ocsf_schema_rs

Struct ProcessActivity

Source 
pub struct ProcessActivity {
Show 49 fields
    pub action: Option<String>,
    pub action_id: ProcessActivityActionId,
    pub activity_id: ProcessActivityActivityId,
    pub activity_name: Option<String>,
    pub actor: Actor,
    pub actual_permissions: Option<i64>,
    pub api: Option<Api>,
    pub attacks: Vec<Attack>,
    pub authorizations: Vec<Authorization>,
    pub category_name: Option<String>,
    pub category_uid: i64,
    pub class_name: Option<String>,
    pub class_uid: i64,
    pub cloud: Cloud,
    pub count: Option<i64>,
    pub device: Device,
    pub disposition: Option<String>,
    pub disposition_id: Option<ProcessActivityDispositionId>,
    pub duration: Option<i64>,
    pub end_time: Option<i64>,
    pub end_time_dt: Option<String>,
    pub enrichments: Vec<Enrichment>,
    pub exit_code: Option<i64>,
    pub firewall_rule: Option<FirewallRule>,
    pub injection_type: Option<String>,
    pub injection_type_id: Option<ProcessActivityInjectionTypeId>,
    pub malware: Vec<Malware>,
    pub message: Option<String>,
    pub metadata: Metadata,
    pub module: Option<Module>,
    pub observables: Vec<Observable>,
    pub osint: Vec<Osint>,
    pub process: Process,
    pub raw_data: Option<String>,
    pub requested_permissions: Option<i64>,
    pub severity: Option<String>,
    pub severity_id: ProcessActivitySeverityId,
    pub start_time: Option<i64>,
    pub start_time_dt: Option<String>,
    pub status: Option<String>,
    pub status_code: Option<String>,
    pub status_detail: Option<String>,
    pub status_id: Option<ProcessActivityStatusId>,
    pub time: i64,
    pub time_dt: Option<String>,
    pub timezone_offset: Option<i64>,
    pub type_name: Option<String>,
    pub type_uid: i64,
    pub unmapped: Option<Object>,

}
Expand description

ProcessActivity

JSON schema 
{
 "$id": "https://schema.ocsf.io/schema/classes/process_activity",
 "type": "object",
 "required": [
   "action_id",
   "activity_id",
   "actor",
   "category_uid",
   "class_uid",
   "cloud",
   "device",
   "metadata",
   "osint",
   "process",
   "severity_id",
   "time",
   "type_uid"
 ],
 "properties": {
   "action": {
     "type": "string"
   },
   "action_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "activity_id": {
     "type": "integer",
     "enum": [
       3,
       0,
       1,
       2,
       99,
       4,
       5
     ]
   },
   "activity_name": {
     "type": "string"
   },
   "actor": {
     "$ref": "#/$defs/actor"
   },
   "actual_permissions": {
     "type": "integer"
   },
   "api": {
     "$ref": "#/$defs/api"
   },
   "attacks": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/attack"
     }
   },
   "authorizations": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/authorization"
     }
   },
   "category_name": {
     "type": "string"
   },
   "category_uid": {
     "type": "integer",
     "const": 1
   },
   "class_name": {
     "type": "string"
   },
   "class_uid": {
     "type": "integer",
     "const": 1007
   },
   "cloud": {
     "$ref": "#/$defs/cloud"
   },
   "count": {
     "type": "integer"
   },
   "device": {
     "$ref": "#/$defs/device"
   },
   "disposition": {
     "type": "string"
   },
   "disposition_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5,
       7,
       8,
       9,
       10,
       11,
       14,
       15,
       16,
       17,
       18,
       20,
       21,
       22,
       23,
       24,
       25,
       26,
       27,
       12,
       13,
       19
     ]
   },
   "duration": {
     "type": "integer"
   },
   "end_time": {
     "type": "integer"
   },
   "end_time_dt": {
     "type": "string"
   },
   "enrichments": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/enrichment"
     }
   },
   "exit_code": {
     "type": "integer"
   },
   "firewall_rule": {
     "$ref": "#/$defs/firewall_rule"
   },
   "injection_type": {
     "type": "string"
   },
   "injection_type_id": {
     "type": "integer",
     "enum": [
       3,
       0,
       1,
       2,
       99
     ]
   },
   "malware": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/malware"
     }
   },
   "message": {
     "type": "string"
   },
   "metadata": {
     "$ref": "#/$defs/metadata"
   },
   "module": {
     "$ref": "#/$defs/module"
   },
   "observables": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/observable"
     }
   },
   "osint": {
     "type": "array",
     "items": {
       "$ref": "#/$defs/osint"
     }
   },
   "process": {
     "$ref": "#/$defs/process"
   },
   "raw_data": {
     "type": "string"
   },
   "requested_permissions": {
     "type": "integer"
   },
   "severity": {
     "type": "string"
   },
   "severity_id": {
     "type": "integer",
     "enum": [
       3,
       6,
       0,
       1,
       2,
       99,
       4,
       5
     ]
   },
   "start_time": {
     "type": "integer"
   },
   "start_time_dt": {
     "type": "string"
   },
   "status": {
     "type": "string"
   },
   "status_code": {
     "type": "string"
   },
   "status_detail": {
     "type": "string"
   },
   "status_id": {
     "type": "integer",
     "enum": [
       0,
       1,
       2,
       99
     ]
   },
   "time": {
     "type": "integer"
   },
   "time_dt": {
     "type": "string"
   },
   "timezone_offset": {
     "type": "integer"
   },
   "type_name": {
     "type": "string"
   },
   "type_uid": {
     "type": "integer"
   },
   "unmapped": {
     "$ref": "#/$defs/object"
   }
 },
 "$schema": "http://json-schema.org/draft-07/schema#"
}

