observable:EventRecordFacet leaf node

core:Facet
- observable:EventRecordFacet

URI

https://ontology.unifiedcyberontology.org/uco/observable/EventRecordFacet

Label

EventRecordFacet

Description

An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events).

Superclasses (3)

core:Facet

core:UcoInherentCharacterizationThing

core:UcoThing

Shapes (1)

observable:EventRecordFacet

Usage

Instances of observable:EventRecordFacet can have the following properties:

PROPERTY	TYPE	DESCRIPTION	RANGE
From class owl:Thing
types:threadNextItem	owl:ObjectProperty	The link to a next item in a thread.	owl:Thing
types:threadPreviousItem	owl:ObjectProperty	A direct link to a previous item in a thread.	owl:Thing

Property Shapes

By the associated SHACL property shapes, instances of observable:EventRecordFacet can have the following properties:

PROPERTY	PROPERTY TYPE	DESCRIPTION	MAX COUNT	LOCAL RANGE (type range for property on this class)	GLOBAL RANGE (type range for property globally)
observable:EventRecordFacet
observable:account	owl:ObjectProperty	Specifies the account referenced in an event log entry or used to run the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381228(v=vs.85).aspx.	1	observable:ObservableObject	observable:ObservableObject
observable:application	owl:ObjectProperty	The application associated with this object.	1	observable:ObservableObject	observable:ObservableObject
observable:cyberAction	owl:ObjectProperty	The action taken in response to the event.	1	observable:ObservableAction	observable:ObservableAction
observable:endTime	owl:DatatypeProperty		1	xsd:dateTime	xsd:dateTime
			1	xsd:string	owl:Thing
observable:eventRecordDevice			1	observable:ObservableObject	owl:Thing
observable:eventRecordID	owl:DatatypeProperty	The identifier of the event record.	1	xsd:string	xsd:string
observable:eventRecordRaw	owl:DatatypeProperty	The complete raw content of the event record.	1	xsd:string	xsd:string
observable:eventRecordServiceName	owl:DatatypeProperty	The service that generated the event record. A single application can have multiple services generating event records.	1	xsd:string	xsd:string
observable:eventRecordText	owl:DatatypeProperty	The textual representation of the event.	1	xsd:string	xsd:string
observable:eventType	owl:DatatypeProperty	The type of the event, for example 'information', 'warning' or 'error'.	1	xsd:string	xsd:string
observable:observableCreatedTime	owl:DatatypeProperty	The date and time at which the observable object being characterized was created. This time pertains to an intrinsic characteristic of the observable object, and would be consistent across independent characterizations or observations of the observable object.	1	xsd:dateTime	xsd:dateTime
observable:startTime	owl:DatatypeProperty		1	xsd:dateTime	xsd:dateTime

Implementation

@prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

observable:EventRecordFacet a owl:Class,
        sh:NodeShape ;
    rdfs:label "EventRecordFacet"@en ;
    rdfs:comment "An event record facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events)."@en ;
    rdfs:subClassOf core:Facet ;
    sh:property [ sh:class observable:ObservableAction ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:cyberAction ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:account ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:application ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:eventRecordDevice ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:endTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:observableCreatedTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:startTime ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventID ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventRecordID ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventRecordRaw ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventRecordServiceName ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventRecordText ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventType ] ;
    sh:targetClass observable:EventRecordFacet .