https://ontology.unifiedcyberontology.org/uco/observable/EventRecordFacet
An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events).
Instances of observable:EventRecordFacet can have the following properties:
| PROPERTY | TYPE | DESCRIPTION | RANGE |
|---|---|---|---|
| From class owl:Thing | |||
| types:threadNextItem | owl:ObjectProperty | The link to a next item in a thread. | owl:Thing |
| types:threadPreviousItem | owl:ObjectProperty | A direct link to a previous item in a thread. | owl:Thing |
By the associated SHACL property shapes, instances of observable:EventRecordFacet can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
LOCAL RANGE |
GLOBAL RANGE |
|
|---|---|---|---|---|---|---|---|
| observable:EventRecordFacet | |||||||
| observable:account | owl:ObjectProperty |
Specifies the account referenced in an event log entry or used to run the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381228(v=vs.85).aspx.
|
1 |
observable:ObservableObject
|
observable:ObservableObject
|
||
| observable:application | owl:ObjectProperty |
The application associated with this object.
|
1 |
observable:ObservableObject
|
observable:ObservableObject
|
||
| observable:cyberAction | owl:ObjectProperty |
The action taken in response to the event.
|
1 |
observable:ObservableAction
|
observable:ObservableAction
|
||
| observable:endTime | owl:DatatypeProperty |
|
1 |
xsd:dateTime
|
xsd:dateTime
|
||
|
|
1 |
xsd:string
|
owl:Thing | ||||
| observable:eventRecordDevice | owl:ObjectProperty |
The device on which the log entry was generated.
|
1 |
observable:ObservableObject
|
observable:ObservableObject
|
||
| observable:eventRecordID | owl:DatatypeProperty |
The identifier of the event record.
|
1 |
xsd:string
|
xsd:string
|
||
| observable:eventRecordRaw | owl:DatatypeProperty |
The complete raw content of the event record.
|
1 |
xsd:string
|
xsd:string
|
||
| observable:eventRecordServiceName |
|
1 |
xsd:string
|
owl:Thing | |||
| observable:eventRecordText |
|
1 |
xsd:string
|
owl:Thing | |||
| observable:eventType | owl:DatatypeProperty |
The type of the event, for example 'information', 'warning' or 'error'.
|
1 |
xsd:string
|
xsd:string
|
||
| observable:observableCreatedTime |
|
1 |
xsd:dateTime
|
owl:Thing | |||
| observable:startTime | owl:DatatypeProperty |
|
1 |
xsd:dateTime
|
xsd:dateTime
|
||
@prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
observable:EventRecordFacet a owl:Class,
sh:NodeShape ;
rdfs:label "EventRecordFacet"@en ;
rdfs:comment "An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events)."@en ;
rdfs:subClassOf core:Facet ;
sh:property [ sh:class observable:ObservableAction ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:cyberAction ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:account ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:application ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:eventRecordDevice ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:endTime ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:observableCreatedTime ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:startTime ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventID ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordID ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordRaw ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordServiceName ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordText ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventType ] ;
sh:targetClass observable:EventRecordFacet .