Fields§

§action: Option<String>§action_id: ProcessActivityActionId§activity_id: ProcessActivityActivityId§activity_name: Option<String>§actor: Actor§actual_permissions: Option<i64>§api: Option<Api>§attacks: Vec<Attack>§authorizations: Vec<Authorization>§category_name: Option<String>§category_uid: i64§class_name: Option<String>§class_uid: i64§cloud: Cloud§count: Option<i64>§device: Device§disposition: Option<String>§disposition_id: Option<ProcessActivityDispositionId>§duration: Option<i64>§end_time: Option<i64>§end_time_dt: Option<String>§enrichments: Vec<Enrichment>§exit_code: Option<i64>§firewall_rule: Option<FirewallRule>§injection_type: Option<String>§injection_type_id: Option<ProcessActivityInjectionTypeId>§malware: Vec<Malware>§message: Option<String>§metadata: Metadata§module: Option<Module>§observables: Vec<Observable>§osint: Vec<Osint>§process: Process§raw_data: Option<String>§requested_permissions: Option<i64>§severity: Option<String>§severity_id: ProcessActivitySeverityId§start_time: Option<i64>§start_time_dt: Option<String>§status: Option<String>§status_code: Option<String>§status_detail: Option<String>§status_id: Option<ProcessActivityStatusId>§time: i64§time_dt: Option<String>§timezone_offset: Option<i64>§type_name: Option<String>§type_uid: i64§unmapped: Option<Object>

Implementations§

Trait Implementations§

Source§

impl Clone for ProcessActivity

Source§

fn clone(&self) -> ProcessActivity

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ProcessActivity

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ProcessActivity

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl From<&ProcessActivity> for ProcessActivity

Source§

fn from(value: &ProcessActivity) -> Self

Converts to this type from the input type.
Source§

impl From<ProcessActivity> for ProcessActivity

Source§

fn from(value: ProcessActivity) -> Self

Converts to this type from the input type.
Source§

impl Serialize for ProcessActivity

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl TryFrom<ProcessActivity> for ProcessActivity

Source§

type Error = ConversionError

The type returned in the event of a conversion error.
Source§

fn try_from(value: ProcessActivity) -> Result<Self, ConversionError>

Performs the conversion.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,