Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: process_state
Namespace: http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type: oval-def:StateType
Containing Schema: windows-definitions-schema.xsd
Abstract
Documentation:
The process_state element defines the different metadata associate with a Windows process. This includes the command line, pid, ppid, image path, and current directory. Please refer to the individual elements in the schema for more details about what each represents.
Collapse XSD Schema Diagram:
Drilldown into current_dir in schema windows-definitions-schema_xsd Drilldown into image_path in schema windows-definitions-schema_xsd Drilldown into priority in schema windows-definitions-schema_xsd Drilldown into ppid in schema windows-definitions-schema_xsd Drilldown into pid in schema windows-definitions-schema_xsd Drilldown into command_line in schema windows-definitions-schema_xsd Drilldown into notes in schema oval-definitions-schema_xsd Drilldown into Signature in schema xmldsig-core-schema_xsd Drilldown into deprecated in schema oval-definitions-schema_xsd Drilldown into comment in schema oval-definitions-schema_xsd Drilldown into operator in schema oval-definitions-schema_xsd Drilldown into version in schema oval-definitions-schema_xsd Drilldown into id in schema oval-definitions-schema_xsd Drilldown into StateType in schema oval-definitions-schema_xsdXSD Diagram of process_state in schema windows-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="process_state" substitutionGroup="oval-def:state">
    <xsd:annotation>
        <xsd:documentation>The process_state element defines the different metadata associate with a Windows process. This includes the command line, pid, ppid, image path, and current directory. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-def:StateType">
                <xsd:sequence>
                    <xsd:element name="command_line" type="oval-def:EntityStateStringType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processstecommand_line" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:process_state/win-def:command_line">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the command_line entity of a process_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="pid" type="oval-def:EntityStateIntType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The id given to the process that is created for a specified command line.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processstepid" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:port_state/win-def:pid">
                                        <sch:assert test="@datatype='int'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the pid entity of a port_state should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="ppid" type="oval-def:EntityStateIntType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The id given to the parent of the process that is created for the specified command line</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processsteppid" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:port_state/win-def:ppid">
                                        <sch:assert test="@datatype='int'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the ppid entity of a port_state should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="priority" type="oval-def:EntityStateStringType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The base priority of the process.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processstepriority" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:process_state/win-def:priority">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the priority entity of a process_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="image_path" type="oval-def:EntityStateStringType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The image_path entity contains the name of the executable file in question.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processsteimage_path" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:process_state/win-def:image_path">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the image_path entity of a process_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="current_dir" type="oval-def:EntityStateStringType" minOccurs="0">
                        <xsd:annotation>
                            <xsd:documentation>The current_directory entity represents the current path to the executable.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="processstecurrent_dir" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-def:process_state/win-def:current_dir">
                                        <sch:assert test="not(@datatype) or @datatype='string'">
                                            <sch:value-of select="../@id" /> - datatype attribute for the current_dir entity of a process_state should be 'string'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
Signature ds:Signature 0 1
notes oval-def:notes 0 1
command_line win-def:command_line 0 (1)
pid win-def:pid 0 (1)
ppid win-def:ppid 0 (1)
priority win-def:priority 0 (1)
image_path win-def:image_path 0 (1)
current_dir win-def:current_dir 0 (1)
Collapse Child Attributes:
Name Type Default Value Use
id oval-def:id Required
version oval-def:version Required
operator oval-def:operator AND Optional
comment oval-def:comment Optional
deprecated oval-def:deprecated false Optional
Collapse Derivation Tree:
Collapse References:
oval-def:state
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0