-
Notifications
You must be signed in to change notification settings - Fork 16
/
process-tree-node.json
31 lines (31 loc) · 1.46 KB
/
process-tree-node.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"$schema": "http://json-schema.org/draft-04/schema#",
"definitions": {
"process-tree-node": {
"title": "ProcessTreeNode",
"type": "object",
"description": "Captures a single process, or node, in the process tree. It imports and extends the ProcessObjectType from the CybOX Process Object.",
"properties": {
"process_ref": {
"type": "string",
"description": "References the Process Object, contained in the Package, which represents the process and its relevant metadata. The Object referenced MUST be of STIX type process and MUST be specified in the observable_objects property of the Package."
},
"parent_action_ref": {
"type": "string",
"description": "Captures the ID of the Action that created or injected this process."
},
"ordinal_position": {
"type": "integer",
"minimum": 0,
"description": "Captures the ordinal position of the process with respect to the other processes spawned or injected by the malware. This value MUST be a non-negative integer. For specifying the root process of the process tree, a value of 0 MUST be used."
},
"initiated_action_refs": {
"type": "array",
"items": {"type": "string"},
"description": "Captures the IDs of the Actions initiated by the process."
}
},
"required": ["process_ref"]
}
}
}