Class: Aws::GuardDuty::Types::RuntimeContext
- Inherits:
-
Struct
- Object
- Struct
- Aws::GuardDuty::Types::RuntimeContext
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-guardduty/types.rb
Overview
Additional information about the suspicious activity.
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#address_family ⇒ String
Represents the communication protocol associated with the address.
-
#file_system_type ⇒ String
Represents the type of mounted fileSystem.
-
#flags ⇒ Array<String>
Represents options that control the behavior of a runtime operation or action.
-
#iana_protocol_number ⇒ Integer
Specifies a particular protocol within the address family.
-
#ld_preload_value ⇒ String
The value of the LD_PRELOAD environment variable.
-
#library_path ⇒ String
The path to the new library that was loaded.
-
#memory_regions ⇒ Array<String>
Specifies the Region of a process’s address space such as stack and heap.
-
#modified_at ⇒ Time
The timestamp at which the process modified the current process.
-
#modifying_process ⇒ Types::ProcessDetails
Information about the process that modified the current process.
-
#module_file_path ⇒ String
The path to the module loaded into the kernel.
-
#module_name ⇒ String
The name of the module loaded into the kernel.
-
#module_sha_256 ⇒ String
The ‘SHA256` hash of the module.
-
#mount_source ⇒ String
The path on the host that is mounted by the container.
-
#mount_target ⇒ String
The path in the container that is mapped to the host directory.
-
#release_agent_path ⇒ String
The path in the container that modified the release agent file.
-
#runc_binary_path ⇒ String
The path to the leveraged ‘runc` implementation.
-
#script_path ⇒ String
The path to the script that was executed.
-
#shell_history_file_path ⇒ String
The path to the modified shell history file.
-
#socket_path ⇒ String
The path to the docket socket that was accessed.
-
#target_process ⇒ Types::ProcessDetails
Information about the process that had its memory overwritten by the current process.
Instance Attribute Details
#address_family ⇒ String
Represents the communication protocol associated with the address. For example, the address family ‘AF_INET` is used for IP version of 4 protocol.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#file_system_type ⇒ String
Represents the type of mounted fileSystem.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#flags ⇒ Array<String>
Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#iana_protocol_number ⇒ Integer
Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family ‘AF_INET` only has the IP protocol.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#ld_preload_value ⇒ String
The value of the LD_PRELOAD environment variable.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#library_path ⇒ String
The path to the new library that was loaded.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#memory_regions ⇒ Array<String>
Specifies the Region of a process’s address space such as stack and heap.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#modified_at ⇒ Time
The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#modifying_process ⇒ Types::ProcessDetails
Information about the process that modified the current process. This is available for multiple finding types.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#module_file_path ⇒ String
The path to the module loaded into the kernel.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#module_name ⇒ String
The name of the module loaded into the kernel.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#module_sha_256 ⇒ String
The ‘SHA256` hash of the module.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#mount_source ⇒ String
The path on the host that is mounted by the container.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#mount_target ⇒ String
The path in the container that is mapped to the host directory.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#release_agent_path ⇒ String
The path in the container that modified the release agent file.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#runc_binary_path ⇒ String
The path to the leveraged ‘runc` implementation.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#script_path ⇒ String
The path to the script that was executed.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#shell_history_file_path ⇒ String
The path to the modified shell history file.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#socket_path ⇒ String
The path to the docket socket that was accessed.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |
#target_process ⇒ Types::ProcessDetails
Information about the process that had its memory overwritten by the current process.
6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 6020 6021 6022 6023 6024 6025 6026 6027 6028 6029 6030 6031 6032 6033 |
# File 'lib/aws-sdk-guardduty/types.rb', line 6010 class RuntimeContext < Struct.new( :modifying_process, :modified_at, :script_path, :library_path, :ld_preload_value, :socket_path, :runc_binary_path, :release_agent_path, :mount_source, :mount_target, :file_system_type, :flags, :module_name, :module_file_path, :module_sha_256, :shell_history_file_path, :target_process, :address_family, :iana_protocol_number, :memory_regions) SENSITIVE = [] include Aws::Structure end |