OS Actor

Description

The OS actor is the parent process that creates an OS process on behalf of a different initiator.

Actor Fields

This actor uses:
os_actor
. It has the following fields:
Field Name
(Datatype)
Description
os_​actor_​primary_​user_​sid
(STRING)
None Available
os_​actor_​primary_​username
(STRING)
None Available
os_​actor_​process_​auth_​id
(STRING)
None Available
os_​actor_​process_​command_​line
(STRING)
None Available
os_​actor_​process_​device_​info
(record)
Info about the device (volume + HW) from which this process started - these fields represent HW info and will be populated only for USB devices
os_​actor_​process_​file_​create_​time
(INTEGER)
None Available
os_​actor_​process_​file_​mod_​time
(INTEGER)
None Available
os_​actor_​process_​file_​size
(INTEGER)
None Available
os_​actor_​process_​image_​extension
(STRING)
None Available
os_​actor_​process_​image_​md5
(STRING)
None Available
os_​actor_​process_​image_​name
(STRING)
None Available
os_​actor_​process_​image_​path
(STRING)
None Available
os_​actor_​process_​image_​sha256
(STRING)
None Available
os_​actor_​process_​logon_​id
(STRING)
None Available
os_​actor_​process_​os_​pid
(INTEGER)
None Available
os_​actor_​process_​session_​id
(INTEGER)
None Available
os_​actor_​process_​signature_​is_​embedded
(BOOLEAN)
None Available
os_​actor_​process_​signature_​product
(STRING)
None Available
os_​actor_​process_​signature_​vendor
(STRING)
None Available
os_​actor_​remote_​host
(STRING)
None Available
os_​actor_​remote_​ip
(STRING)
None Available
os_​actor_​remote_​port
(INTEGER)
None Available

Recommended For You