Skip to content

Registry Value

The registry value object describes a Windows registry value.

Attributes

Section titled “Attributes”

name

  • Type: string_t
  • Requirement: required

The name of the registry value.

path

  • Type: string_t
  • Requirement: required

The full path to the registry key, where the value is located.

type_id

  • Type: integer_t
  • Requirement: recommended
  • Values:
    • 0 - Unknown: The type is unknown.
    • 1 - REG_BINARY
    • 2 - REG_DWORD
    • 3 - REG_DWORD_BIG_ENDIAN
    • 4 - REG_EXPAND_SZ
    • 5 - REG_LINK
    • 6 - REG_MULTI_SZ
    • 7 - REG_NONE
    • 8 - REG_QWORD
    • 9 - REG_QWORD_LITTLE_ENDIAN
    • 10 - REG_SZ
    • 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The value type ID.

data

  • Type: json_t
  • Requirement: optional

The data of the registry value.

is_default

  • Type: boolean_t
  • Requirement: optional

The indication of whether the value is from a default value name. For example, the value name could be missing.

is_system

  • Type: boolean_t
  • Requirement: optional

The indication of whether the object is part of the operating system.

modified_time

  • Type: timestamp_t
  • Requirement: optional

The time when the registry value was last modified.

modified_time_dt

  • Type: datetime_t
  • Requirement: optional

The time when the registry value was last modified.

type

  • Type: string_t
  • Requirement: optional

A string representation of the value type as specified in Registry Value Types.

Used By

Section titled “Used By”