Kernel Extension
kernel_driver
The Kernel Extension object describes a kernel driver that has been loaded or unloaded into the operating system (OS) kernel. Defined by D3FEND d3f:KernelModule.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| File | file | File | The driver/extension file object. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Referenced By
Context
JSON
{
"caption": "Kernel Extension",
"name": "kernel_driver",
"description": "The Kernel Extension object describes a kernel driver that has been loaded or unloaded into the operating system (OS) kernel. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:KernelModule/'>d3f:KernelModule</a>.",
"extends": "object",
"attributes": {
"file": {
"description": "The driver/extension file object.",
"group": "primary",
"requirement": "required",
"caption": "File",
"type": "file"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
}
}