splunk_cim/data_models/endpoint/registry.rs
1use serde::{Serialize, Deserialize};
2
3/// https://docs.splunk.com/Documentation/CIM/4.14.0/User/Endpoint#Registry
4#[derive(Serialize, Deserialize, Clone, Debug)]
5pub struct Registry {
6 /// The action performed on the resource. Expected values: created, deleted, modified, read
7 action: String,
8 /// The endpoint pertaining to the registry events.
9 dest: String,
10 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
11 dest_bunit: String,
12 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
13 dest_category: String,
14 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
15 dest_priority: String,
16 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
17 dest_requires_av: bool,
18 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
19 dest_should_timesync: bool,
20 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
21 dest_should_update: bool,
22 /// The globally unique identifier of the process assigned by the vendor_product.
23 process_guid: String,
24 /// The numeric identifier of the process assigned by the operating system.
25 process_id: String,
26 /// The logical grouping of registry keys, subkeys, and values. HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE\\SAM, HKEY_LOCAL_MACHINE\\Security, HKEY_LOCAL_MACHINE\\Software, HKEY_LOCAL_MACHINE\\System, HKEY_USERS\\.DEFAULT
27 registry_hive: String,
28 /// The path to the registry value, such as \win\directory\directory2\{676235CD-B656-42D5-B737-49856E97D072}\PrinterDriverData.
29 registry_path: String,
30 /// The name of the registry key, such as PrinterDriverData.
31 registry_key_name: String,
32 /// The unaltered registry value.
33 registry_value_data: String,
34 /// The name of the registry value.
35 registry_value_name: String,
36 /// The textual representation of registry_value_data (if applicable).
37 registry_value_text: String,
38 /// The type of the registry value. Expected values: REG_BINARY, REG_DWORD, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, REG_MULTI_SZ, REG_NONE, REG_QWORD, REG_QWORD_LITTLE_ENDIAN, REG_SZ
39 registry_value_type: String,
40 /// The outcome of the registry action. failure, success
41 status: String,
42 /// This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
43 tag: String,
44 /// The user account associated with the registry access.
45 user: String,
46 /// This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
47 user_bunit: String,
48 /// This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
49 user_category: String,
50 /// This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
51 user_priority: String,
52 /// The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data.
53 vendor_product: String,
54}