Why some os types under os.product and not os.family?

[agentzex]

I couldn't find any explanation for the fingerprints parameters names, so I'm raising this here. In the below example, why is "VxWorks" which is a type of OS is under os.product while other fingerprints have their OS type under os.family? shouldn't this be under os.family as well? What is the logic behind putting these values under these parameters names? If I'll have to make a guess VxWorks OS family would be something like RTOS (which will include other OS in this family like FreeRTOS and ThreadX)

`

VxWorks with version information

<example os.version="6.9.0">IPSSH-6.9.0</example>
<param pos="0" name="os.vendor" value="Wind River"/>
<param pos="0" name="os.product" value="VxWorks"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>

*`

[hdm]

The current use of os.family refers to the larger group of that specific OS, not the general category of OS. For example, vendor-specific Linux firmware may be called something like "EdgeOS" but the OS family is "Linux".

Feel free to build your own mapping layer on top of Recog to create additional classifications as needed.

[agentzex]

Thank you for replying. Can you please explain then, why some fingerprints has os.product without os.family ? based on your answer this seems the correct way to be. For instance , in the example I gave , AFAIK VxWorks isn't based on other OS so shouldn't it have it's own 'family' ? thanks

[hdm]

Not every OS needs a family, whether it has one or not has more to do with historical mapping. For VxWorks in particular, there is no family because the only OS in the family is VxWorks. If VxWorks has multiple per-vendor variants, family would make sense.

[hdm]

One way to think about this is that for OS definitions without a family, the family is the OS.