Class: Aws::GuardDuty::Types::RuntimeContext

Inherits:

Struct

• Object
• Struct
• Aws::GuardDuty::Types::RuntimeContext

Includes:

Structure

Defined in:

lib/aws-sdk-guardduty/types.rb

Overview

Additional information about the suspicious activity.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #address_family ⇒ String

  Represents the communication protocol associated with the address.

• #file_system_type ⇒ String

  Represents the type of mounted fileSystem.

• #flags ⇒ Array<String>

  Represents options that control the behavior of a runtime operation or action.

• #iana_protocol_number ⇒ Integer

  Specifies a particular protocol within the address family.

• #ld_preload_value ⇒ String

  The value of the LD_PRELOAD environment variable.

• #library_path ⇒ String

  The path to the new library that was loaded.

• #memory_regions ⇒ Array<String>

  Specifies the Region of a process’s address space such as stack and heap.

• #modified_at ⇒ Time

  The timestamp at which the process modified the current process.

• #modifying_process ⇒ Types::ProcessDetails

  Information about the process that modified the current process.

• #module_file_path ⇒ String

  The path to the module loaded into the kernel.

• #module_name ⇒ String

  The name of the module loaded into the kernel.

• #module_sha_256 ⇒ String

  The ‘SHA256` hash of the module.

• #mount_source ⇒ String

  The path on the host that is mounted by the container.

• #mount_target ⇒ String

  The path in the container that is mapped to the host directory.

• #release_agent_path ⇒ String

  The path in the container that modified the release agent file.

• #runc_binary_path ⇒ String

  The path to the leveraged ‘runc` implementation.

• #script_path ⇒ String

  The path to the script that was executed.

• #shell_history_file_path ⇒ String

  The path to the modified shell history file.

• #socket_path ⇒ String

  The path to the docket socket that was accessed.

• #target_process ⇒ Types::ProcessDetails

  Information about the process that had its memory overwritten by the current process.

Instance Attribute Details

#address_family ⇒ String

Represents the communication protocol associated with the address. For example, the address family ‘AF_INET` is used for IP version of 4 protocol.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#file_system_type ⇒ String

Represents the type of mounted fileSystem.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#flags ⇒ Array<String>

Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#iana_protocol_number ⇒ Integer

Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family ‘AF_INET` only has the IP protocol.

Returns:

• (Integer)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#ld_preload_value ⇒ String

The value of the LD_PRELOAD environment variable.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#library_path ⇒ String

The path to the new library that was loaded.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#memory_regions ⇒ Array<String>

Specifies the Region of a process’s address space such as stack and heap.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#modified_at ⇒ Time

The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

Returns:

• (Time)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#modifying_process ⇒ Types::ProcessDetails

Information about the process that modified the current process. This is available for multiple finding types.

Returns:

• (Types::ProcessDetails)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#module_file_path ⇒ String

The path to the module loaded into the kernel.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#module_name ⇒ String

The name of the module loaded into the kernel.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#module_sha_256 ⇒ String

The ‘SHA256` hash of the module.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#mount_source ⇒ String

The path on the host that is mounted by the container.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#mount_target ⇒ String

The path in the container that is mapped to the host directory.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#release_agent_path ⇒ String

The path in the container that modified the release agent file.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#runc_binary_path ⇒ String

The path to the leveraged ‘runc` implementation.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#script_path ⇒ String

The path to the script that was executed.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#shell_history_file_path ⇒ String

The path to the modified shell history file.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#socket_path ⇒ String

The path to the docket socket that was accessed.

Returns:

• (String)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end

#target_process ⇒ Types::ProcessDetails

Information about the process that had its memory overwritten by the current process.

Returns:

• (Types::ProcessDetails)

# File 'lib/aws-sdk-guardduty/types.rb', line 6010

class RuntimeContext < Struct.new(
  :modifying_process,
  :modified_at,
  :script_path,
  :library_path,
  :ld_preload_value,
  :socket_path,
  :runc_binary_path,
  :release_agent_path,
  :mount_source,
  :mount_target,
  :file_system_type,
  :flags,
  :module_name,
  :module_file_path,
  :module_sha_256,
  :shell_history_file_path,
  :target_process,
  :address_family,
  :iana_protocol_number,
  :memory_regions)
  SENSITIVE = []
  include Aws::Structure
end