1. Home
  2. Entities
  3. Classes
  4. observable:WindowsTaskFacet

observable:WindowsTaskFacet leaf node

URI

https://ontology.unifiedcyberontology.org/uco/observable/WindowsTaskFacet

Label

WindowsTaskFacet

Description

A Windows Task facet is a grouping of characteristics unique to a Windows Task (a process that is scheduled to execute on a Windows operating system by the Windows Task Scheduler). [based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa381311(v=vs.85).aspx]

Superclasses (3)

  • core:Facet
  • core:UcoInherentCharacterizationThing
  • core:UcoThing

    • Shapes (1)

  • observable:WindowsTaskFacet

    • Usage

    Instances of observable:WindowsTaskFacet can have the following properties:

    PROPERTYTYPEDESCRIPTIONRANGE
    From class owl:Thing
    core:informalType owl:DatatypeProperty Informal Type serves as a parent property for string-valued properties meant to describe a type without implementing a class design. This property hierarchy supports a balancing point between semantic specificity and operational agility. The known benefits of describing types rather than implementing them include swift extensibility of some existing, or possibly non-existing, subclass hierarchy in UCO without requiring training in ontological development, taxonomic specification, or OWL, SHACL, or RDF maintenance logistics. The known detractions of using string-literals for type descriptions include that used vocabularies may require careful maintenance among data-sharing parties; that vocabularies require independent logistics (external to UCO) for providing definitions (i.e., dictionary-style semantics) to string-literals chosen; and that string-literals cannot by themselves encode hierarchical structure or entailments, such as the informal device type string 'ExamplePhone 8 P4321' entailing 'ExamplePhone 8', 'ExamplePhone', or 'ExamplePhone models discontinued in 2020'. Usage of Informal Type to house strings should be weighed against usage of classes when classes are available, and should periodically be reviewed for potential additions to UCO's class hierarchy or downstream extensions thereof. owl:Thing
    types:threadNextItem owl:ObjectProperty The link to a next item in a thread. owl:Thing
    types:threadPreviousItem owl:ObjectProperty A direct link to a previous item in a thread. owl:Thing

    Property Shapes

    By the associated SHACL property shapes, instances of observable:WindowsTaskFacet can have the following properties:

    PROPERTY

    PROPERTY TYPE

    DESCRIPTION

    MIN COUNT

    MAX COUNT

    LOCAL RANGE
    (type range for property on this class)

