https://ontology.unifiedcyberontology.org/uco/observable/EventRecordFacet
An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events).
Instances of observable:EventRecordFacet can have the following properties:
| PROPERTY | TYPE | DESCRIPTION | RANGE |
|---|---|---|---|
| From class owl:Thing | |||
| core:informalType | owl:DatatypeProperty | Informal Type serves as a parent property for string-valued properties meant to describe a type without implementing a class design. This property hierarchy supports a balancing point between semantic specificity and operational agility. The known benefits of describing types rather than implementing them include swift extensibility of some existing, or possibly non-existing, subclass hierarchy in UCO without requiring training in ontological development, taxonomic specification, or OWL, SHACL, or RDF maintenance logistics. The known detractions of using string-literals for type descriptions include that used vocabularies may require careful maintenance among data-sharing parties; that vocabularies require independent logistics (external to UCO) for providing definitions (i.e., dictionary-style semantics) to string-literals chosen; and that string-literals cannot by themselves encode hierarchical structure or entailments, such as the informal device type string 'ExamplePhone 8 P4321' entailing 'ExamplePhone 8', 'ExamplePhone', or 'ExamplePhone models discontinued in 2020'. Usage of Informal Type to house strings should be weighed against usage of classes when classes are available, and should periodically be reviewed for potential additions to UCO's class hierarchy or downstream extensions thereof. | owl:Thing |
| types:threadNextItem | owl:ObjectProperty | The link to a next item in a thread. | owl:Thing |
| types:threadPreviousItem | owl:ObjectProperty | A direct link to a previous item in a thread. | owl:Thing |
By the associated SHACL property shapes, instances of observable:EventRecordFacet can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
LOCAL RANGE |
GLOBAL RANGE |
|
|---|---|---|---|---|---|---|---|
| observable:EventRecordFacet | |||||||
| observable:account | owl:ObjectProperty |
Specifies the account referenced in an event log entry or used to run the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381228(v=vs.85).aspx.
|
1 |
observable:ObservableObject
|
observable:ObservableObject
|
||
| observable:application |
|
1 |
observable:ObservableObject
|
owl:Thing | |||
| observable:cyberAction |
|
1 |
observable:ObservableAction
|
owl:Thing | |||
| observable:endTime |
|
1 |
xsd:dateTime
|
owl:Thing | |||
|
|
1 |
xsd:string
|
owl:Thing | ||||
| observable:eventRecordDevice | owl:ObjectProperty |
The device on which the log entry was generated.
|
1 |
observable:ObservableObject
|
observable:ObservableObject
|
||
| observable:eventRecordID | owl:DatatypeProperty |
The identifier of the event record.
|
1 |
xsd:string
|
xsd:string
|
||
| observable:eventRecordRaw |
|
1 |
xsd:string
|
owl:Thing | |||
| observable:eventRecordServiceName | owl:DatatypeProperty |
The service that generated the event record. A single application can have multiple services generating event records.
|
1 |
xsd:string
|
xsd:string
|
||
| observable:eventRecordText |
|
1 |
xsd:string
|
owl:Thing | |||
| observable:eventType |
|
1 |
xsd:string
|
owl:Thing | |||
| observable:observableCreatedTime |
|
1 |
xsd:dateTime
|
owl:Thing | |||
| observable:startTime | owl:DatatypeProperty |
|
1 |
xsd:dateTime
|
xsd:dateTime
|
||
@prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
observable:EventRecordFacet a owl:Class,
sh:NodeShape ;
rdfs:label "EventRecordFacet"@en ;
rdfs:comment "An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events)."@en ;
rdfs:subClassOf core:Facet ;
sh:property [ sh:class observable:ObservableAction ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:cyberAction ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:account ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:application ],
[ sh:class observable:ObservableObject ;
sh:maxCount 1 ;
sh:nodeKind sh:IRI ;
sh:path observable:eventRecordDevice ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:endTime ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:observableCreatedTime ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:startTime ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventID ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordID ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordRaw ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordServiceName ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventRecordText ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:eventType ] ;
sh:targetClass observable:EventRecordFacet .