選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

RuntimeContext - Amazon GuardDuty
此頁面尚未翻譯為您的語言。 請求翻譯

RuntimeContext

Additional information about the suspicious activity.

Contents

addressFamily

Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

Type: String

Required: No

commandLineExample

Example of the command line involved in the suspicious activity.

Type: String

Required: No

fileSystemType

Represents the type of mounted fileSystem.

Type: String

Required: No

flags

Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

Type: Array of strings

Required: No

ianaProtocolNumber

Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

Type: Integer

Required: No

ldPreloadValue

The value of the LD_PRELOAD environment variable.

Type: String

Required: No

libraryPath

The path to the new library that was loaded.

Type: String

Required: No

memoryRegions

Specifies the Region of a process's address space such as stack and heap.

Type: Array of strings

Required: No

modifiedAt

The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

Type: Timestamp

Required: No

modifyingProcess

Information about the process that modified the current process. This is available for multiple finding types.

Type: ProcessDetails object

Required: No

moduleFilePath

The path to the module loaded into the kernel.

Type: String

Required: No

moduleName

The name of the module loaded into the kernel.

Type: String

Required: No

moduleSha256

The SHA256 hash of the module.

Type: String

Required: No

mountSource

The path on the host that is mounted by the container.

Type: String

Required: No

mountTarget

The path in the container that is mapped to the host directory.

Type: String

Required: No

releaseAgentPath

The path in the container that modified the release agent file.

Type: String

Required: No

runcBinaryPath

The path to the leveraged runc implementation.

Type: String

Required: No

scriptPath

The path to the script that was executed.

Type: String

Required: No

serviceName

Name of the security service that has been potentially disabled.

Type: String

Required: No

shellHistoryFilePath

The path to the modified shell history file.

Type: String

Required: No

socketPath

The path to the docket socket that was accessed.

Type: String

Required: No

targetProcess

Information about the process that had its memory overwritten by the current process.

Type: ProcessDetails object

Required: No

threatFilePath

The suspicious file path for which the threat intelligence details were found.

Type: String

Required: No

toolCategory

Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

Type: String

Required: No

toolName

Name of the potentially suspicious tool.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

下一個主題:

RuntimeDetails

上一個主題:

ResourceV2
隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。