The ProcessObjectType type is intended to characterize system processes.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
The is_hidden field specifies whether the process is hidden or not.
The PID field specifies the Process ID, or PID, of the process.
The Name field specifies the name of the process.
The Creation_Time field specifies the local date/time at which the process was created.
The Parent_PID field specifies the process ID (PID) of the parent process (i.e. the process that spawned this one), if applicable.
NOTE: this field will be deprecated in the next major version of this object, at which point the parent process of this process should be specified using a Related_Object with the "Child_Of" Relationship value.
The Child_PID_List field specifies any children spawned by the process being characterized, by way of a list of PIDs.
NOTE: this field will be deprecated in the next major version of this object, at which point child processes of this process should be specified using a Related_Object with the "Parent_Of" Relationship value.
The Image_Info field specifies information about the image associated with the process, such as its file name and path.
The Argument_List field is optional and specifies a list of arguments utilized in initiating the process.
The Environment_Variable_List field specifies any environment variables associated with the process. This field imports and uses the EnvironmentVariableListType from the CybOX Common Types.
The Kernel_Time field specifies the duration of time that the process has executed in kernel mode.
The Port_List field is optional and specifies a list of ports owned by the process.
The Network_Connection_List field specifies information about any network connections opened or initiated by the process.
The Start_Time field specifies the local date/time at which the process was started.
The Status field specifies the current status of the process. Since this is an operating system specific Object property, this is defined here as an abstract type which is then used as a base type in any OS-specific extensions.
The Username field specifies the name of the user that created the process.
The User_Time field specifies the duration of time that the process has executed in user mode.
A description of features extracted from the memory image of this process.