Operating System (OS)
os
The Operating System (OS) object describes characteristics of an OS, such as Linux or Windows. Defined by D3FEND d3f:OperatingSystem.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| OS Build | build | String | The operating system build number. | ||
| Country | country | String | The operating system country code, as defined by the ISO 3166-1 standard (Alpha-2 code). For the complete list of country codes, see ISO 3166-1 alpha-2 codes. | ||
| The product CPE identifier | cpe_name | String |
The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2.
|
||
| CPU Bits | cpu_bits | Integer |
The cpu architecture, the number of bits used for addressing in memory. For example: 32 or 64.
|
||
| OS Edition | edition | String |
The operating system edition. For example: Professional.
|
||
| Language | lang | String |
The two letter lower case language codes, as defined by ISO 639-1. For example: en (English), de (German), or fr (French).
|
||
| Name | name | String | The operating system name. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| OS Service Pack | sp_name | String | The name of the latest Service Pack. | ||
| OS Service Pack Version | sp_ver | Integer | The version number of the latest Service Pack. | ||
| Type | type | String | The type of the operating system. | ||
| Type ID | type_id | Integer | 0 |
The type identifier of the operating system.
|
|
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| Version | version | String | The version of the OS running on the device that originated the event. For example: "Windows 10", "OS X 10.7", or "iOS 9". |
References
Referenced By
Context
JSON
{
"caption": "Operating System (OS)",
"description": "The Operating System (OS) object describes characteristics of an OS, such as Linux or Windows. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:OperatingSystem/'>d3f:OperatingSystem</a>.",
"extends": "object",
"name": "os",
"attributes": {
"build": {
"requirement": "optional",
"caption": "OS Build",
"description": "The operating system build number.",
"type": "string_t"
},
"country": {
"description": "The operating system country code, as defined by the ISO 3166-1 standard (Alpha-2 code). For the complete list of country codes, see <a target='_blank' href='https://www.iso.org/obp/ui/#iso:pub:PUB500001:en'>ISO 3166-1 alpha-2 codes</a>.",
"requirement": "optional",
"observable": 14,
"caption": "Country",
"type": "string_t"
},
"cpe_name": {
"requirement": "optional",
"caption": "The product CPE identifier",
"description": "The Common Platform Enumeration (CPE) name as described by (<a target='_blank' href='https://nvd.nist.gov/products/cpe'>NIST</a>) For example: <code>cpe:/a:apple:safari:16.2</code>.",
"type": "string_t"
},
"cpu_bits": {
"requirement": "optional",
"caption": "CPU Bits",
"description": "The cpu architecture, the number of bits used for addressing in memory. For example: <code>32</code> or <code>64</code>.",
"type": "integer_t"
},
"edition": {
"requirement": "optional",
"caption": "OS Edition",
"description": "The operating system edition. For example: <code>Professional</code>.",
"type": "string_t"
},
"lang": {
"requirement": "optional",
"caption": "Language",
"description": "The two letter lower case language codes, as defined by <a target='_blank' href='https://en.wikipedia.org/wiki/ISO_639-1'>ISO 639-1</a>. For example: <code>en</code> (English), <code>de</code> (German), or <code>fr</code> (French).",
"type": "string_t"
},
"name": {
"description": "The operating system name.",
"requirement": "required",
"caption": "Name",
"type": "string_t"
},
"sp_name": {
"requirement": "optional",
"caption": "OS Service Pack",
"description": "The name of the latest Service Pack.",
"type": "string_t"
},
"sp_ver": {
"requirement": "optional",
"caption": "OS Service Pack Version",
"description": "The version number of the latest Service Pack.",
"type": "integer_t"
},
"type": {
"description": "The type of the operating system.",
"requirement": "optional",
"caption": "Type",
"type": "string_t"
},
"type_id": {
"description": "The type identifier of the operating system.",
"requirement": "required",
"enum": {
"100": {
"caption": "Windows"
},
"101": {
"caption": "Windows Mobile"
},
"200": {
"caption": "Linux"
},
"201": {
"caption": "Android"
},
"300": {
"caption": "macOS"
},
"301": {
"caption": "iOS"
},
"302": {
"caption": "iPadOS"
},
"400": {
"caption": "Solaris"
},
"401": {
"caption": "AIX"
},
"402": {
"caption": "HP-UX"
},
"0": {
"caption": "Unknown",
"description": "The type is unknown."
},
"99": {
"caption": "Other",
"description": "The type is not mapped. See the <code>type</code> attribute, which contains a data source specific value."
}
},
"caption": "Type ID",
"sibling": "type",
"type": "integer_t",
"default": 0
},
"version": {
"description": "The version of the OS running on the device that originated the event. For example: \"Windows 10\", \"OS X 10.7\", or \"iOS 9\".",
"requirement": "optional",
"caption": "Version",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
}
}