RuntimeContext
Additional information about the suspicious activity.
Contents
- addressFamily
-
Represents the communication protocol associated with the address. For example, the address family
AF_INETis used for IP version of 4 protocol.Type: String
Required: No
- commandLineExample
-
Example of the command line involved in the suspicious activity.
Type: String
Required: No
- fileSystemType
-
Represents the type of mounted fileSystem.
Type: String
Required: No
- flags
-
Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
Type: Array of strings
Required: No
- ianaProtocolNumber
-
Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family
AF_INETonly has the IP protocol.Type: Integer
Required: No
- ldPreloadValue
-
The value of the LD_PRELOAD environment variable.
Type: String
Required: No
- libraryPath
-
The path to the new library that was loaded.
Type: String
Required: No
- memoryRegions
-
Specifies the Region of a process's address space such as stack and heap.
Type: Array of strings
Required: No
- modifiedAt
-
The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
Type: Timestamp
Required: No
- modifyingProcess
-
Information about the process that modified the current process. This is available for multiple finding types.
Type: ProcessDetails object
Required: No
- moduleFilePath
-
The path to the module loaded into the kernel.
Type: String
Required: No
- moduleName
-
The name of the module loaded into the kernel.
Type: String
Required: No
- moduleSha256
-
The
SHA256hash of the module.Type: String
Required: No
- mountSource
-
The path on the host that is mounted by the container.
Type: String
Required: No
- mountTarget
-
The path in the container that is mapped to the host directory.
Type: String
Required: No
- releaseAgentPath
-
The path in the container that modified the release agent file.
Type: String
Required: No
- runcBinaryPath
-
The path to the leveraged
runcimplementation.Type: String
Required: No
- scriptPath
-
The path to the script that was executed.
Type: String
Required: No
- serviceName
-
Name of the security service that has been potentially disabled.
Type: String
Required: No
- shellHistoryFilePath
-
The path to the modified shell history file.
Type: String
Required: No
- socketPath
-
The path to the docket socket that was accessed.
Type: String
Required: No
- targetProcess
-
Information about the process that had its memory overwritten by the current process.
Type: ProcessDetails object
Required: No
- threatFilePath
-
The suspicious file path for which the threat intelligence details were found.
Type: String
Required: No
- toolCategory
-
Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
Type: String
Required: No
- toolName
-
Name of the potentially suspicious tool.
Type: String
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
