ID algorithm_id Integer The identifier of the normalized digital signature algorithm.
0
Unknown
1
DSA
2
RSA
3
ECDSA
4
Authenticode
99
Other
Certificate certificate Digital Certificate The certificate object containing information about the digital certificate.
Company Name company_name String The name of the company that published the file. For example: Microsoft Corporation.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Created Time created_time Timestamp The time when the digital signature was created.
Developer UID developer_uid String The developer ID on the certificate that signed the file.
Message Digest digest Fingerprint The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.
Fingerprints fingerprints Fingerprint An array of digital fingerprint objects.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Issuer Name issuer_name String The certificate issuer name.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Serial Number serial_number String The serial number of the digital signature.

Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0

Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Context

Digital Signature

JSON

            
{
  "caption": "Digital Signature",
  "name": "digital_signature",
  "description": "The Digital Signature object contains information about the cryptographic mechanism used to verify the authenticity, integrity, and origin of the file or application.",
  "extends": "object",
  "attributes": {
    "algorithm": {
      "description": "The digital signature algorithm used to create the signature, normalized to the caption of 'algorithm_id'. In the case of 'Other', it is defined by the event source.",
      "requirement": "optional",
      "caption": "Algorithm",
      "type": "string_t"
    },
    "algorithm_id": {
      "description": "The identifier of the normalized digital signature algorithm.",
      "enum": {
        "99": {
          "caption": "Other",
          "description": "The algorithm is not mapped. See the <code>algorithm</code> attribute, which contains a data source specific value."
        },
        "0": {
          "caption": "Unknown",
          "description": "The algorithm is unknown."
        },
        "1": {
          "caption": "DSA",
          "description": "Digital Signature Algorithm (DSA)."
        },
        "2": {
          "caption": "RSA",
          "description": "Rivest-Shamir-Adleman (RSA) Algorithm."
        },
        "3": {
          "caption": "ECDSA",
          "description": "Elliptic Curve Digital Signature Algorithm."
        },
        "4": {
          "caption": "Authenticode",
          "description": "Microsoft Authenticode Digital Signature Algorithm."
        }
      },
      "requirement": "required",
      "caption": "Algorithm ID",
      "sibling": "algorithm",
      "type": "integer_t"
    },
    "certificate": {
      "requirement": "recommended",
      "caption": "Certificate",
      "description": "The certificate object containing information about the digital certificate.",
      "type": "certificate"
    },
    "created_time": {
      "description": "The time when the digital signature was created.",
      "requirement": "optional",
      "caption": "Created Time",
      "type": "timestamp_t"
    },
    "developer_uid": {
      "requirement": "optional",
      "caption": "Developer UID",
      "description": "The developer ID on the certificate that signed the file.",
      "type": "string_t"
    },
    "digest": {
      "requirement": "optional",
      "caption": "Message Digest",
      "description": "The message digest attribute contains the fixed length message hash representation and the corresponding hashing algorithm information.",
      "type": "fingerprint"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    },
    "company_name": {
      "requirement": "required",
      "caption": "Company Name",
      "description": "The name of the company that published the file. For example: <code>Microsoft Corporation</code>.",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "serial_number": {
      "description": "The serial number of the digital signature.",
      "requirement": "optional",
      "caption": "Serial Number",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "issuer_name": {
      "requirement": "optional",
      "caption": "Issuer Name",
      "description": "The certificate issuer name.",
      "type": "string_t",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    },
    "fingerprints": {
      "requirement": "optional",
      "caption": "Fingerprints",
      "description": "An array of digital fingerprint objects.",
      "is_array": true,
      "type": "fingerprint",
      "@deprecated": {
        "since": "1.1.0",
        "message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
      }
    }
  }
}