    GLOBAL RANGE
    (type range for property globally)
    observable:WindowsTaskFacet
    observable:account owl:ObjectProperty Specifies the account referenced in an event log entry or used to run the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381228(v=vs.85).aspx.
    		1 observable:ObservableObject
    		observable:ObservableObject
    observable:accountLogonType owl:DatatypeProperty Specifies the security logon method required to run the tasks associated with the account. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383013(v=vs.85).aspx.
    		1 xsd:string
    		xsd:string
    observable:accountRunLevel owl:DatatypeProperty Specifies the permission level of the account that the task will be run at.
    		1 xsd:string
    		xsd:string
    observable:actionList owl:ObjectProperty Specifies a list of actions to be performed by the scheduled task.
    		observable:TaskActionType
    		observable:TaskActionType
    observable:application owl:ObjectProperty The application associated with this object.
    		1 observable:ObservableObject
    		observable:ObservableObject
    observable:exitCode owl:DatatypeProperty Specifies the last exit code of the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381245(v=vs.85).aspx.
    		1 xsd:integer
    		xsd:integer
    observable:flags owl:DatatypeProperty Specifies any flags that modify the behavior of the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381248(v=vs.85).aspx.
    		xsd:string
    		owl:Thing
    observable:imageName owl:DatatypeProperty Specifies the image name for the task.
    		1 xsd:string
    		xsd:string
    observable:maxRunTime owl:DatatypeProperty Specifies the maximum run time of the scheduled task before terminating, in milliseconds. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381874(v=vs.85).aspx.
    		1 xsd:integer
    		xsd:integer
    observable:mostRecentRunTime owl:DatatypeProperty Specifies the most recent run date/time of this scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381254(v=vs.85).aspx.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:nextRunTime owl:DatatypeProperty Specifies the next run date/time of the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381257(v=vs.85).aspx.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:observableCreatedTime owl:DatatypeProperty The date and time at which the observable object being characterized was created. This time pertains to an intrinsic characteristic of the observable object, and would be consistent across independent characterizations or observations of the observable object.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:parameters owl:DatatypeProperty Specifies the command line parameters used to launch the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381875(v=vs.85).aspx.
    		1 xsd:string
    		xsd:string
    observable:priority owl:DatatypeProperty The priority of the email.
    		1 owl:Thing
    observable:status owl:DatatypeProperty Specifies a list of statuses for a given Whois entry.
    		1 xsd:string
    		owl:Thing
    observable:taskComment owl:DatatypeProperty Specifies a comment for the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381232(v=vs.85).aspx.
    		1 xsd:string
    		xsd:string
    observable:taskCreator owl:DatatypeProperty Specifies the name of the creator of the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381235(v=vs.85).aspx.
    		1 xsd:string
    		xsd:string
    observable:triggerList owl:ObjectProperty Specifies a set of triggers used by the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383264(v=vs.85).aspx.
    		observable:TriggerType
    		observable:TriggerType
    observable:workItemData owl:ObjectProperty Specifies application defined data associated with the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381271(v=vs.85).aspx.
    		1 observable:ObservableObject
    		observable:ObservableObject
    observable:workingDirectory owl:ObjectProperty Specifies the working directory for the scheduled task. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/aa381878(v=vs.85).aspx.
    		1 observable:ObservableObject
    		observable:ObservableObject

    Implementation

    @prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

observable:WindowsTaskFacet a owl:Class,
        sh:NodeShape ;
    rdfs:label "WindowsTaskFacet"@en ;
    rdfs:comment "A Windows Task facet is a grouping of characteristics unique to a Windows Task (a process that is scheduled to execute on a Windows operating system by the Windows Task Scheduler). [based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa381311(v=vs.85).aspx]"@en ;
    rdfs:subClassOf core:Facet ;
    sh:property [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:account ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:application ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:workItemData ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:nodeKind sh:IRI ;
            sh:path observable:workingDirectory ],
        [ sh:class observable:TaskActionType ;
            sh:nodeKind sh:IRI ;
            sh:path observable:actionList ],
        [ sh:class observable:TriggerType ;
            sh:nodeKind sh:IRI ;
            sh:path observable:triggerList ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mostRecentRunTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:nextRunTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:observableCreatedTime ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:exitCode ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:maxRunTime ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:accountLogonType ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:accountRunLevel ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:imageName ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:parameters ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:taskComment ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:taskCreator ],
        [ sh:datatype xsd:string ;
            sh:message "As of UCO 1.4.0, the datatype to use for observable:flags should be xsd:string.  Not using xsd:string will be an error in UCO 2.0.0." ;
            sh:path observable:flags ;
            sh:severity sh:Warning ],
        [ sh:datatype xsd:string ;
            sh:message "As of UCO 1.4.0, the datatype to use for observable:status should be xsd:string.  Not using xsd:string will be an error in UCO 2.0.0." ;
            sh:path observable:status ;
            sh:severity sh:Warning ],
        [ sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:priority ],
        [ sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:status ],
        [ sh:message "As of UCO 1.4.0, the datatype to use for observable:priority should be xsd:string or xsd:integer.  Not using xsd:string or xsd:integer will be an error in UCO 2.0.0." ;
            sh:or ( [ sh:datatype xsd:integer ] [ sh:datatype xsd:string ] ) ;
            sh:path observable:priority ;
            sh:severity sh:Warning ],
        [ sh:nodeKind sh:Literal ;
            sh:path observable:flags ],
        observable:WindowsTaskFacet-flags-in-shape,
        observable:WindowsTaskFacet-priority-in-shape,
        observable:WindowsTaskFacet-status-in-shape ;
    sh:targetClass observable:WindowsTaskFacet .